AI summary:
The article discusses two new side-channel speculative execution attacks targeting Apple silicon, named SLAP and FLOP. These attacks were presented by security researchers from the Georgia Institute of Technology and Ruhr University Bochum.
- SLAP (Data Speculation Attacks via Load Address Prediction): Exploits Apple Silicon’s Load Address Predictor, potentially leaking information like emails and browsing history.
- FLOP (False Load Output Predictions): Exploits Apple Silicon’s Load Value Predictor, potentially leaking sensitive data like credit card information and location history.
Apple has acknowledged these vulnerabilities but stated they do not pose an immediate risk to users. The researchers have not observed these attacks in the wild yet. Users can mitigate risks by disabling JavaScript in Safari, though this may cause compatibility issues with websites
I don’t know if mac has something similar, but you can run a command on linux to list all the CPU vuln mitigations applied, and its hilarious to see on something old like a skylake or haswell with the amount of patches that have dropped since release.
Oh no! We can’t live without overengineered pieces of silicon made via processes more complex than anything in history, with enormous computing power being used to display our porn and cat pics. We need more performance! And we need even more complex CPUs.
Everyone is different. I could live with things from year 2005. Except they were expensive and not everyone had them. I would want people to have necessities and simple, sturdy, cheap, weak tech to fulfill their needs and nothing more. Not lack some things and have far too powerful tools for other things.
i had to double check. yes. it is a SLAP with a silent d and a. what a great name.
Another day, another speculative execution attack
Me: Reads headline.
Also me: I have no idea what this headline is supposed to be warning me of. Of COARSE you’d get slapped if you went up to someone and flopped out your apples.
You know you can click that headline and read the article for more information. You don’t have to live in ignorance.
When modern CPUs execute instructions, they try to make a best guess as to what the next instruction or data it needs will be while it’s still executing the first, to speed things up so it doesn’t have to wait until the entire instruction execution cycle is complete to start retrieving the next one from memory. These exploits force it to guess wrong, potentially pulling sensitive data out of memory and making it accessible to processes which usually can’t access it.
You will be slapped with a floppy
3.5 inch or 5.25 inch?
8 inch
*ba-dum. tisshh*
Disabling JavaScript is a bold ask.
I have a better proposal: let’s disable JavaScript in it’s entirety so it wouldn’t require 8 gb ram and a 2 gHz multicore cpu on my mobile device that runs on battery, to send a simple ‘hello’ to my friends.
uMatrix makes this easy. Made by the creator of uBlock Origin.
uMatrix isn’t maintained anymore, but you can actually do this directly in uBO now!
https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-scripting
Oh wow. Yeah, it hasn’t been updated for 6 years. Damn, I didn’t realize how long I’ve been using it.
Didn’t use to be.
