Slashdot Mirror

← Back to Stories (view on slashdot.org)

How a Researcher Hacked His Own Computer and Found One of the Worst CPU Bugs Ever Found (reuters.com)

Posted by BeauHD on from the behind-the-scenes dept.

Reuters tells the story of how Daniel Gruss, a 31-year-old information security researcher and post-doctoral fellow at Austria's Graz Technical University, hacked his own computer and exposed a flaw in most of the Intel chips made in the past two decades. Prior to his discovery, Gruss and his colleagues Moritz Lipp and Michael Schwarz had thought such an attack on the processor's "kernel" memory, which is meant to be inaccessible to users, was only theoretically possible. From the report: "When I saw my private website addresses from Firefox being dumped by the tool I wrote, I was really shocked," Gruss told Reuters in an email interview, describing how he had unlocked personal data that should be secured. Gruss, Lipp and Schwarz, working from their homes on a weekend in early December, messaged each other furiously to verify the result. "We sat for hours in disbelief until we eliminated any possibility that this result was wrong," said Gruss, whose mind kept racing even after powering down his computer, so he barely caught a wink of sleep.

Gruss and his colleagues had just confirmed the existence of what he regards as "one of the worst CPU bugs ever found." The flaw, now named Meltdown, was revealed on Wednesday and affects most processors manufactured by Intel since 1995. Separately, a second defect called Spectre has been found that also exposes core memory in most computers and mobile devices running on chips made by Intel, Advanced Micro Devices (AMD) and ARM Holdings, a unit of Japan's Softbank.

71 of 138 comments (clear)

  1. If only I know who to short ... by 140Mandak262Jamuna · · Score: 2, Insightful

    OK, the bug is big. Impact is going to be big. But who's gonna be punished by the market? Who can I short? Will users of Cloud services demand their processes to be hosted on exclusive servers not shared with others? Would it raise cloud costs? Would they punish Intel?

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:If only I know who to short ... by XanC · · Score: 5, Insightful

      Most likely Intel's numbers will go up, at least in the short term, as people buy more CPUs to make up for the performance hit.

    2. Re:If only I know who to short ... by XanC · · Score: 1

      You're right that AMD is unaffected (as unaffected as anything), but I don't think they can handle the volume. Not in the short term.

    3. Re:If only I know who to short ... by bobbied · · Score: 2

      We don't know that AMD doesn't have it's own issues which are just as bad...

      However, AMD Kind of has Intel on the ropes in the performance space with that Rizen line. Intel's answer has been to drop more cores into the unit and then having to force them to lower clock rates due to heat. Intel is still turning huge profits, but AMD has started to recapture market share....

      SO.... I point all this out to say the following. AMD now has a huge hole in Intel's armor to drive their marketing trucks though and I sure expect them to try, in so far as their marketing budgets allow. I expect AMD to exploit this unforced error by Intel.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    4. Re:If only I know who to short ... by supremebob · · Score: 1

      Actually, I'd expect many businesses to use it as an excuse to outsource more of their outdated on-prem equipment to "the cloud". Guess who makes over 95% of the CPU's used by the cloud hosting providers? Not AMD's.

      Sure, that might sound counter-intuitive considering that this vulnerability showed a huge potential security issue with shared hosting models. That said, spending more money on upgrading what's considered to be a "legacy" data center by senior management probably won't get you that "VP of Infrastructure" promotion you were hoping for this year.

    5. Re:If only I know who to short ... by bobstreo · · Score: 1

      OK, the bug is big. Impact is going to be big. But who's gonna be punished by the market? Who can I short? Will users of Cloud services demand their processes to be hosted on exclusive servers not shared with others? Would it raise cloud costs? Would they punish Intel?

      I read an article that said the Intel CEO dumped a bunch of stock last yer, so it's probably too late to short them.

