Slashdot Mirror

← Back to Stories (view on slashdot.org)

How a Researcher Hacked His Own Computer and Found One of the Worst CPU Bugs Ever Found (reuters.com)

Posted by BeauHD on from the behind-the-scenes dept.

Reuters tells the story of how Daniel Gruss, a 31-year-old information security researcher and post-doctoral fellow at Austria's Graz Technical University, hacked his own computer and exposed a flaw in most of the Intel chips made in the past two decades. Prior to his discovery, Gruss and his colleagues Moritz Lipp and Michael Schwarz had thought such an attack on the processor's "kernel" memory, which is meant to be inaccessible to users, was only theoretically possible. From the report: "When I saw my private website addresses from Firefox being dumped by the tool I wrote, I was really shocked," Gruss told Reuters in an email interview, describing how he had unlocked personal data that should be secured. Gruss, Lipp and Schwarz, working from their homes on a weekend in early December, messaged each other furiously to verify the result. "We sat for hours in disbelief until we eliminated any possibility that this result was wrong," said Gruss, whose mind kept racing even after powering down his computer, so he barely caught a wink of sleep.

Gruss and his colleagues had just confirmed the existence of what he regards as "one of the worst CPU bugs ever found." The flaw, now named Meltdown, was revealed on Wednesday and affects most processors manufactured by Intel since 1995. Separately, a second defect called Spectre has been found that also exposes core memory in most computers and mobile devices running on chips made by Intel, Advanced Micro Devices (AMD) and ARM Holdings, a unit of Japan's Softbank.

138 comments

  1. If only I know who to short ... by 140Mandak262Jamuna · · Score: 2, Insightful

    OK, the bug is big. Impact is going to be big. But who's gonna be punished by the market? Who can I short? Will users of Cloud services demand their processes to be hosted on exclusive servers not shared with others? Would it raise cloud costs? Would they punish Intel?

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:If only I know who to short ... by XanC · · Score: 5, Insightful

      Most likely Intel's numbers will go up, at least in the short term, as people buy more CPUs to make up for the performance hit.

    2. Re:If only I know who to short ... by Anonymous Coward · · Score: 0

      No, they'll buy AMD CPUs.

    3. Re:If only I know who to short ... by Anonymous Coward · · Score: 0

      No, they'll buy AMD CPUs.

      Both processors are fucked by flaws, AMD only slightly less fucked.

      That might differentiate between AMD and Intel sales, but I doubt it. When it comes to the ignorant masses, marketing matters, and AMD doesn't even come close to Intel.

    4. Re:If only I know who to short ... by XanC · · Score: 1

      You're right that AMD is unaffected (as unaffected as anything), but I don't think they can handle the volume. Not in the short term.

    5. Re:If only I know who to short ... by bobbied · · Score: 2

      We don't know that AMD doesn't have it's own issues which are just as bad...

      However, AMD Kind of has Intel on the ropes in the performance space with that Rizen line. Intel's answer has been to drop more cores into the unit and then having to force them to lower clock rates due to heat. Intel is still turning huge profits, but AMD has started to recapture market share....

      SO.... I point all this out to say the following. AMD now has a huge hole in Intel's armor to drive their marketing trucks though and I sure expect them to try, in so far as their marketing budgets allow. I expect AMD to exploit this unforced error by Intel.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    6. Re:If only I know who to short ... by Anonymous Coward · · Score: 0

      New Windows licences too, so Mickeysoft will do well.

    7. Re:If only I know who to short ... by supremebob · · Score: 1

      Actually, I'd expect many businesses to use it as an excuse to outsource more of their outdated on-prem equipment to "the cloud". Guess who makes over 95% of the CPU's used by the cloud hosting providers? Not AMD's.

      Sure, that might sound counter-intuitive considering that this vulnerability showed a huge potential security issue with shared hosting models. That said, spending more money on upgrading what's considered to be a "legacy" data center by senior management probably won't get you that "VP of Infrastructure" promotion you were hoping for this year.

    8. Re:If only I know who to short ... by bobstreo · · Score: 1

      OK, the bug is big. Impact is going to be big. But who's gonna be punished by the market? Who can I short? Will users of Cloud services demand their processes to be hosted on exclusive servers not shared with others? Would it raise cloud costs? Would they punish Intel?

      I read an article that said the Intel CEO dumped a bunch of stock last yer, so it's probably too late to short them.

    9. Re:If only I know who to short ... by Anonymous Coward · · Score: 1

      That's a massive mischaracterization of the fuckedness. Intel CPUs allow access to privileged memory from user space. There is no fix and the mitigation will cause significant slowdowns for any workloads that frequently switch between kernel space and user space. That's server loads. That's VM loads. AMD is not affected by this bug. The bug that affects AMD CPUs most likely also affects all other modern processors. It has been shown for Intel and ARM CPUs and there are rumors that IBM PowerPC also misbehaves. It's just a side effect of straight forward speculative execution and caching. There is no fix for that either unless you're willing to replace all CPUs, but the mitigation will probably consist of changes to JIT compilers and not affect performance noticeably. Intel is fucked, everyone else just got the scare of a lifetime.

    10. Re:If only I know who to short ... by AvitarX · · Score: 2

      AMD seems way better off.

      AMD was closing performance gap, now Intel just lost about 5-10% (workload dependant estimated mitigation costs of meltdown on a CPU with PCID) performance. This puts AMD at a tie in some areas (cost equivalent single thread) where it was slightly behind, and further grows its multi thread advantage.

