←back to thread

Intel x86 considered harmful – survey of attacks against x86 over last 10 years

(blog.invisiblethings.org)
276 points chei0aiV | 1 comments | 27 Oct 15 14:51 UTC | HN request time: 0.283s | source
Show context
jbob2000 ◴[27 Oct 15 15:15 UTC] No.10458486[source]
So I read the blog post and skimmed the PDF and I'm left with some questions. IF these security issues have been present for 10 years, but there hasn't been any widespread malicious action on them, are they really issues?

To create an analogy, my car doesn't have bullet proof glass, someone could easily shoot it up and i'd be dead. But nobody really goes around shooting up cars, so is it an issue?

replies(6): >>10458619 #>>10458631 #>>10458642 #>>10458718 #>>10458809 #>>10460889 #
1. wsxcde ◴[27 Oct 15 15:43 UTC] No.10458718[source]
The short answer is that there is a plethora of software level issues that are much easier to exploit, so people don't bother with hardware bugs.

Does this mean we should stop worrying about hardware bugs? I don't know the answer to this question. A principal engineer in the group that does Intel's hardware security validating and pentesting told me that they felt their job was to maintain the status quo of hardware bugs being harder to exploit than software bugs. More security than this is probably not justified from a risk vs cost analysis perspective; while less security than will probably break a lot of assumptions that people designing software make.