    6. Re:If only I know who to short ... by Anonymous Coward · · Score: 1

      That's a massive mischaracterization of the fuckedness. Intel CPUs allow access to privileged memory from user space. There is no fix and the mitigation will cause significant slowdowns for any workloads that frequently switch between kernel space and user space. That's server loads. That's VM loads. AMD is not affected by this bug. The bug that affects AMD CPUs most likely also affects all other modern processors. It has been shown for Intel and ARM CPUs and there are rumors that IBM PowerPC also misbehaves. It's just a side effect of straight forward speculative execution and caching. There is no fix for that either unless you're willing to replace all CPUs, but the mitigation will probably consist of changes to JIT compilers and not affect performance noticeably. Intel is fucked, everyone else just got the scare of a lifetime.

    7. Re:If only I know who to short ... by AvitarX · · Score: 2

      AMD seems way better off.

      AMD was closing performance gap, now Intel just lost about 5-10% (workload dependant estimated mitigation costs of meltdown on a CPU with PCID) performance. This puts AMD at a tie in some areas (cost equivalent single thread) where it was slightly behind, and further grows its multi thread advantage.

      Both CPUS are in theory vulnerable to spectre, which will likely be mitigated in software by application and be equally damaging to all.

      At least that's how I've read it. Mitigation of meltdown is Intel specific and very expensive, mitigation of Spectre is ??? Haven't really seen anything on that, it's a much narrower vulnerability though, because meltdown allows reading if all memory, and spectre is limited to an applications memory.

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
    8. Re:If only I know who to short ... by AvitarX · · Score: 1

      But they may be able to handle and extra 10-15% of cash for the same volume. That'd be real good on the books.

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
    9. Re:If only I know who to short ... by 110010001000 · · Score: 1

      You cannot spend money to "upgrade" your system. Your Intel processors are flawed and there is no fixed version of the processor available.

    10. Re:If only I know who to short ... by Kaenneth · · Score: 1

      Trezor, and other makers of hardware Bitcoin/Crypto wallets for one should go up.

      All software wallets can be assumed compromised at this point.

    11. Re: If only I know who to short ... by 110010001000 · · Score: 1

      You read it wrong. The "fix" that Google is using is to recompile THEIR CODE. Hackers aren't going to do that.

    12. Re:If only I know who to short ... by bongey · · Score: 2

      Funny Microsoft knew about this months ago and bought a bunch of AMD processors for their Azure cloud specifically for data intensive loads. Exactly the type of tasks which is slowed down by this Intel bug.

    13. Re:If only I know who to short ... by sjames · · Score: 4, Insightful

      Actually, AMD is significantly harder to exploit than Intel. The performance crushing patch simply brings the Intel processor level with AMD.

    14. Re:If only I know who to short ... by sjames · · Score: 2

      That would be exactly opposite of the right strategy. As bad as information leaks between processes can be, it's worse when those other processes are owned by a different entity. Who would you rather be potentially able to read your banking details, a family member or some random guy whose name you don't know who could be living anywhere in the world?

    15. Re:If only I know who to short ... by thegarbz · · Score: 1

      Intel's CEO dumps a bunch of stock every year, he only ever holds on to the minimum he is required to. Also when he does so the stock price doesn't move since he doesn't have stupidly high volumes like say Jeff Bezos.

    16. Re:If only I know who to short ... by TheRaven64 · · Score: 2

      You're assuming that the attacker has no control over their placement. The only person who is going to see leaks from these vulnerabilities is someone who is actively running the exploit (you don't just get someone else's memory in your address space, you have to scan it one bit at a time). If I wanted to exploit this, I'd spin up a bunch of VMs in Amazon, Google, and Microsoft's clouds and start scanning. I would not be actively targeting your company, but if I saw anything confidential and valuable then I'd be able to tie it back to your company and either sell it to someone who wanted to take advantage of it or use it directly. I'm not planning on doing this, but the people who are will probably be in Russia, China, North Korea, or other places where it's really hard to get any legal recourse.

