[Cryptography] Buffer Overflows & Spectre

Ondrej Mikle ondrej.mikle at gmail.com
Thu Nov 22 18:00:40 EST 2018

On 11/21/18 3:42 AM, Henry Baker wrote:
> I really don't care any more about excuses.  I see 4/8/12 core processors whose entire computational load is handling 50-100 (or more) Javascript components so that tens of advertisers can better track me as I read a single paragraph of text.  Every additional computational cycle is more than eaten up with larger Javascript programs, so web pages are slower than they were twenty years ago.  I really don't care to give up my security to enable more of this garbage.

This is perfect summation of current "state of computation", especially accross
the web. Is any of the 50 injected javascripts from various ad systems abusing
Rowhammer or Spectre? Likely not. Works in papers, but not so useful in real
attacks. But there's a decent chance they will inject some miner from an ad
system, along with the "legit" tracking code.

Most people don't know since they don't usually run even simple app/widget to
monitor CPU usage. It's quite common to see that once you allow javascript on
page via NoScript, it will eat one whole CPU core. Most people will only notice
it through fan spinning or battery drain. Simple pages having few paragraphs of
text with a few images, where basic HTML would suffice.

Ondrej Mikle

More information about the cryptography mailing list