Spectre

Want to see if your PC is susceptible to the Spectre attack?

Here's a little C program (compiler not included).

With minor tweaking I got it to compile with VS2008. And... yes, my i7-3770 (Win 7) is vulnerable.

Sweet.

7 thoughts on “Spectre

    1. cleek Post author

      no, they can’t do it with a recall. it’ll take months (years? ) to get the fix into the next round of CPUs. and there’s no way to replace the millions and millions of CPUs already out there. they’ll update OS’s to work around the bugs.

      1. joel hanes

        they’ll update OS’s

        to turn off speculative execution

        which will reduce performance by some amount, depending on what you do

        as nearly as I can tell, the ultimate fix might involve doing full address-protection checks on all fetch addresses before the fetch occurs. I’m not a good enough CPU architect to be able to predict if speculative execution will still be advantageous with all that added – making it go fast seems to me to involve large amounts of additional logic.

        So one outcome might be that all the speculative execution complications melt right out of the processor designs, and they consequently get much smaller and simpler, but slower.

  1. Ugh

    And I, of course, bought a new computer in November.

    I was reading that there wasn’t much out there in terms of exploits though… yet.

    1. cleek Post author

      no, nothing yet. even thought that little C program demonstrates the problem, the real world is much more complicated than a little sandboxed proof-of-concept.

Comments are closed.