      In contrast, if someone within your own company is attempting to access data that they shouldn't, then you can terminate their employment and you may even be able to prosecute them.

      --
      I am TheRaven on Soylent News
    17. Re:If only I know who to short ... by jabuzz · · Score: 1

      Assuming Intel don't get hit with a lawsuit demanding compensation for faulty products. Given the worst performance hit comes from Meltdown and only Intel seem to be vulnerable, there's a case to be answered. So shorting Intel stock seems the way to go as their numbers will be going down.

    18. Re:If only I know who to short ... by JackieBrown · · Score: 1

      The punishment should be for you never to buy Intel again and to look for a cloud service that offers what you are asking (which I doubt is really out there since it would make cloud services ridiculously expensive - each user getting their own processor. You might as well leave the cloud at that point.)

    19. Re:If only I know who to short ... by sjames · · Score: 2

      No, I was considering that. If My company uses a public cloud, one of those bad actirs MIGHT end up running in another VM on the same machine my VM is running on. If instead, I run on a server I actually own and use exclusively, even if I run several VMs, I can KNOW that the bad guy is NOT also running a VM on that server. At worst, another department in the same company might have a VM on the same hardware with me.

      So if security is a concern at all, avoiding outsourcing VMs to the cloud is the right strategy.

    20. Re: If only I know who to short ... by sjames · · Score: 1

      By level, I mean in terms of security.

    21. Re:If only I know who to short ... by Shirley+Marquez · · Score: 1

      Until recently, Intel's best mainstream desktop CPU had four cores, and their best mainstream laptop CPU had two. (By "mainstream laptop" I mean the U series ultra-low-voltage parts, not the more power hungry H series that are used in gaming and workstation laptops.) They moved up the release date of the Coffee Lake aka 8000 series (six core desktop CPUs and four core U series laptop CPUs) as a response to the competitive threat from AMD.

      Intel still has the edge in performance per core. Ryzen narrowed the gap considerably compared to AMD's previous FX series. Ryzen gives you more cores per dollar to make up for the remaining gap. Ryzen killed Kaby Lake in multi-threaded applications, but Coffee Lake is competitive there and retains its edge in single-thread applications.

      AMD will release a minor update to Ryzen in 2018; that will likely include clock increases and some slight tweaks to improve IPC. Their next significant architecture change (Zen 2, aka Matisse) isn't expected until 2019; it will also include a shift to a new 7nm process.

  2. Woah by Anonymous Coward · · Score: 5, Insightful

    Does EVERYTHING have to be in a bold font?

    Please fix!

    1. Re:Woah by arth1 · · Score: 1

      Does EVERYTHING have to be in a bold font?

      It's just the front page, no?
      And it would make some people's posts slightly less obnoxious, as you won't see when they abuse the bold tag.

  3. Is it just me? or ... by 140Mandak262Jamuna · · Score: 5, Insightful

    Every is seeing too much of bold fonts? Did someone forget a closing bold tag in some style sheet?

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Is it just me? or ... by DontBeAMoran · · Score: 2

      I'm seeing all text in bold too. We can't ask too much of a nerd website if they can't even handle UTF-8 correctly.

      --
      #DeleteFacebook
    2. Re:Is it just me? or ... by CyberLeader · · Score: 1

      I'm also seeing everything in bold, since sometime today.

      --

      Software Shouldn't Suck

      E-mail: frank at jacquette dot spamless com (remove the spamless!)

    3. Re:Is it just me? or ... by jmccue · · Score: 1

      Software Shouldn't Suck

      I think your sig needs another line: Hardware Shouldn't Suck

    4. Re:Is it just me? or ... by dohzer · · Score: 1

      I hacked your PC and inserted some bold text do test this vulnerability. Are you by chance running an Intel processor?

    5. Re:Is it just me? or ... by gnunick · · Score: 1

      Every is seeing too much of bold fonts? Did someone forget a closing bold tag in some style sheet?

