It's almost always a bad idea to write more than a few lines of code, assume they work as intended, and move on to a separate task. Even after the change compiles successfully, and even after code reviews, there's always the chance that some underlying assumption turns out to be wrong, yielding unexpected results in edge cases. Once such a bug is introduced, it might linger for long periods of time if that section of code isn't in frequent use.
Read MoreA novel side-channel information leakage attack was made public this week which leverages the speculative execution features inherent within most modern processors, including those from Intel, AMD, and ARM. Several instantiations of this attack, known as Meltdown and Spectre, have been detailed by the Google Project Zero team. These vulnerabilities enable an attacker with local execution context to potentially infer (but not modify) the contents of memory across security boundaries which they would otherwise not be able to access. In particular, an attacker with user-level execution capabilities can utilize these attacks to access memory in other processes, the OS kernel, virtual machines, and hypervisor memory. Mitigations to the attacks are currently being implemented within multiple operating systems, including Star Lab’s Crucible product suite.
Read More