I wonder how many years intelligence agencies have been using spectre?
Something to think about.
I wonder how many years our and their intelligence agencies have been using spectre?
Is it just years? Is it decades?
Did they know even before day one of device production?
And if not for "White Hat Hackers", I wonder how many more years would have gone by where only intelligence agencies (and maybe a few chip maker employees) knew about Spectre?
The bug was there for over a decade and no free-enterprise criminal figured it out.
There is a near endless supply of *obscure* bugs and *obscure* vulnerabilities that have been out there for years and decades that no free-enterprise criminal has figured out yet.
And none of them will be an issue until some PhD candidate or Google employee does a paper revealing them.
Security by obscurity: It isn't only Apple customers who rely on that. We ALL do -- even the NSA, GCHQ, Mossad, 3PLA, and FSB.
(The word "obscure" as used in "obscure bugs and obscure vulnerabilities" is important to my meaning. Of course vulnerabilities a criminal could realistically discover and utilize should be revealed. Vulnerabilities that have existed for decades undiscovered -- how likely is it that with so many other easier vulnerabilities to find and use they'd have invested the time and effort into this?)
I'm not sure the answer. Where do we draw the line at "realistically discover"?
And what new vulnerabilities are introduced by hasty fixes? (And in this case "hasty fixes" being fixed down with less than 2 years lead time.)
And even fully considered and tested fixes, the added complexity they'll create, will those introduce new vulnerabilities?
I don't know what to think, other than that there is no way to have complete security on a connected computer.