Intel CPUs Vulnerable To New 'BranchScope' Attack

wiredmikey writes: Researchers have discovered a new side-channel attack method dubbed "BranchScope" that can be launched against devices with Intel processors. The attack has been identified and demonstrated by a team of researchers, and similar to Meltdown and Spectre, can be exploited by an attacker to obtain potentially sensitive information they normally would not be able to access directly. The attacker needs to have access to the targeted system and they must be able to execute arbitrary code.

Researchers believe the requirements for such an attack are realistic, making it a serious threat to modern computers, "on par with other side-channel attacks." The BranchScope attack has been demonstrated on devices with three types of Intel i5 and i7 CPUs based on Skylake, Haswell and Sandy Bridge microarchitectures. Further reading: As predicted, more branch prediction processor attacks are discovered (ArsTechnica).

Hype! Hype! Hype!

Every vulnerability needs a HYPED UP MARKETING NAME in the TECHSOCIAL INDUSTRY!!

EVERYTHING ABOUT TECH IS SOCIAL!!!!

Nerds who built all our technology, die in a fire. We the Social don't need nerds anymore.

Re:Hype! Hype! Hype!

[Tablizer]

It's not hype in the sense that our IT stacks have so many layers, parts, and levels that it's nearly impossible to keep them all safe. Plus, co's rush products in order to stay ahead of competition at the expense of security.

Thus, they are indeed a steaming pile of leaks what should worry people. However, I will agree that focusing on specific problems may be a form of hype because for every 1 you hear about, there's probably dozens (already publicized) that you don't.

If people keep finding enough of these vulnerabilities, the patches will make the CPU run as slow as a Commodore 64. Maybe we should go back to '64s, eh? I got used to ASCII pr0n anyhow; I have a thing asterisks.

Re:Hype! Hype! Hype!

[Marxist+Hacker+42]

The people who should be worried, are those who store their data on cloud servers.

The average user storing stuff behind a firewall in his house or business, has no need to fear these attack vectors.

Re:Hype! Hype! Hype!

And here is the thread-derailing Intel shill, right on cue.

Yawn

can be exploited by an attacker to obtain potentially sensitive information

In other words, there is a one in a billion chance that an attacker would obtain something of importance.

The attacker needs to have access to the targeted system and they must be able to execute arbitrary code

In other words, a completely worthless exploit.

Re: Yawn

What?

Re:Yawn

[Megol]

can be exploited by an attacker to obtain potentially sensitive information

In other words, there is a one in a billion chance that an attacker would obtain something of importance.

Not in the given citation. Potentially means potentially, nothing more, nothing less.

The attacker needs to have access to the targeted system and they must be able to execute arbitrary code

In other words, a completely worthless exploit.

Getting arbitrary user code running is relatively easy and any exploit that can bypass any kind of protection from a user mode program is a real problem.

So two out of two wrong. Better luck next time!

Re:Yawn

[HiThere]

This all depends on what "access" means. If it means browser drive-by, then it's quite dangerous. If it means physical access, then it's trivial.

Re:Yawn

[Mal-2]

It's not trivial if it spans VMs, and one client of a hosting service can eavesdrop on another via this side channel. That has been the fear with Spectre and Meltdown, and it is most likely the fear here as well.

Re:Yawn

I doubt it will work via a browser drive-by or they would have stated that in the article. It's much more likely that it means either pre-existing physical access or authenticated network access. Either way, if someone already has access to your systems like that, then this exploit is the least of your concerns.

It's a bit like being worried that someone can steal your TV if they have the key to your house and the access code to your alarm system.

Re:Yawn

x86 is a monumentally bad architecture. Sure the very core of modern x86 chips is nothing like x86. But all that translation hardware makes it harder to verify designs.

Re:Yawn

You must have missed it - this exploit requires bare metal access. You know, the machine all the VMs run on?

Re: Yawn

What?

He said IT IS A COMPLETELY WORTHLESS EXPLOIT.

Not sure I agree though, if this would work across a VM. For performance reasons, most virtualization technologies do not actually emulate the CPU, which is unworkably slow, but they "sandbox" off sets of instructions. Most of these techniques do allow exfiltrating data across VM barriers, which is what makes them so dangerous.