      Yeah, the entire article section had been enclosed within <strong> tags for some reason. I edited the source in Firefox and changed "<strong>" to the meaningless "<string>", just to make it bearable to read the page.

      But thankfully, a few page refreshes afterwards, and they'd already fixed it. Maybe someone had thought <strong> would somehow toughen their security.

      Anyway, c'mon guys... stop editing the live site! ;)

      --
      I have no special gift, I am only passionately curious. --Albert Einstein
  4. So... by DontBeAMoran · · Score: 1

    Is that yet another flaw or a duplicate name for one of the other two bugs we were already talking about in previous threads?

    In other news, is the Motorola 68K series immune to these two/three problems? (Amiga, Atari ST, classic Macs)

    --
    #DeleteFacebook
    1. Re:So... by bobbied · · Score: 1

      I seriously doubt the 68000 series has this issue.... Security was designed in from the start on these processors, even if it wasn't actually implemented until later. Between the 68000 and the 68030 there wasn't any need to change anything to run your program and only ONE instruction had to be modified (it had a different set of flags returned where one bit now was variable, instead of fixed).

      The security architecture of Intel's solution was implemented after the fact. It had to pay homage to legacy instruction sets and suffers from all the same problems of other things where security implementations where not part of the original design. OOPS, how do we make this secure now? is never a good question to ask after the thing goes into production. Intel did this, but nobody expected the X86 architecture to be 16 bits way back then, and now we are at 64 bits...

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    2. Re:So... by AvitarX · · Score: 1

      I don't think they do predictive branching.

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
    3. Re:So... by DontBeAMoran · · Score: 1

      Synergy, eh?

      Bingo!

      --
      #DeleteFacebook
    4. Re:So... by AHuxley · · Score: 1

      Find a fast, modern OS for that CPU?

      --
      Domestic spying is now "Benign Information Gathering"
  5. First to market with a fixed CPU gets big rewards? by DanDD · · Score: 1

    For every punishing move in the market, there's a reward for new, better, faster, or in this case, more secure.

    Who will get to market first with a fix? This will be fun to watch.

    --
    "Every time I see an adult on a bicycle, I no longer despair for the future of the human race." - H. G. Wells
  6. Can you trust your software? by Anonymous Coward · · Score: 1, Insightful

    If you're not running malicious programs on your computer, you're not vulnerable to these attacks. It's much tougher to sneak malicious functionality into open source software. If the source code is available, it's far more likely someone would notice the malicious behavior than if the software is closed source. It seems like the processor and other hardware hasn't been explored as an attack surface to nearly the same extent as software. I expect there will be more bugs like these, and it's a matter of time before they're found and exploited. The damage from these vulnerabilities can be mitigated by blocking untrusted code (like a lot of JavaScript that could exploit Spectre-like vulnerabilities) and using open source. I'm far more willing to trust that the open source software running on my Linux system isn't working against me than I am with closed source software.

    1. Re:Can you trust your software? by Anonymous Coward · · Score: 1

      Did you even read the text from the AC you replied to? Different AC here, but s/he said:

      (like a lot of JavaScript that could exploit Spectre-like vulnerabilities

      The point being to avoid untrustworthy code, which javascript from random 3rd party domains included by whatever web site you happen to visit, well... IS.

      Time and time again we see this. Disabling JS by default is necessary to use the web securely.

  7. I'm not so sure the impact is going to be big by cheezedawg · · Score: 1

    Google and Amazon both say its negligible.

    http://www.businessinsider.com...

    --
    "The defense of freedom requires the advance of freedom" - George W Bush
  8. Worthless submission by Anonymous Coward · · Score: 1

    The article teases you with "how he did it" and answers with "he did it." You want to know how Meltdown or Specter work? Read the papers: https://meltdownattack.com/

  9. To nit pick myself by radicimo · · Score: 1

    I guess technically the CVSS scale runs from 0 to 10, but still this one wallows in the bottom half of the Low classification.
    https://nvd.nist.gov/vuln-metr...