      Both CPUS are in theory vulnerable to spectre, which will likely be mitigated in software by application and be equally damaging to all.

      At least that's how I've read it. Mitigation of meltdown is Intel specific and very expensive, mitigation of Spectre is ??? Haven't really seen anything on that, it's a much narrower vulnerability though, because meltdown allows reading if all memory, and spectre is limited to an applications memory.

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
    11. Re:If only I know who to short ... by AvitarX · · Score: 1

      But they may be able to handle and extra 10-15% of cash for the same volume. That'd be real good on the books.

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
    12. Re:If only I know who to short ... by 110010001000 · · Score: 1

      You cannot spend money to "upgrade" your system. Your Intel processors are flawed and there is no fixed version of the processor available.

    13. Re: If only I know who to short ... by Anonymous Coward · · Score: 0

      Perhaps you'll want to read the latest post where google days the fix has had negligible impact:

      https://m.slashdot.org/story/335703

    14. Re:If only I know who to short ... by Kaenneth · · Score: 1

      Trezor, and other makers of hardware Bitcoin/Crypto wallets for one should go up.

      All software wallets can be assumed compromised at this point.

    15. Re: If only I know who to short ... by 110010001000 · · Score: 1

      You read it wrong. The "fix" that Google is using is to recompile THEIR CODE. Hackers aren't going to do that.

    16. Re:If only I know who to short ... by Anonymous Coward · · Score: 0

      AAAAAA!!! Time to loot Radio Shack, fire up the dune buggies, and go crazy Mad Max style!

        I would also lock the top execs in the bathroom and drop the key down the sink and
      say they will be let out when the shit storm is over.

    17. Re: If only I know who to short ... by Anonymous Coward · · Score: 0

      Unless these devices use ARM cpuâ(TM)s. Then they are fucked as well.

    18. Re:If only I know who to short ... by bongey · · Score: 2

      Funny Microsoft knew about this months ago and bought a bunch of AMD processors for their Azure cloud specifically for data intensive loads. Exactly the type of tasks which is slowed down by this Intel bug.

    19. Re:If only I know who to short ... by sjames · · Score: 4, Insightful

      Actually, AMD is significantly harder to exploit than Intel. The performance crushing patch simply brings the Intel processor level with AMD.

    20. Re:If only I know who to short ... by sjames · · Score: 2

      That would be exactly opposite of the right strategy. As bad as information leaks between processes can be, it's worse when those other processes are owned by a different entity. Who would you rather be potentially able to read your banking details, a family member or some random guy whose name you don't know who could be living anywhere in the world?

    21. Re: If only I know who to short ... by Anonymous Coward · · Score: 0

      Hopefully AMD has gotten a new marketing team in the past few months, 'cuz the folks theyâ(TM)ve been using for the past decade suck.

    22. Re: If only I know who to short ... by Anonymous Coward · · Score: 0

      FYI: Red Hat has confirmed that Power 8 And Power 9 are affected by Spectre. (Lost the link; sorry).

      And Apple has confirmed all of their A-series chips are affected by Spectre, meaning every iOS and tvOS device. (All their Macs too, but thatâ(TM)s not exactly news.)

    23. Re: If only I know who to short ... by Anonymous Coward · · Score: 0

      Have you looked at Intel's stock for the past six months? If you owned any Intel stock, the first week in November was a great time to "sell high".

      That's not to say there weren't shenanigans. Just that it really was a good time for anybody to sell INTC.

    24. Re:If only I know who to short ... by thegarbz · · Score: 1

      Intel's CEO dumps a bunch of stock every year, he only ever holds on to the minimum he is required to. Also when he does so the stock price doesn't move since he doesn't have stupidly high volumes like say Jeff Bezos.

    25. Re:If only I know who to short ... by Anonymous Coward · · Score: 0

      The CEO dumped his stock after knowing this was coming. That's insider trader, a far bigger issue than a design flaw that's already patched, and only affects one brand of CPUs (unlike Intel's brain-dead patch that drags other archs into their mire).

    26. Re: If only I know who to short ... by Anonymous Coward · · Score: 0

      The patch makes them slower, not faster. It increases the speed difference.

    27. Re:If only I know who to short ... by TheRaven64 · · Score: 2

      You're assuming that the attacker has no control over their placement. The only person who is going to see leaks from these vulnerabilities is someone who is actively running the exploit (you don't just get someone else's memory in your address space, you have to scan it one bit at a time). If I wanted to exploit this, I'd spin up a bunch of VMs in Amazon, Google, and Microsoft's clouds and start scanning. I would not be actively targeting your company, but if I saw anything confidential and valuable then I'd be able to tie it back to your company and either sell it to someone who wanted to take advantage of it or use it directly. I'm not planning on doing this, but the people who are will probably be in Russia, China, North Korea, or other places where it's really hard to get any legal recourse.

      In contrast, if someone within your own company is attempting to access data that they shouldn't, then you can terminate their employment and you may even be able to prosecute them.

      --
      I am TheRaven on Soylent News
    28. Re:If only I know who to short ... by jabuzz · · Score: 1

      Assuming Intel don't get hit with a lawsuit demanding compensation for faulty products. Given the worst performance hit comes from Meltdown and only Intel seem to be vulnerable, there's a case to be answered. So shorting Intel stock seems the way to go as their numbers will be going down.

