• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 65 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
moinmoin said:
Software mitigation essentially useless according to Google research: https://www.tomshardware.com/news/spectre-forever-cpu-security-flaws-research,38627.html

"to truly fix all existing as well as future Spectre bugs, the CPU makers need to come up with new CPU microarchitecture designs"
Click to expand...


It's probably actually a good way for nation states to introduce vulnerabilities. Don't think they have no connections within the development community, including open sores devs.
 
DrMrLordX said:
Wow it's like Slashdot from 10 years ago. Some trolling is awesome.

BSD IS DEAD NETCRAFT CONFIRMS IT
Click to expand...
Off topic, seing the last two posts reminded me of when I used to visit that place, and there were a series of troll users with 6502 and/or Commodore-related usernames, presumably all one person. The increasing number of trolls and shills is one of the reasons I stopped going there.
 
Mr Evil said:
Off topic, seing the last two posts reminded me of when I used to visit that place, and there were a series of troll users with 6502 and/or Commodore-related usernames, presumably all one person. The increasing number of trolls and shills is one of the reasons I stopped going there.
Click to expand...

Sorry I get flashbacks everytime someone starts mentioning "open sores" software. Now all we need is something more modern like . . . APK trolling. Yeah, that'd be great. Oh wait, no it wouldn't . . .

I'm not so sure the Spectre class of vulnerabilities are nation-state-level vulnerabilities though. I think it's the x86 world (at a minimum) pushing the limits on performance with a terrible price. Stuff like IME and TrustZone looks more like state-level-actor stuff to me.
 
DrMrLordX said:
I'm not so sure the Spectre class of vulnerabilities are nation-state-level vulnerabilities though. I think it's the x86 world (at a minimum) pushing the limits on performance with a terrible price. Stuff like IME and TrustZone looks more like state-level-actor stuff to me.
Click to expand...

Sure, spectre is a new class that was discovered recently; for the most part many of these vulnerabilities are very hard to exploit, and for the most part, they are not x86 specific.

However, when some of the patches introduce new vulnerabilities, don't you wonder if the patching effort is seen as a big opportunity?
 
DrMrLordX said:
I'm not so sure the Spectre class of vulnerabilities are nation-state-level vulnerabilities though. I think it's the x86 world (at a minimum) pushing the limits on performance with a terrible price. Stuff like IME and TrustZone looks more like state-level-actor stuff to me.
Click to expand...

I don't think any of those things really are. Nation-state is stuff like Stuxnet that's specifically tailored for a very particular purpose. The government doesn't need hardware backdoors when they can strong arm any companies into releasing data that they have.

If they can't do that, they still don't need to exploit hardware when there're vastly more exploitable humans that will let them in. The DNC hack from the last election wasn't a result of any special hardware flaw, but due to a simple spearfishing attack.

amd6502 said:
Sure, spectre is a new class that was discovered recently;
Click to expand...

I recall that when these were first announced, someone posted a research paper that suggested the possibility of exactly that kind of exploit. I think that it's just really difficult to understand how to exploit the vulnerability and probably only something that a very small number of people might be knowledgeable enough to know to look for or even suspect would be there.

It's definitely not the kind of thing a government would do since their own computers would be vulnerable to someone else finding it. Sure they could hypothetically patch it on their own systems and not tell anyone else, but tell me with a straight face that the government can pull that off while being so terribly inept in all kinds of other ways.
 
Mopetar said:
I don't think any of those things really are.
Click to expand...

I wish that were true. We probably won't ever hear about IME exploits being actually used, though. Nobody's gonna brag about it. Stuxnet was as much a PR campaign as it was an attack on Iran's nuclear capabilities.
 
And... time for your weekly exploit update. https://www.theregister.co.uk/2019/03/05/spoiler_intel_flaw/

This one is named SPOILER.
"The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments."
Click to expand...

The issue is separate from the Spectre vulnerabilities, and is not addressed by existing mitigations. It can be exploited from user space without elevated privileges.
Click to expand...

SPOILER, the researchers say, will make existing Rowhammer and cache attacks easier, and make JavaScript-enabled attacks more feasible – instead of taking weeks, Rowhammer could take just seconds. Moghimi said the paper describes a JavaScript-based cache prime+probe technique that can be triggered with a click to leak private data and cryptographic keys not protected from cache timing attacks.
Click to expand...

Intel is said to have been informed of the findings on December 1, 2018.
 