Re:Yawn

can be exploited by an attacker to obtain potentially sensitive information

In other words, there is a one in a billion chance that an attacker would obtain something of importance.

Yes, and when you have the computing power at your disposal to make billions of attempts per second it doesn't really take long at all.

Re:Yawn

Getting arbitrary user code running is relatively easy and any exploit that can bypass any kind of protection from a user mode program is a real problem.

>

The trend in the past what 10 years or so is to run more and more threads from all kinds of programs some of which are right from the internet in the form of javascript and similar. Now we are finding all that isolation that is supposed to be there is thinner than we thought since everything usually ultimately executes on the same cpu and sometimes the same core.

I wonder if there is a market to go the other way.

First create a CPU core with a low level core for the base OS.

Then secondary core(s) which are configured by the base core. Each will have
1. video functionality
2. cpu functionality (its own core)
3. memory functionality.
4. io functionality
5. disk functionality, but for the most part it would be limited to its region.

For video the base core would map a virtual window to which the secondary cores can draw. For IO the base core would map what is allowed and enforce it in hardware. Memory would be similarly mapped and dedicated, and cpu wise it would presumably have a single core.

Basically it should be possible to enforce all the separations in hardware. It wouldn't be cheap since your basically throwing hardware at the partitioning problem to make sure that bad things don't influence good things. From a power and thermal budget, idle secondary cores could be powered down. You may even be able to context swap out truly idle threads. The control core might be able to store state, clear, and idle the core, but it needs to be provable. Under no circumstances should things running in the secondary core be able to look back to the control core.

At any rate, I doubt this level of separation is practical, even for military applications, due to the shear cost in making it provably isolated. Still if there is any place it is feasible, it would be there. Being able to run a trusted secure system side by side with say windows and IE is useful.

Hell, just being able to run windows and know your web browser can't see what your doing in another application program because they both run on effectively separate machines is useful.. Of course at some point you have to build basic interop like copy paste, but that can be somewhat controlled and locked down further if needed.

Re:Yawn

Citation please. TFA doesn't even clarify what "access" means in this case.

Re: Yawn

[Type44Q]

First create a CPU core with a low level core for the base OS

Kind of like Intel management engine running Minix...

Re:Yawn

[xxxLCxxx]

Amen.

Re: Yawn

[Killall+-9+Bash]

It wouldn't be a terrible idea if it was open, and user(admin) accessible/configurable.

Re:Yawn

[Megol]

X86 isn't that bad. It's easier to decode than many other architectures, it's easier to make superscalar than many others, it support extensions of the instruction set. The last one is why we are still using x86.

X86 processors execute x86 instructions. They are x86 and only a subset of instructions aren't executed directly. There is no translation hardware unless you call the instruction decoding translation (technically correct) and then almost every processor made have/had translation hardware.
Instruction fusion? Used on RISC. Instruction splitting? Used on RISC. Detection of special cases? Used on RISC (e.g. r0 or r31 defined as zero). Those are all optimization tricks.

Re: Yawn

[Marxist+Hacker+42]

Another reason to not use VMs or cloud technologies on machines you do not directly control.

Re:Yawn

[xxxLCxxx]

X86 isn't that bad. It's easier to decode than many other architectures, ...

You gotta be kidding me! I can't think of a more fucked-up architecture. Redundant and obsolete instructions keep piling up just to be replaced by soon-to-be outdated instructions.
It's a fucking mess!

Re:Yawn

Billions of attempts per second across a network connection? AND you still need human eyes to look at every single one of those to determine if it contains valuable information? LOL, good luck with that.

If it's so easy, then hack my computer. Go ahead, I'll wait... Yeah, didn't think so.

Re:Yawn

[sheph]

-1 = no sense of humor.

Re:Yawn

[Megol]

Yes but the mess is due to its longevity! Remember we are talking about an architecture released in the 70's and now being 40 years old.

Core instructions aren't outdated with a few exceptions (when designing AMD64 some old instructions were removed and some reused), some instructions aren't used much anymore but are similar and execute in the same execution units as new extensions, some are just supported but not optimized for.