    29. Re:If only I know who to short ... by Anonymous Coward · · Score: 0

      Do you know what more we don't know? We don't know if you're a baboon posting from your local zoo. No offence.

      Seriously, when you don't know stuff, you have to roll with what you know, going with what you know is horri-bad (Intel) because something else might, perhaps be bad too, is just falling for FUD, plain and simple. It's not rational.

    30. Re:If only I know who to short ... by JackieBrown · · Score: 1

      The punishment should be for you never to buy Intel again and to look for a cloud service that offers what you are asking (which I doubt is really out there since it would make cloud services ridiculously expensive - each user getting their own processor. You might as well leave the cloud at that point.)

    31. Re:If only I know who to short ... by sjames · · Score: 2

      No, I was considering that. If My company uses a public cloud, one of those bad actirs MIGHT end up running in another VM on the same machine my VM is running on. If instead, I run on a server I actually own and use exclusively, even if I run several VMs, I can KNOW that the bad guy is NOT also running a VM on that server. At worst, another department in the same company might have a VM on the same hardware with me.

      So if security is a concern at all, avoiding outsourcing VMs to the cloud is the right strategy.

    32. Re: If only I know who to short ... by sjames · · Score: 1

      By level, I mean in terms of security.

    33. Re: If only I know who to short ... by Anonymous Coward · · Score: 0

      It was clearly Putin who did this to help Trump win the election!

    34. Re:If only I know who to short ... by Shirley+Marquez · · Score: 1

      Until recently, Intel's best mainstream desktop CPU had four cores, and their best mainstream laptop CPU had two. (By "mainstream laptop" I mean the U series ultra-low-voltage parts, not the more power hungry H series that are used in gaming and workstation laptops.) They moved up the release date of the Coffee Lake aka 8000 series (six core desktop CPUs and four core U series laptop CPUs) as a response to the competitive threat from AMD.

      Intel still has the edge in performance per core. Ryzen narrowed the gap considerably compared to AMD's previous FX series. Ryzen gives you more cores per dollar to make up for the remaining gap. Ryzen killed Kaby Lake in multi-threaded applications, but Coffee Lake is competitive there and retains its edge in single-thread applications.

      AMD will release a minor update to Ryzen in 2018; that will likely include clock increases and some slight tweaks to improve IPC. Their next significant architecture change (Zen 2, aka Matisse) isn't expected until 2019; it will also include a shift to a new 7nm process.

    35. Re: If only I know who to short ... by Anonymous Coward · · Score: 0

      Find a CPU with branch prediction, and you probably found a CPU affected by Spectre. Spectre measures the side-effects of timing caused by branch prediction loading caches.

    36. Re:If only I know who to short ... by Anonymous Coward · · Score: 0

      I don't think is a 'bug'. I think this is a deliberate deep backdoor that has migrated across all of the intel platforms. There is no way that this 'bug' could have gone unnoticed for 22 years and exist in nearly every cpu made by intel for that long. I don't believe it.

  2. its not a bug, its a feature by Anonymous Coward · · Score: 0

    ...if you intend on spying on everyone in the world.

    1. Re:its not a bug, its a feature by Anonymous Coward · · Score: 0

      > its not a bug, its a feature... if you intend on spying on everyone in the world.

      Thought the same.

      On a second thought, you a extremely long period on which that bug has been "available". 1995 is over 20 years ago. It's hard for such things to go unnoticed in such a long timeframe. For comparison, people talk about the non-execute bit as if it were much more important... keeping a system area out of reach of normal apps is of the utmost importance and probably the subject of specific classes in software creation.

      Developers could be excused on the grounds that it's hard to hold everything in one's head and people probably think that user-system context separation is so important that it would certainly be correctly implemented and transparent (because hardware-implemented). Even the guys who discovered it had to double check it, such is the monstrosity of the flaw.

      There are solutions for avoiding speculative execution in software. But the problem is that the application must be aware of the problem to avoid causing it inadvertently -- and, what's more important, the coder must want to avoid it and not willingly to use it as exploit.

  3. Woah by Anonymous Coward · · Score: 5, Insightful

    Does EVERYTHING have to be in a bold font?

    Please fix!

    1. Re:Woah by arth1 · · Score: 1

      Does EVERYTHING have to be in a bold font?

      It's just the front page, no?
      And it would make some people's posts slightly less obnoxious, as you won't see when they abuse the bold tag.

    2. Re:Woah by Anonymous Coward · · Score: 0

      If it's too bold, you're too old!

  4. Is it just me? or ... by 140Mandak262Jamuna · · Score: 5, Insightful

    Every is seeing too much of bold fonts? Did someone forget a closing bold tag in some style sheet?

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Is it just me? or ... by DontBeAMoran · · Score: 2

      I'm seeing all text in bold too. We can't ask too much of a nerd website if they can't even handle UTF-8 correctly.

      --
      #DeleteFacebook
    2. Re:Is it just me? or ... by Anonymous Coward · · Score: 0

      Aye, in Firefox 56

    3. Re:Is it just me? or ... by CyberLeader · · Score: 1

      I'm also seeing everything in bold, since sometime today.

      --

      Software Shouldn't Suck

      E-mail: frank at jacquette dot spamless com (remove the spamless!)

    4. Re:Is it just me? or ... by Anonymous Coward · · Score: 0

      me too. I had thought my browser had something wrong ...

    5. Re:Is it just me? or ... by Anonymous Coward · · Score: 0

      The bold text is the result of a Spectre Meltdown.

    6. Re:Is it just me? or ... by Anonymous Coward · · Score: 0

      YES, thank you parent.
      I also just switched from windows to mint the other day and thought I was either going crazy, or had screwed up my install somehow.

    7. Re:Is it just me? or ... by Anonymous Coward · · Score: 0

      You know how Voip-Info.org is the premier VoIP and Asterisk wiki on the web? They're so exited about that, they forgot to close their bold tag after that important announcement.

    8. Re:Is it just me? or ... by jmccue · · Score: 1

      Software Shouldn't Suck

      I think your sig needs another line: Hardware Shouldn't Suck

    9. Re:Is it just me? or ... by dohzer · · Score: 1

      I hacked your PC and inserted some bold text do test this vulnerability. Are you by chance running an Intel processor?

    10. Re: Is it just me? or ... by Anonymous Coward · · Score: 0

      What the fuck is exited? Did you mean excited? You fucking moron.

    11. Re: Is it just me? or ... by Anonymous Coward · · Score: 0

      Only Slashdot users would award the highest score to a trivial comment on a serious topic.

    12. Re:Is it just me? or ... by gnunick · · Score: 1

      Every is seeing too much of bold fonts? Did someone forget a closing bold tag in some style sheet?

      Yeah, the entire article section had been enclosed within <strong> tags for some reason. I edited the source in Firefox and changed "<strong>" to the meaningless "<string>", just to make it bearable to read the page.

      But thankfully, a few page refreshes afterwards, and they'd already fixed it. Maybe someone had thought <strong> would somehow toughen their security.

      Anyway, c'mon guys... stop editing the live site! ;)

      --
      I have no special gift, I am only passionately curious. --Albert Einstein
    13. Re:Is it just me? or ... by Anonymous Coward · · Score: 0

      It's just you. Seriously, I never saw it, it was apparently just Slashdot pushing changes to live again without the most basic smoke testing on a staging server. Either that or they hired APK as an article editor.

    14. Re:Is it just me? or ... by Anonymous Coward · · Score: 0

      I hacked your PC and inserted some bold text do test this vulnerability. Are you by chance running an Intel processor?

      nope, Mozilla fixed it.

  5. So... by DontBeAMoran · · Score: 1

    Is that yet another flaw or a duplicate name for one of the other two bugs we were already talking about in previous threads?

    In other news, is the Motorola 68K series immune to these two/three problems? (Amiga, Atari ST, classic Macs)

    --
    #DeleteFacebook
    1. Re:So... by Anonymous Coward · · Score: 0

      Worst comment/nickname synergy ever.

    2. Re:So... by Anonymous Coward · · Score: 0

      I believe the 68020 and earlier are totally immune as they don't have a MMU. The 68030 and up might be vulnerable.

    3. Re:So... by bobbied · · Score: 1

      I seriously doubt the 68000 series has this issue.... Security was designed in from the start on these processors, even if it wasn't actually implemented until later. Between the 68000 and the 68030 there wasn't any need to change anything to run your program and only ONE instruction had to be modified (it had a different set of flags returned where one bit now was variable, instead of fixed).

      The security architecture of Intel's solution was implemented after the fact. It had to pay homage to legacy instruction sets and suffers from all the same problems of other things where security implementations where not part of the original design. OOPS, how do we make this secure now? is never a good question to ask after the thing goes into production. Intel did this, but nobody expected the X86 architecture to be 16 bits way back then, and now we are at 64 bits...

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    4. Re:So... by Anonymous Coward · · Score: 0

      This is new, is the Pompei exploit that causes your Intel CPU (and possibly others, but really just intel) to explode into a fountain of molten lava.

    5. Re:So... by AvitarX · · Score: 1

      I don't think they do predictive branching.

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
    6. Re:So... by Anonymous Coward · · Score: 0

      And what exactly do you think this flaw has to do with 16 versus 32 versus 64? This is a parallel / predictive execution flaw. Nothing to do with bits or legacy. In fact this predictive stuff wasn't available in early processors.

      The articles are saying this flaw may go back 20 years for Intel, so 1997. The 68030 was released in 1987. I'm pretty sure you aren't comparing Apples to Apples. 20 years is shocking, but if you have a Motorola boner at least compare the same year or generation.

    7. Re:So... by DontBeAMoran · · Score: 1

      Synergy, eh?

      Bingo!

      --
      #DeleteFacebook
    8. Re:So... by AHuxley · · Score: 1

      Find a fast, modern OS for that CPU?

      --
      Domestic spying is now "Benign Information Gathering"
    9. Re:So... by Anonymous Coward · · Score: 0

      So, what's wrong with people from Ireland? Or are you perhaps talking about Allah?

  6. First to market with a fixed CPU gets big rewards? by DanDD · · Score: 1

    For every punishing move in the market, there's a reward for new, better, faster, or in this case, more secure.

    Who will get to market first with a fix? This will be fun to watch.

    --
    "Every time I see an adult on a bicycle, I no longer despair for the future of the human race." - H. G. Wells
  7. Can you trust your software? by Anonymous Coward · · Score: 1, Insightful

    If you're not running malicious programs on your computer, you're not vulnerable to these attacks. It's much tougher to sneak malicious functionality into open source software. If the source code is available, it's far more likely someone would notice the malicious behavior than if the software is closed source. It seems like the processor and other hardware hasn't been explored as an attack surface to nearly the same extent as software. I expect there will be more bugs like these, and it's a matter of time before they're found and exploited. The damage from these vulnerabilities can be mitigated by blocking untrusted code (like a lot of JavaScript that could exploit Spectre-like vulnerabilities) and using open source. I'm far more willing to trust that the open source software running on my Linux system isn't working against me than I am with closed source software.

