Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A new technique to pick locks is discovered. Does that mean all locks are defective?


When the Kaba Simplex (a commercial door lock) was discovered to be easily bypassed by holding a magnet near it, yes, it was in fact a design defect and the company had to correct it by giving repair kits out to purchasers.


Intel and others did give out a repair kit; they give you the option of disabling hyperthreading and a whole host of other optimizations. Those optimizations are both what provides this new side-channel of attack, and an immense speedup when they're enabled. You can't have one without the other.


Except they didn't advertise that way. They advertised the hyperthreaded performance, without disclosing its security implications.


You're asking for something impossible.

Lock manufacturers can't advertise that their locks are hardened against specific yet-to-be-discovered attacks.

Intel can't advertise that their CPUs are hardened against specific yet-to-be-discovered attacks.

They can only provide mitigations after the fact.


Yet they are still advertising the number of threads without any mention of the vulnerabilities involved, well after those vulnerabilities have been disclosed. It's deceptive advertising at best.


Except lock buyers still go the door lock and in case of intel you lost threads.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: