John Young was, and still is, so cool. If you were around in the “Space Race” days or the Shuttle era, he was the astronaut you wanted to be.

https://apple.news/AwEfOt_TpRDaFPOE5ipsojQ

Meltdown & Spectre

From XKCD:

New zero-day vulnerability: in addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.

A new stack-based overflow vulnerability discovered in AMD CPUs

From Security Affairs:

Google expert discovered a new stack-based overflow vulnerability in AMD CPUs that could be exploited via crafted EK certificates,
Chip manufacturers are in the tempest, while media are continues sharing news about the Meltdown and Spectre attacks, the security researcher at Google’s cloud security team Cfir Cohen disclosed a stack-based overflow vulnerability in the fTMP of AMD’s Platform Security Processor (PSP).

The vulnerability affects 64-bit x86 processors, the AMD PSP provides administrative functions similar to the Intel Management Engine.

We’re going to see a lot more investigation into hardware vulnerabilities. It won’t be pretty, I expect.

What researchers discover will not be easy or inexpensive to fix. My hope is that hardware manufacturers realize it is less expensive and better for their reputation to improve their processes in relation to secure-by-design.