    1. Re:Can you trust your software? by Anonymous Coward · · Score: 0

      Except, as is plainly evident from the summary, this bug is exploitable from even something as untrustworthy as a website.

    2. Re: Can you trust your software? by Anonymous Coward · · Score: 0

      No, that's not what the summary states. The tool was exploiting Meltdown to access data contained in memory that should have been inaccessible to the tool. The researcher recognized the data because it was websites addresses that were accessed in Firefox and should not have been available to the other process. The summary doesn't say anything about visiting a malicious website that can exploit Meltdown.

      There is a proof of concept that JavaScript can exploit Spectre, which is a big problem. I also addressed that in my comment when I said it's important to block untrusted code such as potentially malicious JavaScript.

      Your comment is not helpful.

    3. Re:Can you trust your software? by Anonymous Coward · · Score: 1

      Did you even read the text from the AC you replied to? Different AC here, but s/he said:

      (like a lot of JavaScript that could exploit Spectre-like vulnerabilities

      The point being to avoid untrustworthy code, which javascript from random 3rd party domains included by whatever web site you happen to visit, well... IS.

      Time and time again we see this. Disabling JS by default is necessary to use the web securely.

    4. Re: Can you trust your software? by Anonymous Coward · · Score: 0

      Your comment is not helpful.

      Yep, you're right! I completely misread that quote.

  8. I'm not so sure the impact is going to be big by cheezedawg · · Score: 1

    Google and Amazon both say its negligible.

    http://www.businessinsider.com...

    --
    "The defense of freedom requires the advance of freedom" - George W Bush
    1. Re: I'm not so sure the impact is going to be big by Anonymous Coward · · Score: 0

      Interesting. I think Clouds might be the worst affected. They alway fight poor security perceptions. But in this case anyone can sniff the other VMs from their own VM.

      AWS: All your database are belong to unknown other parties.

  9. Worthless submission by Anonymous Coward · · Score: 1

    The article teases you with "how he did it" and answers with "he did it." You want to know how Meltdown or Specter work? Read the papers: https://meltdownattack.com/

  10. It happens to be a slow news week by radicimo · · Score: 0

    The whole thing is overblown. US CERT gave it a CVSS of 1.5 ... which means on a scale from 1 to 10 in severity, it didn't even break a 2.
    https://www.kb.cert.org/vuls/i...

    --
    100 REM PISS OFF CODE FASCISTS 200 GOTO 100
    1. Re:It happens to be a slow news week by toonces33 · · Score: 2

      I can't help but wonder if this is only because they haven't found much in the kernel address space. If on could find hashed passwords for local accounts, it might cause people to reconsider..

    2. Re:It happens to be a slow news week by 110010001000 · · Score: 2

      I always wonder why people lie about this. The CVSS is not a 1.5. Your link even proves you wrong. How is it overblown? This is a huge issue.

    3. Re:It happens to be a slow news week by r1348 · · Score: 2

      The link you provided reports the following CVSS metrics:
      Base 4.4 AV:L/AC:M/Au:S/C:C/I:N/A:N
      Temporal 3.4 E:POC/RL:OF/RC:C
      Environmental 5.1 CDP:ND/TD:H/CR:H/IR:ND/AR:ND

      Where did you read 1.5?

    4. Re:It happens to be a slow news week by radicimo · · Score: 1

      They updated it. Was a 1.5 earlier.
      http://web.archive.org/web/201...

      --
      100 REM PISS OFF CODE FASCISTS 200 GOTO 100
    5. Re:It happens to be a slow news week by radicimo · · Score: 0

      Why would I lie about this. You're just being silly and lazy. It's not a huge issue unless you are a cloud provider who shares CPU space among your tenants.
      http://web.archive.org/web/201...

      --
      100 REM PISS OFF CODE FASCISTS 200 GOTO 100
  11. bugs by Anonymous Coward · · Score: 0

    There is no possible way that Intel and other CPU manufacturers were not aware of this problem for many, many years.

  12. Worthless memory. by Anonymous Coward · · Score: 0

    I'm safe. My computer doesn't use "core memory".

  13. To nit pick myself by radicimo · · Score: 1

    I guess technically the CVSS scale runs from 0 to 10, but still this one wallows in the bottom half of the Low classification.
    https://nvd.nist.gov/vuln-metr...

    --
    100 REM PISS OFF CODE FASCISTS 200 GOTO 100
  14. Soft by dohzer · · Score: 1

    Good thing they clarified who ARM are by referencing a group I have vaguely heard of once or twice.

  15. Except this is from July by Anonymous Coward · · Score: 0

    https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/

  16. AMD bug only affects THE SAME PROCESS, unlike Inte by Anonymous Coward · · Score: 2, Informative

    Intel PR monkeys are trying to take AMD down with them, let's make this clear:

    For the 3 bugs, the biggest one only affect Intel CPUs, for bug 2 and 3:

    AMD bug only affects THE SAME PROCESS, unlike Intel, which allows exploits to cross processes:

    https://googleprojectzero.blog...

    As shown, AMD was only vulnerable to "the ability to read data inside mis-speculated execution within the same process, without crossing any privilege boundaries."

