So after the Meltdown/Spectre fiasco, here comes the new Zombieload/Fallout/RIDL which apparently much more easy to exploit.
Zombieload Flaw Lets Hackers Crack Almost Every Intel Chip Back to 2011.
While Intel classified the threat as “medium,” security researchers have said Zombieload is far more serious. The vulnerability affects almost every Intel computer chip since 2011 and highlights how hackers could become savvier at targeting the security holes in Intel’s computer chips.
“On a scale of 1 to 10, this is ’10’ serious,” says Robert Siciliano, CEO of security awareness training firm Safr.me.
The Zombieload attack takes advantage of a design flaw in most Intel chips, allowing hackers to grab any data that was recently been accessed by the processor. The attack’s name is a reference to “zombie load,” which is when a computer processor can’t properly process a load of data and needs to ask for help in order to prevent a crash.
http://fortune.com/2019/05/15/zombieload-flaw-lets-hackers-c…
Intel tried to cover it up but apparently Dutch don't like $80k
Intel offered to pay the researchers a USD $40,000 "reward" to allegedly get them to downplay the severity of the vulnerability, and backed their offer with an additional $80,000. The team politely refused both offers.
Intel's security vulnerability bounty program is shrouded in CYA agreements designed to minimize Intel's losses from the discovery of a new vulnerability. Under its terms, once a discoverer accepts the bounty reward, they enter into a NDA (non-disclosure agreement) with Intel, to not disclose their findings or communicate in the regard with any other person or entity than with certain authorized people at Intel.
https://www.techpowerup.com/255563/intel-tried-to-bribe-dutc…
Oh, well if Robert Siciliano, CEO of security awareness training firm Safr.me, says its '10' serious…