In June, Google's red team discovered a bug (SPECTER/MELTDOWN) in pretty much every CPU on the market that allows an unprivileged user who can run code to read privileged memory locations.
Meaning if you have an AWS cloud VM, you can log into it, run an exploit, and grab the contents of the host system's memory. These contents would likely include things like root passwords, any information received by a webserver, any information sent by a webserver, any tables recently accessed in a database, so on, so on.
Tl;dr there is no real computer security at the moment.
Without getting too technical, there is a function in CPUs (speculative execution) that make it 'assume' an execution path is being requested, and it can be tricked into doing ugly shit as described above. Now, for two days or so, a ton of software patches have been getting released and everyone is patting each other on the back and talking about what a great job everyone did at dealing with this.
Fun facts:
- The patches are garbage and the performance hits are fucking severe.
- Many of the patches are BSOD'ing windows boxes for example because they were embargoed but released early because SHTF.
- The patches are a fucking joke because apparently there is like a thousand issues related to this that arent getting a software patch and remain exploitable.
The only way this gets patched, is by physically swapping out the fucking CPU for a model that has that entire speculative execution shit fixed.
The CEO of Intel just sold every single share he held, keeping only the mandatory minimum he's contractually obligated to hold. Seriously.
Its going to be baaaaaad. Virtually every fucking chip that runs suffers from the issue. Its going to be a legal bloodbathalanche.