  17. Intel ME by jmccue · · Score: 1

    Does this brings up a another issue ? As fixes roll out what about Intel ME ? That is suppose to be on a somewhat modern 32 bit Intel processor. So I would think that ME will have these same issues.

    How would that get patched ? Can ME even access kernel memory on the main chip like meltdown can on VM ?

    Hope this does not keep you awake at night :)

    1. Re:Intel ME by 110010001000 · · Score: 4, Insightful

      I think people still don't understand: there is no "fix" for Meltdown other than to replace your Intel chip with another one that doesn't have this flaw. The software patches are just mitigation, but they won't fix this issue.

  18. He should be held liable by Anonymous Coward · · Score: 0

    Hacking is against the law. Teenagers who share nudes of themselves can be tried for pedophilia, too.

  19. uhh by Anonymous Coward · · Score: 0

    You literally just posted an article that said Google's team discovered this a year ago. So which is it?

    1. Re:uhh by Anonymous Coward · · Score: 0

      Ah, let him have his fifteen minutes. This is like finding out every car on the road has to be limited to 35mph due to money falling out if you hit the pedal and release before any physical braking occurs.

  20. Three independent teams found bug at same time by JoeyRox · · Score: 5, Interesting

    FTA: The key players were independent researcher Paul Kocher and the team at a company called Cyberus Technology, said Gruss, while Jann Horn at Google Project Zero (GOOGL.O) came to similar conclusions independently.

    Which begs the question - how long has the NSA known about this too?

    1. Re:Three independent teams found bug at same time by 110010001000 · · Score: 1

      It isn't possible all these people independently "discovered" a 20 year old flaw at the same time. Think about it. Google supposedly discovered it six months ago. I don't believe it.

    2. Re:Three independent teams found bug at same time by Anonymous Coward · · Score: 0

      its a no brainer.

      its like finding out the key the company gave you to get into the building to supposedly just your office, is really a master key to the entire company.

      ironically, mainframes back in the 60's had the same power.. login as sysadmin and get as much cpu time as you need.

      can't wait to see the fall out.

    3. Re:Three independent teams found bug at same time by slimjim8094 · · Score: 1

      Why?

      --
      I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
    4. Re:Three independent teams found bug at same time by AHuxley · · Score: 0

      The NSA and GCHQ went for the network, servers, OS, networks at the place the OS was been created, hardware been exported, every network in and out of nations. Global and domestic collect it all.
      NSA ANT catalog https://en.wikipedia.org/wiki/...
      PRISM (surveillance program) https://en.wikipedia.org/wiki/...
      Room 641A https://en.wikipedia.org/wiki/...
      Most of what was released talks to malware, OS support, hardware additions.
      What is missing is the Equation Group https://en.wikipedia.org/wiki/... effort for the big brand US CPU as shipped.
      No GODSURGE, FLUXBABBIT hardware implant and more just using the standard production line CPU?
      Was the CPU side of the whistleblowing held back as its still in use and would show a hardware PRISM slide of when other US brands became part of the security services collect it all efforts?

      Did the NSA and GCHQ ask the top MI5 and CIA anthropologist about what people do to study the CPU and that the CPU was just too risky to go for directly?
      The Equation Group work was well hidden from most researchers. Malware and hardware altered during shipping just for one user was not going to be found during an average mission.
      Get found on the normal CPU and a lot of skilled people globally start to look?
      The CPU was under too much study to risk?
      The CPU is a vital part of NSA and GCHQ collection efforts and security researchers who publish their work have just not found code litter of the security services doing consumer CPU things in the wild yet.
      Buy a computer and have the CPU swapped during shipping might be what the NSA and GCHQ attempted. A risk worth it for one mission.
      Mess with every standard CPU from security service staging servers and risk getting seen by someone smarter? Not normal malware that gets everyones attention?
      The anthropologist said no, too many people are looking at the consumer CPU all the time?
      Wait for more whistleblowing?
      The consumer CPU was not worth the risk of discovery?

      --
      Domestic spying is now "Benign Information Gathering"
    5. Re:Three independent teams found bug at same time by Anonymous Coward · · Score: 2, Informative

      I encountered an only slightly older blog post where somebody demonstrates that speculative execution causes cache line reads. He claims no security hole and that the negative result is interesting because of how close he got. On reading it I had enough to develop the rest.

      Anders Fogh deserves the real credit. https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/

    6. Re:Three independent teams found bug at same time by hraponssi · · Score: 1

      Hey, don't go insulting the Supreme Intelligence, a.k.a. Google and their Engineers. Surely we must believe they invented everything and found everything. Or maybe those random eastern European researchers used gmail to communicate, and Google found it there.. :)

    7. Re:Three independent teams found bug at same time by Anonymous Coward · · Score: 0

      Which begs the question -

      No, it does not.

    8. Re:Three independent teams found bug at same time by Anonymous Coward · · Score: 0

      So he can think he's smarter than everyone else.

    9. Re:Three independent teams found bug at same time by thomst · · Score: 2

      https://slashdot.org/~110010001000 protested:

      It isn't possible all these people independently "discovered" a 20 year old flaw at the same time. Think about it. Google supposedly discovered it six months ago. I don't believe it.

      Apparently you haven't heard of steam engine time. If Newton and Liebnitz could (more or less) simultaneously, independently invent "the calculus", why can't three disparate security research teams (more or less) simultaneously, independently discover the same security bug?