DrMrLordX said:
Kinda makes you wonder if Lisa Su has a time machine, and a very subtle sense of purpose.
Click to expand...
It's either that, or AMD simply chose to go for a more strict approach relative to security, or more likely (imho) they're just behind the curve. Intel finished eating the low hanging (performance) fruit and took a peek around the corner - and a peek was enough for the alien to strike. Yum yum, Intel inside.

Remember the first runner always has to cut through the wind. We like watching the finish line, but reality is those athletes ran as a group - separate the winners and watch their completion time plummet.
 
This vulnerability, like Meltdown relies on speculative execution to go beyond process memory limits - Intel cpu's MMU is faulty, speculative execution can access also other privilege level memory which it shouldn't by definition. With MMU that gives access to memory it shouldn't there's all kind of possibilities to steal private data.

-> don't use Meltdown-vulnerable cpu's where data privacy is important.

Intel 9th gen Coffeelake-R and Cascadelake are fixed, other still in market Intel cpu's have that faulty MMU.
 
naukkis said:
Intel 9th gen Coffeelake-R and Cascadelake are fixed, other still in market Intel cpu's have that faulty MMU.
Click to expand...

Do we know that this is true for this new attack? I only briefly reviewed the research paper but it seemed like they only tested up to Kabylake for verification. They also only tested a Bulldozer based CPU for AMD as well. I don't think the results will change for Zen based CPUs but with the magnitude of these things, I think I'd like an actual test to show the vulnerability doesn't exist.
 
Hitman928 said:
Do we know that this is true for this new attack? I only briefly reviewed the research paper but it seemed like they only tested up to Kabylake for verification. They also only tested a Bulldozer based CPU for AMD as well. I don't think the results will change for Zen based CPUs but with the magnitude of these things, I think I'd like an actual test to show the vulnerability doesn't exist.
Click to expand...

A cpu with rightly behaving MMU won't allow speculative memory operations beyond privilege levels. Meltdown was one way to use that kind of MMU-behaviour but obviously there's more ways to use it. Meltdown should have not existed, it's not pure side channel leak, actual stolen data is gathered because MMU allows data operations it should forbidden - it's a primary channel data leak. And there's not much security in cpu's that allows primary channel data leak, Meltdown was the easiest way to exploit it.
 
naukkis said:
A cpu with rightly behaving MMU won't allow speculative memory operations beyond privilege levels. Meltdown was one way to use that kind of MMU-behaviour but obviously there's more ways to use it. Meltdown should have not existed, it's not pure side channel leak, actual stolen data is gathered because MMU allows data operations it should forbidden - it's a primary channel data leak. And there's not much security in cpu's that allows primary channel data leak, Meltdown was the easiest way to exploit it.
Click to expand...

With all that said, we don't know for sure if the meltdown fix in cascadelake addresses this issue. . . correct? Has Intel detailed their hardware fix to the point we could say their chips are no longer vulnerable to this new attack which utilizes a different attack vector?
 
Hitman928 said:
With all that said, we don't know for sure if the meltdown fix in cascadelake addresses this issue. . . correct? Has Intel detailed their hardware fix to the point we could say their chips are no longer vulnerable to this new attack which utilizes a different attack vector?
Click to expand...

We cannot be absolutely sure without testing it, but for hardware Meltdown-fix Intel should be checking privilege levels before speculative memory accesses( as cpu's should always do). If cpu checks privilege levels before accessing data such leaks cannot happen.
 
coercitiv said:
It's either that, or AMD simply chose to go for a more strict approach relative to security, or more likely (imho) they're just behind the curve. Intel finished eating the low hanging (performance) fruit and took a peek around the corner - and a peek was enough for the alien to strike. Yum yum, Intel inside.
Click to expand...

Nope. Meltdown works all the way back to P6. It's not some really new performance enhancement that Intel just happened to use before AMD, it is simply bad design that doesn't even give them a performance boost. SPOILER is similar. Using only partial addresses as hints spares them a very tiny amount of power, but it also costs performance (and power) in accidental hits. And it also has been there for a long time.
 
coercitiv said:
And... time for your weekly exploit update. https://www.theregister.co.uk/2019/03/05/spoiler_intel_flaw/

This one is named SPOILER.

Intel is said to have been informed of the findings on December 1, 2018.
Click to expand...
Article was update with a cute response by an Intel spokesperson:

"Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research."

They got 90 days and all they can do is "expect", "critical priority" at work.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top