Compare with the original ARM instruction set which was released later but have had more incompatible extensions (reusing the same instruction encoding) and even a very incompatible change to extend the address space.

I don't claim it's a beautiful design or that there aren't better ones just that it isn't too bad.

--

The main problem with x86 isn't decoding but finding the start/end of internal fields.

[0-x prefixes] [op] [R/M] [SIB] [disp] [imm]

([op] can also be a [0xf] [op] in processors after the 8086/8088 for extended instructions)

[0-x prefixes] [REX prefix] [op] [R/M] [SIB] [disp] [imm]

REX is a special prefix added with AMD64.

[0-x prefixes] [VEX prefix] [2|3 extension field] [op] [R/M] [SIB] [disp] [imm]

SIB field is available for certain R/M encodings, added with the 386.

x+rest of the instruction 15 bytes (maximum instruction length)

Re:Yawn

[xxxLCxxx]

You have to admit that the x86 32-bit processors where really only 16-bit processors by design. They were about ten years behind when they got 'elected' by IBM.
With AMD64 the situation has improved. They look more like 32-bit processors nowadays.

About every year we had some extensions, which became obsolete a year-and-a-half later. The result of this policy is that most software doesn't make use of those 'nifty' extensions.

We are seeing now that Intel cheated. They did cut corners, and they did run red lights. They looked at the MMU as if it were a zit they could simply ignore while shaving. Meltdown cuts down the performance significantly. More appears to be coming.
I'm exited to find out how much will be revealed in the end. If it rains down badly, all those processors will only be usable in single-user systems. MS-DOS is calling... ;-)

Re:Yawn

[sjames]

No, access to a neighboring VM is sufficient. You can get that fairly cheap in the cloud.

Great

I'll pencil this one in as "yet another Intel patch I won't be applying in 2018"

Re:Great

[greenwow]

Same here. We had several Dell Precision 5520 laptops bricked after installing:

http://www.dell.com/support/home/us/en/04/Drivers/DriversDetails?driverId=NFKYX

We have several locations, and unfortunately our IT department didn't communicate that the update did that before I think five were bricked. We paid a lot extra for Dell's ProSupport Plus, but they have no solution yet and won't offer replacements.

Re:Great

[AmiMoJo]

Forced updates are a mixed blessing.

They generally roll them out slowly, so for example on Android app updates don't go to everyone on day one, they ramp up so that any issues can be detected before too many people are affected. Same with Windows 10.

On the one hand, this means that you might be unlucky and get bricked by a bad update and might be left vulnerable to zero day exploits for a week. On the other hand, for the vast majority of people it's both more reliable than everyone getting the update on Patch Tuesday and definitely better than them delaying or ignoring updates forever.

The number of us power users who want to control the updates ourselves is fairly small, but it is immensely frustrating for us. And even for normal users, the updates should not interrupt normal use of their computer in any way.

There doesn't seem to be a good solution. There are too many configurations out there to be sure a fix won't brick someone, and most users are not tech savvy enough to make good decisions about when to patch, and not getting timely patches is even worse.

Re:Great

[drinkypoo]

They generally roll them out slowly, so for example on Android app updates don't go to everyone on day one, they ramp up so that any issues can be detected before too many people are affected. Same with Windows 10.

If just one user who wasn't ready to update has a broken update deployed to them that causes even the slightest problem with their computer, then too many users have been affected.

It's not acceptable for a vendor to push out packages when they want to, unless they warranty your system against failure due to bad patches. That kind of crap causes downtime.

Re:Great

[AmiMoJo]

Okay, but what is your solution?

Say you were an OS vendor with millions of users, all with different hardware and software configurations. You need to push out a critical security patch, but you obviously can't test with every single user's configuration. What do you do?

If any downtime at all is unacceptable, it seems like the only option is to leave everyone vulnerable. But then imagine it's a bug like the Apple calendar issues, where after a certain date important features stop working or the device even bricks, so you have no choice but to patch or face inevitable downtime...

It really is an impossible situation.

Re:Great

[drinkypoo]

Okay, but what is your solution?

Download the patches, and inform the user that they've been downloaded and ask them to install them on their schedule. But never, ever reboot the user's machine without their permission, or put it in a state which requires reboot.