      Note, as another example from a third field, that both Jennifer Doudna's and Zhang Feng's teams (more or less) simultaneously, independently discovered the CRISPR gene-splicing technique, just a few years ago. This kind of thing happens more frequently than you appear to believe is possible.

      Paranoia is its own punishment ...

      --
      Check out my novel.
    10. Re:Three independent teams found bug at same time by Anonymous Coward · · Score: 0

      It doesn't beg the question, dork, that's not what begging the question means, in fact the word "beg" makes no sense here at all, you're just trying to shoehorn the unrelated phrase "begging the question" into a context where it doesn't fit at all.

    11. Re: Three independent teams found bug at same time by Anonymous Coward · · Score: 0

      It does not âoebeg the questionâ...it may âoeraise the questionâ, but that is not begging the question.

    12. Re:Three independent teams found bug at same time by erapert · · Score: 1

      It is probably the result of previous research done into cache timing attacks that was released a year or two ago. Then all these guys who are on the bleeding edge started getting curious how they could combine those earlier techniques with speculative execution and thus, since they all were spurred at the same time, came to the same conclusion at roughly the same time. Read the papers on Meltdown and Spectre: the papers used cache timing as a fundamental technique for carrying out the full attacks during the experiments.

  21. Re:First to market with a fixed CPU gets big rewar by Anonymous Coward · · Score: 0

    Who will get to market first with a fix?

    Intel CPUs are the only ones with an actual flaw requiring KPTI to mitigate, so it's a one person race.

  22. Re:First to market with a fixed CPU gets big rewar by 110010001000 · · Score: 1

    I don't think you understand: Meltdown can only be fixed by replacing your Intel processor. There are mitigation steps in software, but it is not possible to fix.

  23. Re:First to market with a fixed CPU gets big rewar by DanDD · · Score: 1

    Who will get to market with a fixed CPU, is what I should have said to be unambiguous.

    Whoever that company is may reap huge rewards, even if it's Intel.

    --
    "Every time I see an adult on a bicycle, I no longer despair for the future of the human race." - H. G. Wells
  24. Re:First to market with a fixed CPU gets big rewar by 110010001000 · · Score: 1

    AMD already has a "fixed" CPU. Only Intel is affected by Meltdown.

  25. Very little about "How" by Anonymous Coward · · Score: 1

    For an article with a title containing "How a researcher hacked his own computer and found 'worst' chip flaw", there is very little detail about "How the Researcher Hacked His Own Computer" - other than the words "Daniel Gruss didn’t sleep much the night he hacked his own computer".

    1. Re:Very little about "How" by Anonymous Coward · · Score: 0

      It got you to read it. Mission accomplished!

  26. Re:Anyone find it problematic? by Kaenneth · · Score: 1

    It means the cheap Indian/Chinese workers don't have the cultural bias towards creativity that 'western' workers do; and are less likely to find and report unexpected behavior because they don't want to make their superiors look bad.

    I worked for a month for an India based software co, and the bosses *deleted unfixed bugs from the database* in order to appear better. I got away from that company ASAP.

  27. Re:Anyone find it problematic? by Midnight+Thunder · · Score: 1

    It means the cheap Indian/Chinese workers don't have the cultural bias towards creativity that 'western' workers do; and are less likely to find and report unexpected behavior because they don't want to make their superiors look bad.

    I worked for a month for an India based software co, and the bosses *deleted unfixed bugs from the database* in order to appear better. I got away from that company ASAP.

    The other possibility is that they are equally creative, but don't have the confidence to raise the flag, since they don't have the protection of being a white American citizen? Or that "this may be the work of the CIA", so lets pretend we don't know about this?

    --
    Jumpstart the tartan drive.
  28. Welfare checks on employees by Anonymous Coward · · Score: 0

    I think they better do a routine check of the offices to make sure employees haven't hung themselves
    by their neckties.

  29. Bet the NSA is pissed this went public by gurps_npc · · Score: 2

    How much you want to bet that this was one of their dirty tricks...

    --
    excitingthingstodo.blogspot.com
    1. Re:Bet the NSA is pissed this went public by Anonymous Coward · · Score: 0

      They probably helped put it there, or MOSSAD, or the Russians, or $CHOSEN_BADDIE_OF_THE_WEEK.

      What is more interesting is the lack of coverage of Intel's insider trading. Dumping stock before the shit hits the fan, and at board level.

    2. Re:Bet the NSA is pissed this went public by mujadaddy · · Score: 1

      I'm shocked that this is the first time I've seen anyone besides me suggest this is an on-purpose back door.

      --
      Populus vult decipi, ergo decipiatur...
      "Force shits upon Reason's back." - Poor Richard's Almanac
    3. Re:Bet the NSA is pissed this went public by Anonymous Coward · · Score: 0

      how would they leverage it usefully though?

      kernel memory is wiped every reboot. if the NSA got the box and tried to read the memory from fresh boot they wouldn't find anything useful.

  30. Re:First to market with a fixed CPU gets big rewar by Anonymous Coward · · Score: 0

    "Meltdown" is the issue requiring CPU fixes. That's 100% Intel fuckwittery.

  31. Re:First to market with a fixed CPU gets big rewar by bongey · · Score: 4, Insightful

    Fucking God Dammit shitel shill, the article is using Shitels PR statement as reference, and you keep posting the same FUCKING incorrect information. So fuck off, I will say it again just stop fucking shilling , here is exactly what AMD said https://www.amd.com/en/corpora... , and what Linus Tovalds said about the god dam PR statement you linked to http://www.businessinsider.com...

