Quite an interesting bug they’ve found, I’ve gotta say. I am thankful that security researchers found out about it before attackers could wreak havoc on the entire internet (Or did they???) as it helps make the world a safer place and whatnot~
Naturally it does bring some frustration as we had to reboot a bunch of our instances on AWS but it was just a minor setback for our own safety.
What it does bring up is an issue of security vs convenience (or perhaps, security vs efficiency) and how we must balance these things. I think this kind of decision is a thing that makes a lot of sense on personal computers where the worst that metldown and spectre can do is have a computer virus invade your personal programs’ data (in which case, you’re already screwed for having a virus infect your pc in the first place). Sure, you lose data, but only in the scope of a PC which you have full control over anyway.
A cloud system, on the other hand, is particularly vulnerable; it allows anyone running a non-infectious program to spy on data on other peoples programs, thus leaking private information with the victim being literally unable to stop them (until AWS patched their systems). It makes me wonder if it is worth it for hardware vendors to separate the architecture for personal PCs and server PCs, with the former focusing on speed so people can do their stuff faster, and the latter focusing on security, since they can just have their services scale (either horizontally or vertically) if the processor isn’t efficient enough.
All-in-all, this kind of attack perfectly explains why government security policies require you, even on cloud hosting, to provision a non-shared instance when hosting your data. it’s a bother, but it keeps everyone safe when the unexpected things like this come to bite you in the butt.