6/14/2022 10:08:42 AM
Ars Technica -- Riccardo Paccagnella, a University of Illinois Urbana-Champaign researcher and a co-author of the paper, said that Hertzbleed demonstrates the obsolescence of guidance jointly hammered out by hardware and software engineers for writing software that isn't susceptible to timing attacks. "The result is that current industry guidelines for how to write constant-time code (such as Intel's one) are insufficient to guarantee constant-time execution on modern processors," he wrote in an online message.
Further coverage: Phoronix, SecurityWeek, The Hacker News, PCMag, PCWorld, and more.