    --
    100 REM PISS OFF CODE FASCISTS 200 GOTO 100
  10. Soft by dohzer · · Score: 1

    Good thing they clarified who ARM are by referencing a group I have vaguely heard of once or twice.

  11. Re:It happens to be a slow news week by toonces33 · · Score: 2

    I can't help but wonder if this is only because they haven't found much in the kernel address space. If on could find hashed passwords for local accounts, it might cause people to reconsider..

  12. AMD bug only affects THE SAME PROCESS, unlike Inte by Anonymous Coward · · Score: 2, Informative

    Intel PR monkeys are trying to take AMD down with them, let's make this clear:

    For the 3 bugs, the biggest one only affect Intel CPUs, for bug 2 and 3:

    AMD bug only affects THE SAME PROCESS, unlike Intel, which allows exploits to cross processes:

    https://googleprojectzero.blog...

    As shown, AMD was only vulnerable to "the ability to read data inside mis-speculated execution within the same process, without crossing any privilege boundaries."

  13. Intel ME by jmccue · · Score: 1

    Does this brings up a another issue ? As fixes roll out what about Intel ME ? That is suppose to be on a somewhat modern 32 bit Intel processor. So I would think that ME will have these same issues.

    How would that get patched ? Can ME even access kernel memory on the main chip like meltdown can on VM ?

    Hope this does not keep you awake at night :)

    1. Re:Intel ME by 110010001000 · · Score: 4, Insightful

      I think people still don't understand: there is no "fix" for Meltdown other than to replace your Intel chip with another one that doesn't have this flaw. The software patches are just mitigation, but they won't fix this issue.

  14. Re:It happens to be a slow news week by 110010001000 · · Score: 2

    I always wonder why people lie about this. The CVSS is not a 1.5. Your link even proves you wrong. How is it overblown? This is a huge issue.

  15. Three independent teams found bug at same time by JoeyRox · · Score: 5, Interesting

    FTA: The key players were independent researcher Paul Kocher and the team at a company called Cyberus Technology, said Gruss, while Jann Horn at Google Project Zero (GOOGL.O) came to similar conclusions independently.

    Which begs the question - how long has the NSA known about this too?

    1. Re:Three independent teams found bug at same time by 110010001000 · · Score: 1

      It isn't possible all these people independently "discovered" a 20 year old flaw at the same time. Think about it. Google supposedly discovered it six months ago. I don't believe it.

    2. Re:Three independent teams found bug at same time by slimjim8094 · · Score: 1

      Why?

      --
      I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
    3. Re:Three independent teams found bug at same time by Anonymous Coward · · Score: 2, Informative

      I encountered an only slightly older blog post where somebody demonstrates that speculative execution causes cache line reads. He claims no security hole and that the negative result is interesting because of how close he got. On reading it I had enough to develop the rest.

      Anders Fogh deserves the real credit. https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/

    4. Re:Three independent teams found bug at same time by hraponssi · · Score: 1

      Hey, don't go insulting the Supreme Intelligence, a.k.a. Google and their Engineers. Surely we must believe they invented everything and found everything. Or maybe those random eastern European researchers used gmail to communicate, and Google found it there.. :)

    5. Re:Three independent teams found bug at same time by thomst · · Score: 2

      https://slashdot.org/~110010001000 protested:

      It isn't possible all these people independently "discovered" a 20 year old flaw at the same time. Think about it. Google supposedly discovered it six months ago. I don't believe it.

      Apparently you haven't heard of steam engine time. If Newton and Liebnitz could (more or less) simultaneously, independently invent "the calculus", why can't three disparate security research teams (more or less) simultaneously, independently discover the same security bug?

      Note, as another example from a third field, that both Jennifer Doudna's and Zhang Feng's teams (more or less) simultaneously, independently discovered the CRISPR gene-splicing technique, just a few years ago. This kind of thing happens more frequently than you appear to believe is possible.

