A bit less FUD please El Reg
How is this any worse than a zero day in any of the VM hypervisors? Lets have a sense of perspective please.
They basically say that organisations have to do everything within their power to protect against any flaws that they reasonably should have known existed.
The above is mostly bollocks - every regulation that I have come across has a "reasonableness test" ie it wasn't reasonable to expect us to replace all our servers.
Lets look at whats needed to actually weaponise Spectre.
1. Develop exploit code.
2. Deploy exploit code.
3. Actually find something worth stealing in several Gigs worth of randomly addressed memory per server whilst all the while trying not to get caught.
Points 2 & 3 essentially mean that the biggest risk is either a bulk attack that will quickly be spotted and closed out AND which also requires another exploit to plant a lurker on a significant set of kit. OR a targeted attack on a known juicy target ala NSA and GCHQ.
Either of which is only med risk IMO.
There are bigger risks to worry about.
Biting the hand that feeds IT
