Haha. “With this method, we can exploit the side effects of the Meltdown mitigations to break KASLR reliably.”
CPU manufacturers have been ignoring security for a long time, relying on obscurity. My pessimistic observation is this:
This may be a bit tautological, but if you want to find new vulnerabilities as a security researcher, it seems as simple as to look where others haven’t and aren’t, for whatever reason. And I think the nature of academia discourages this, so it’s not tough to think of.
This comment may be a bit of an oversimplification. I know some things about security, but I’m by no means an expert. Am I wrong here?
I’m no expert but I agree with the sentiment and think there is definitely truth in what you’re saying here.