      Paranoia is its own punishment ...

      --
      Check out my novel.
    6. Re:Three independent teams found bug at same time by erapert · · Score: 1

      It is probably the result of previous research done into cache timing attacks that was released a year or two ago. Then all these guys who are on the bleeding edge started getting curious how they could combine those earlier techniques with speculative execution and thus, since they all were spurred at the same time, came to the same conclusion at roughly the same time. Read the papers on Meltdown and Spectre: the papers used cache timing as a fundamental technique for carrying out the full attacks during the experiments.

  16. Re:First to market with a fixed CPU gets big rewar by 110010001000 · · Score: 1

    I don't think you understand: Meltdown can only be fixed by replacing your Intel processor. There are mitigation steps in software, but it is not possible to fix.

  17. Re:It happens to be a slow news week by r1348 · · Score: 2

    The link you provided reports the following CVSS metrics:
    Base 4.4 AV:L/AC:M/Au:S/C:C/I:N/A:N
    Temporal 3.4 E:POC/RL:OF/RC:C
    Environmental 5.1 CDP:ND/TD:H/CR:H/IR:ND/AR:ND

    Where did you read 1.5?

  18. Re:First to market with a fixed CPU gets big rewar by DanDD · · Score: 1

    Who will get to market with a fixed CPU, is what I should have said to be unambiguous.

    Whoever that company is may reap huge rewards, even if it's Intel.

    --
    "Every time I see an adult on a bicycle, I no longer despair for the future of the human race." - H. G. Wells
  19. Re:First to market with a fixed CPU gets big rewar by 110010001000 · · Score: 1

    AMD already has a "fixed" CPU. Only Intel is affected by Meltdown.

  20. Very little about "How" by Anonymous Coward · · Score: 1

    For an article with a title containing "How a researcher hacked his own computer and found 'worst' chip flaw", there is very little detail about "How the Researcher Hacked His Own Computer" - other than the words "Daniel Gruss didn’t sleep much the night he hacked his own computer".

  21. Re:Anyone find it problematic? by Kaenneth · · Score: 1

    It means the cheap Indian/Chinese workers don't have the cultural bias towards creativity that 'western' workers do; and are less likely to find and report unexpected behavior because they don't want to make their superiors look bad.

    I worked for a month for an India based software co, and the bosses *deleted unfixed bugs from the database* in order to appear better. I got away from that company ASAP.

  22. Re:Anyone find it problematic? by Midnight+Thunder · · Score: 1

    It means the cheap Indian/Chinese workers don't have the cultural bias towards creativity that 'western' workers do; and are less likely to find and report unexpected behavior because they don't want to make their superiors look bad.

    I worked for a month for an India based software co, and the bosses *deleted unfixed bugs from the database* in order to appear better. I got away from that company ASAP.

    The other possibility is that they are equally creative, but don't have the confidence to raise the flag, since they don't have the protection of being a white American citizen? Or that "this may be the work of the CIA", so lets pretend we don't know about this?

    --
    Jumpstart the tartan drive.
  23. Bet the NSA is pissed this went public by gurps_npc · · Score: 2

    How much you want to bet that this was one of their dirty tricks...

    --
    excitingthingstodo.blogspot.com
    1. Re:Bet the NSA is pissed this went public by mujadaddy · · Score: 1

      I'm shocked that this is the first time I've seen anyone besides me suggest this is an on-purpose back door.

      --
      Populus vult decipi, ergo decipiatur...
      "Force shits upon Reason's back." - Poor Richard's Almanac
  24. Re:First to market with a fixed CPU gets big rewar by bongey · · Score: 4, Insightful

    Fucking God Dammit shitel shill, the article is using Shitels PR statement as reference, and you keep posting the same FUCKING incorrect information. So fuck off, I will say it again just stop fucking shilling , here is exactly what AMD said https://www.amd.com/en/corpora... , and what Linus Tovalds said about the god dam PR statement you linked to http://www.businessinsider.com...