Re:Great

[AmiMoJo]

Okay, so it's just about the timing. Small risk of bricking, but on the user's schedule.

Re:Great

[drinkypoo]

Okay, so it's just about the timing. Small risk of bricking, but on the user's schedule.

No plan is perfect, and there is always a chance of failure. But it must happen on the user's schedule.

Re:Great

AmiMoJo (the person you are replying to) made the point five posts up that the vast majority of users are not well equipped to make good patching decisions, so if it's left up to them, then realistically you'll be left with billions of unpatched machines. Originally Windows 10's forced updates were awful, but they've slowly made it better over time. Users can defer all update types for up to 35 days at a time, can set preferred update hours in a defined window and Windows does give you at least 15 minutes' warning before it updates if you are using the machine, and you can defer feature upgrades for several months. I think they still have lots of improvement to be made, but it's not the dire situation it was with Win10's first two or three releases.

The main problem I see with they way they currently do it is some of the update deferral capabilities I mentioned above are only available to Pro users. I think these existing features offer a reasonable compromise with room for improvement for Home users, but aren't good enough yet for Pro users. IMO Microsoft should enable all the current update deferral features for Win10 Home and implement more controls for Pro users.

In-order architecture for the win!

Future looks bright with new in order part such as the 32MHz quark intel processor...

God Damnit Intel

I guess ARM servers are the future.

Re:God Damnit Intel

[viperidaenz]

Only if it's the low power, low performance versions with no out of order execution.
You could also go with Intel Atom

Re:God Damnit Intel

[HiThere]

IIUC, it's only the older models of the Atom that are safe. The more recent models have the same flaw.

Re:God Damnit Intel

Thought experiment: if I run a software-emulated cpu using something like qemu (without the hardware virtualization features), can the code running on that emulated cpu achieve any of these out-of-order execution exploits against the host cpu running the emulator software?

Re:God Damnit Intel

[DontBeAMoran]

Yeah after all those security problems, I'm almost expecting Apple to launch a new A10-powered laptop real soon now (TM).

Re:God Damnit Intel

[HiThere]

You've got me. It's an interesting question. OTOH, there are supposedly a lot of known ways of accessing the host computer from the VM, and perhaps those don't require out-of-order execution to implement.

Re: God Damnit Intel

At some point your code always reaches metal, so timing attacks, io and driver issues could still be concern but very much less so. Your code could itself be exploitable, buffer overflow etc. Randomizing memory layout can help, but total isolation and security is often hard tradeoffs. Using a safe language and hardened os can go a long way. These issues often require local execution rights and that is os issue.

Media Bias is finally slowing down

[naubrey]

When the poo hit the AMD fan a few weeks ago it was front page news everywhere, but now that it has been slung back at Intel, it's good to see Ars is not making this article front and center, but rather downplaying it a bit. I actually had to search the front page to find it.

Re:Media Bias is finally slowing down

[HiThere]

Well, to be fair a lot of the hype about the AMD problem was because it was presented in a way that made it look as if Intel sponsored the release of information. I'm still not sure that isn't true.

Re:Media Bias is finally slowing down

it look as if Intel sponsored the release of information. I'm still not sure that isn't true.

I mean, most major companies have marketing departments. Their entire job is to make them look good and the competition look bad.
They probably have a couple of persons tasked with monitoring not only the larger social media sites but also do a daily check of of medium sized forums.

If that particular release was part of that doesn't really matter that much.
It is still very likely that they do similar stuff as part of their damage control.

The cloud is safe they said

VMs are safe they said
You can't break out of your sandbox they said

Re:The cloud is safe they said

its more fundamental like that.

What difference lock on the door makes when you can walk through walls.

TL;DR

"The attacker needs to have access to the targeted system and they must be able to execute arbitrary code."

Non-news. Move along.

Re:TL;DR

Non-news? Really? You can execute arbitrary code in virtual machines which could allow an attacker to access other running virtual machines or the host itself. This attack surface is absolutely HUGE! All an attacker has to due is get for example an Amazon Web Service instance and then be able to attack anything else running on that host. MASSIVE portions of the Internet run on services like AWS, VPS systems, etc.

