New SpectreRSB that bypass current software / firmware

<p>They are allowed to keep selling, because there is no alternative and we need computers.</p><p>Currently the only alternatives to not using Spectre affected CPUs is either to go back to pre-2000 designs or stop using computers altogether.</p><p>AMD, ARM, Intel, Sparc and most other CPUs are currently affected by one form of Spectre or another. If you have any chip design with multiple threads and speculative execution, you will probably find it is vulnerable to at least one variant. The only thing that can currently be done is to try and software patch it.</p><p>That means most smartphones are also affected, as are tablets, industrial kit and pretty much anything else that uses a CPU.</p><p>There is no simple hardware fix. Processor design pipelines are around 2 years, which means that we have at least 18 months, before a clean design for ARM or Intel/AMD x64 comes along. I don't know how long the likes of Oracle need for their next generation chips, but they have had much longer refresh cycles than Intel in the past decade.</p><p>So that leaves you with the choice of going back to a Pentium III level of performance or stop using computers altogether, until these problems can be solved.</p><p>Could you really cope without a smartphone and computer for the next 2 years? And without a smart TV, or Alexa, or Google Assistent or smart gadgets of any form? No more Internet, no more social media, no more streaming video?</p><p>I could probably do without most of it, but not without a PC or 'phone at the very least. I don't do IoT, whose security currently makes Intel's, ARM's and AMD's problems look like a non-event, so I am lucky on that score.</p><p>So, whilst <strong>all</strong> the major chip makers are looking to make Spectre-free chip designs (and Intel are looking to make them also Meltdown free), that means that either we have to put up with Spectre affected chips for a couple of years or we do without computing at all. </p><p>And making them Spectre-free means literally going back to the drawing board. You need to forget almost everything we have learnt about chip design in the last 20 years and come at it again. That means they need to unlearn 20 years of optimization and come up with something new, that takes time, a lot of time! And it needs to be as efficient as the efficiency improvements that caused Spectre, which have taken 2 decades to refine. That is an incredibly tall order. For you average user, this is pretty much a non-issue at the moment (and yes, I am an avid Security Now listener, so I have heard the episode). It is worrying, but if you are careful with what you browse and what you install, you are fairly safe, at the moment, there are a couple of Spectre proof-of-concepts for Android and, I believe, iOS and the same for Linux and Windows. If you are running a Hyper-V, Xen or VMWare stack, you have more to worry about and the big "losers" are the cloud providers, as it only take a bad VM on a physical server to start leaking information out of other VMs through Spectre attacks. But, again, that isn't easy and is very slow and you can't guarantee that you will get anything useful, at the moment.</p><p>There just isn't a quick fix to this problem. Also, this is still one of the Spectre NG bugs that was announced back in April/May and are being gradually drip-fed in detail over the summer months, milking the press in the summer's slow-news months. I think there are still another 3 Spectre NG attacks that were announced in Q2 that haven't yet been detailed, so buckle up.</p>