  25. Re: AMD bug only affects THE SAME PROCESS, unlike by limaxray · · Score: 2, Interesting

    That's not at all true. Spectre can most certainly access memory from other processes, including on AMD.

    What they are referring to is Meltdown, which is specifically a privilege escalation exploit that allows a user process to access kernel memory from within it's own virtual memory space. Spectre, on the other hand, tricks another process to leak it's protected memory.

    Even then, the Spectre paper specifically mentions how it may be possible to use it to access privileged memory by targeting an interrupt or syscall.

    And AMD may very well turn out to be vulnerable to Meltdown too. While the researchers weren't able to get their PoC working on AMD CPUs, they did show that they *do* out of order execute instructions following an illegal memory access and discuss the problem may just be a matter of optimizing the side channel method they used.

    Honestly I think AMD is being very dishonest in their announcement, beyond just the Meltdown handwaving. They claim the Spectre bounds check bypass has been fixed with software, but I haven't heard of a good software solution to this, much less have I seen an actual patch. Then they claim the Spectre branch target injection isn't an issue, but my understanding is this is just a matter of figuring out how to better mistrain AMDs branch prediction, as was done with Intel's.

    These vulns are much more difficult to develop than your typical software vulns, and the researchers have barely even scratched the surface. There's sure to be much more to come and AMDs claims to be largely immune are horribly irresponsible. Until they disclose their actual reasoning behind their claims, I'm going to assume they're full of shit and just as vulnerable as everyone else.

  26. Peek behind the curtain by Anonymous Coward · · Score: 1

    Does this mean that users can use Meltdown and Spectre to peek behind the Windows 10 curtain, and see what telemetry it collects?

  27. Re:AMD bug only affects THE SAME PROCESS, unlike I by _merlin · · Score: 1

    Given that JavaScript runs in the browser process, that's still dangerous. Even with process-per-tab isolation, JavaScript that exploits Spectre could potentially steal:

    • TLS session key
    • Cookies for a different domain that an asset is loaded from
    • Page content (leaking it to 3rd-party script)
    • Form autofill data (including passwords)
    • User input
  28. Re:It happens to be a slow news week by radicimo · · Score: 1

    They updated it. Was a 1.5 earlier.
    http://web.archive.org/web/201...

    --
    100 REM PISS OFF CODE FASCISTS 200 GOTO 100
  29. Re:First to market with a fixed CPU gets big rewar by TheRaven64 · · Score: 1

    I think it would be premature at this point to start buying new processors. I believe that there are a number of related vulnerabilities that will emerge over the next year and I wouldn't want to guess which processors are vulnerable (well, anything in-order, with no branch predictor is probably fine).

    This has been concerning me for a little while. CPUs have come with a lot of performance improvements over the last 20-30 years that have introduced nondeterminism into execution timings and have regarded side channels as a software problem. It now appears that, as with memory protection, software solutions are largely inadequate and it's going to be a big challenge to retain the CPU performance that we're accustomed to.

    AMD people shouldn't be too gleeful. They're happy because their processors don't speculate across protection level crossings. If you don't think about timing attacks, then that's not such a good thing: it means that every system call is a pipeline stall, whereas the Intel chip will keep executing into the system call without a stall. All of the fixes for the next few years are likely to be like that: lose something that gives a performance increase to get back some security.

    --
    I am TheRaven on Soylent News
  30. "kernel" by karzan · · Score: 1

    What is this "kernel" memory you speak of?

  31. Re: AMD bug only affects THE SAME PROCESS, unlike by aod7br7932 · · Score: 4, Informative

    AMD is NOT vulnerable to Meltdown. AMD already responded that their permission bits are checked BEFORE issuing instructions so kernel memory isn't readable, even speculatively.