Your browser can also present a target due to running Javascript or similar.

Re:TL;DR

You left out the bit where the attacker needs access to the system in the first place. Unless your datacenter or home has an open door policy for the public, I would hardly be concerned.

You also don't seem to understand the concept of OS permissions and accounts.

Re:TL;DR

[Bert64]

Commercial cloud providers *DO* have an open door policy, anyone could provision a virtual machine on a public cloud and use it to try and snoop on other customers running on the same physical host, although it may be difficult to target who you might be trying to snoop on.

Re:TL;DR

[Megol]

Need to have access: Internet or any other network will do. No need for physical access.
Able to execute arbitrary code: many ways to do that.

Do you realize that Meltdown and the other Spectre exploits that made everyone rush to patch operating systems and user software require both access to a system and the ability to execute arbitrary code? In fact this looks like a variant of the Spectre family using another type of branch predictor manipulation.

Re:TL;DR

Commercial cloud providers *DO* have an open door policy

I have never seen a datacenter that just allowed anyone from off of the street to walk in and start fucking around with servers. Where do you keep your servers? At a dollar discount datacenter in Mexico?

Re:TL;DR

[HiThere]

You are making an assumption about what "access" means. It *might* mean physical access, but it could also include remote access. The summary, at least, wasn't clear about that.

Re:TL;DR

You can go over to Amazon Web Services right now and spin up a virtual machine. In this machine you have root access and can execute any code you want. From there you can attack any other virtual machine running on that physical machine or you can attack the physical machine itself from inside the virtual machine.

Re:TL;DR

You have no idea how these attacks work. You can execute arbitrary code on the physical machine. It may be inside a virtual machine but it's still executing on the physical hardware. That's the only requirement, executing arbitrary code on the CPU. You can do exactly that inside a VM and all the VM's are using the same CPU(s) therefore subject to attack.

You seem to mistakenly think that this requires physical access to the hardware or something.

Re:TL;DR

although it may be difficult to target who you might be trying to snoop on.

LOL, just use the Facebook approach... snoop on everybody!

Re:TL;DR

The problem is VMs and cloud computing these days. Someone may not have physical ROOT access to your VM. but if they share a physical host with your VM and have full ROOT access on their VM, they can execute any arbitrary code they want inside their VM, potentially affecting your VM. All these exploits would pretty much be non-issues back in the old days of running a single OS per box on the bare metal. VMs make it a completely different story.

If these CPU exploits keep popping up, it is going to seriously make people reconsider shared VM hosting. You'll have people going back to dedicated server hosting, or maybe setting up their own non-shared VM environment in a dedicated server hosting environment.

Yeah Joe Blow running his hobby blog on an EC2 instance really won't be able to afford to go the dedicated route, but I would say at this point any enterprise that has their stuff hosted in the cloud and isn't considering dedicated hosts is quite the fool.

Re: TL;DR

Since management forces the cloud issue they wont do anything before their shared vms get shared with the world, and then promptly blame their IT.

Re:TL;DR

Then you aren't looking very hard. There are lots of VPS (virtual private server) providers that allow anyone to create an account and a VM. All you need is a credit card.

Re:TL;DR

No man, you don't get it.

The other AC bravely persevering with the argument is 100% correct.

Re:TL;DR

[sjames]

The access doesn't have to be physical. All you need is the ability to run your own code. You can even get that for free with a trial account in many clouds.

[Corrections] Re:Hype! Hype! Hype!

[Tablizer]

Correction #1: "...pile of leaks that should worry people."

#2: "I have a thing for asterisks."

Friggen Mondays. (I was off yesterday, so it's a mental monday.)

nope don't care

not again

Nothing about AMD

[Mister+Liberty]

Although I expect Intel to correct that.

Oh come on!

I'm getting tired of patching the servers already...

Yawn

Another day, another Intel CPU vulnerability revealed. I'm beginning to wonder if we wouldn't all be better off using Motorola chips.

___
"Second place is first loser," whined the second loser, the third loser, the fourth loser... etc., mistakenly thinking they were being clever.

Brach Prediction

Brach Prediction is the new Buffer Overflow.

Accordingly...