  32. Re: AMD bug only affects THE SAME PROCESS, unlike by limaxray · · Score: 2, Interesting

    That's not at all true. Spectre can most certainly access memory from other processes, including on AMD.

    What they are referring to is Meltdown, which is specifically a privilege escalation exploit that allows a user process to access kernel memory from within it's own virtual memory space. Spectre, on the other hand, tricks another process to leak it's protected memory.

    Even then, the Spectre paper specifically mentions how it may be possible to use it to access privileged memory by targeting an interrupt or syscall.

    And AMD may very well turn out to be vulnerable to Meltdown too. While the researchers weren't able to get their PoC working on AMD CPUs, they did show that they *do* out of order execute instructions following an illegal memory access and discuss the problem may just be a matter of optimizing the side channel method they used.

    Honestly I think AMD is being very dishonest in their announcement, beyond just the Meltdown handwaving. They claim the Spectre bounds check bypass has been fixed with software, but I haven't heard of a good software solution to this, much less have I seen an actual patch. Then they claim the Spectre branch target injection isn't an issue, but my understanding is this is just a matter of figuring out how to better mistrain AMDs branch prediction, as was done with Intel's.

    These vulns are much more difficult to develop than your typical software vulns, and the researchers have barely even scratched the surface. There's sure to be much more to come and AMDs claims to be largely immune are horribly irresponsible. Until they disclose their actual reasoning behind their claims, I'm going to assume they're full of shit and just as vulnerable as everyone else.

  33. Re: First to market with a fixed CPU gets big rewa by Anonymous Coward · · Score: 0

    Nuh unh! AMD is also vulnerable to CPU cracking if you hit it with a hammer! Or a nuke! No one has proven intel is...

    There is bad stuff on both sides. Both sides!

  34. Can't be by Anonymous Coward · · Score: 0

    If this were true, it would mean people could also arrive to the same thoughts or ideas independently, throwing the entire patent system out the window

  35. Peek behind the curtain by Anonymous Coward · · Score: 1

    Does this mean that users can use Meltdown and Spectre to peek behind the Windows 10 curtain, and see what telemetry it collects?

  36. Perfect Solution by Anonymous Coward · · Score: 0

    ALPHA + VMS

                        OR

    MAINFRAME + COBOL

    xoxox
    Kilroy & The Punch_Card_Vacuum_Tube_Posse

  37. Re:AMD bug only affects THE SAME PROCESS, unlike I by _merlin · · Score: 1

    Given that JavaScript runs in the browser process, that's still dangerous. Even with process-per-tab isolation, JavaScript that exploits Spectre could potentially steal:

    • TLS session key
    • Cookies for a different domain that an asset is loaded from
    • Page content (leaking it to 3rd-party script)
    • Form autofill data (including passwords)
    • User input
  38. Re:First to market with a fixed CPU gets big rewar by TheRaven64 · · Score: 1

    I think it would be premature at this point to start buying new processors. I believe that there are a number of related vulnerabilities that will emerge over the next year and I wouldn't want to guess which processors are vulnerable (well, anything in-order, with no branch predictor is probably fine).

    This has been concerning me for a little while. CPUs have come with a lot of performance improvements over the last 20-30 years that have introduced nondeterminism into execution timings and have regarded side channels as a software problem. It now appears that, as with memory protection, software solutions are largely inadequate and it's going to be a big challenge to retain the CPU performance that we're accustomed to.

    AMD people shouldn't be too gleeful. They're happy because their processors don't speculate across protection level crossings. If you don't think about timing attacks, then that's not such a good thing: it means that every system call is a pipeline stall, whereas the Intel chip will keep executing into the system call without a stall. All of the fixes for the next few years are likely to be like that: lose something that gives a performance increase to get back some security.

    --
    I am TheRaven on Soylent News
  39. "kernel" by karzan · · Score: 1

    What is this "kernel" memory you speak of?

  40. Pentium 60?? Lessons? by Anonymous Coward · · Score: 0

    What were the lessons, IF ANY, that Intel learned from the Pentium 60?

    They sent me a replacement for that processor. Fortunately it came in a ZIF socket and was a quick replacement.

    Alas, my Pentium 60 and Pentium 133 Mhz machines are now part of the ewaste stream but I still occasionally use an Athlon 500Mhz machine!

  41. Re:AMD bug only affects THE SAME PROCESS, unlike I by Anonymous Coward · · Score: 0

    This may help to partially mitigate (Google does this with Chrome, too):

    about:config

    privacy.firstparty.isolate TRUE

  42. This is a FEATURE, not a BUG by Anonymous Coward · · Score: 0

    Come on, people. This is Intel we are talking about here. This is not a BUG, but rather a FEATURE placed by the NSA, like IME and so many others.

  43. Just discovered?? Yet, over 10 years ago.... by Anonymous Coward · · Score: 0

    "These processors are buggy as hell, and some of these bugs don't just
    cause development/debugging problems, but will *ASSUREDLY* be
    exploitable from userland code."

          https://marc.info/?l=openbsd-misc&m=118296441702631&w=2

    I'm surprised he didn't "discover" these Intel security issues as well:

            http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf

  44. Re: AMD bug only affects THE SAME PROCESS, unlike by aod7br7932 · · Score: 4, Informative

    AMD is NOT vulnerable to Meltdown. AMD already responded that their permission bits are checked BEFORE issuing instructions so kernel memory isn't readable, even speculatively.