+1 607 252-6647 Email Questions

Meltdown, Spectre, and the Costs of Unchecked Innovation

  • Published in News
  • Hits: 247

When the blockbuster twin security exploits[1] known as Meltdown and Spectre appeared in early 2018, Mozilla was among the first to respond, retroactively changing several behaviors of Firefox[2] to help prevent them.

Both attacks rely on using high-speed timing measurements to detect sensitive information, so somewhat counterintuitively, the patches had to decrease the speed of seemingly mundane computations. The first change was to slow down the performance API[3] for web browsers, which had previously been able to analyze the behavior of a page at speeds fast enough to be used in an attack; the second change removed SharedArrayBuffer, a new kind of data structure atop which similar timers could be trivially rebuilt. Similar changes were also soon also implemented by Microsoft[4] for Internet Explorer and Edge browsers and also by WebKit[5], a tool for viewing the web that is used to build Safari, Mobile Safari, Android Browser, and the dedicated browsers embedded on many other devices. As of this writing, SharedArrayBuffer is now disabled in all major browsers.

The speed and power of our computers until now has always been a lie, built atop a foundation that must now be undone.

Backpedaling on established features of the internet was necessary, but also strange and unexpected. The web is, among other things, a decentralized specification: It is an agreement about how to build things, and then also how to run the things that have been built. In order for a new feature to meaningfully exist on the web, developers and browsers and standards bodies must all first come to an understanding about how it will work. Once you add something to that agreement, you can't remove it, because you have no idea what problems might arise,

Read more from our friends at Wired.com

Contact us

By Mail

PO Box 5613

Katy, TX 77491

USA

Social: twitter facebook

Phone: +1 607 252-6647

Fax: +1 866 573-1096

Email: info [AT] synapticweb [DOT] co