[beheaderaswp]

There is no justice ... ... death is the only answer

AMD needs to have ryzen pro with ipmi and ThreadRi

[Joe_Dragon]

AMD needs to have ryzen pro with ipmi (like Intel xeon-e3) and ThreadRipper boards (Xeon W).

Great

[nehumanuscrede]

Cue up another " hotfix " that will be deployed half a dozen times before it's ready to screw things up again.
My condolences in advance if you're running Windows 10 and the unstoppable update machine :|

What? Yet *another* flaw in CPUs?

[DontBeAMoran]

SERENITY NOW!

Oh, snap!

Good news everybody! This can be mitigated with microcode fix if you can afford to give up another 15% performance on top of the 20% loss the previous bugs caused. Thanks, intel.

Re:Oh, snap!

Now you know why INTeL was always faster than AMD... they cut corners where they shouldn't have.

Responsible disclosure?

[ElizabethGreene]

It would be nice if they had worked with vendors to disclose this before publishing it. ... or did I miss that?

Re:Responsible disclosure?

[iggymanz]

Your definition of "responsible" is rejected. No one has to abide by it. The flaws in Intel's tech has been known for a couple decades and they only move if their butt is metaphorically kicked, and even then they spend weeks just foundering rather than really fixing.

The major vendors are unworthy of such consideration. Assume the bad guys already know the exploit, that's the proper security mindset.

And in psychopath Murica ...

... everything "social" is a bad word. --.--

If necessary, made bad, by association.

ipmi = backdoor

You misspelled "backdoor"

It is true.

We had established that in the very first article on /. like that. It should still be there in the comments.
It was somehow forgotten by most commentors when the second article appeared.
And it was clear that the mantra was to be repeated until readers had forgotten again what was originally already established.

Typic PR 101: Repeat, repeat, repeat.

What sane person uses EC2 et al anyway?

A vserver with the resources to host a blog and unlimited bandwidth (meaning limited cost, not that they won't limit at some point) can be had for $2.

Meanwhile on Amazon you never know when you suddenly might get a bill for one. million. dollars. because both resources and price scale with the demand.

Isn't there access to the very core?

If not, then there should be.

Havr the OS providee its own microcode. Or have none at all, running on the *actual* bare metal.

Re:Isn't there access to the very core?

[xxxLCxxx]

Nope, there's not.
Technically the processors don't even belong to the customers. Intel still maintains full control over them, granting their buyers/users only very little of the same.
Unfortunately they also give full control over your management engine to others, if they want to. This machine (running MINIX on a power-efficient core) can then do - literally - anything behind your back, as you have no possibility to check what it is doing (which is exactly the way they want it to be)...

Eventually, yes

[DrYak]

can the code running on that emulated cpu achieve any of these out-of-order execution exploits against the host cpu running the emulator software?

It depends on the depth of the pipeline of the CPU.

If it long enough, the physical CPU might speculatively execute past the point where Qemu simulated the check in the emulated CPU, up to the point where Qemu simulate the payload that the attacker are wanting the emulated CPU to execute.

The thing is, for performance reason, if everybody switches to emulated CPUs (Java's / .NET's dreams), that's exactly the direction we will be heading onto :
- CPU getting longer pipeline (yet again, just like old P4) to try to squeeze more performance
- emulator getting more efficient at simulating the CPU.

Worse part ?
On intel architecture, that's already the case sometimes : Google's project zero managed to exactly pull this situation off, by running eBPF bytecodes (bytecode used by the programmable packet filtering virtual machine) on a few select Intel hardware.
(On AMD, the same only work when JITing is activated, otherwise the speculative execution doesn't reach far enough).

Side channeling is doomed

Let's be more clear, these hardware faults won't just go away in current and past models and the fixes are not fixes. Intel should just give everyone a bios feature to turn off this hardware feature if your concerned about security and can deal with its reduction in speed.

Security problem in general

It's not so much this specific vulnerability that bothers me, but rather that there seem to be so many kinds of side-channel attacks that they're unlikely to find or fix them all.

Cloud Safety [Re:Hype! Hype! Hype!]

[Tablizer]

I disagree the cloud is inherently less secure than the traditional approach. If one gives their "local" equipment and setups decent tender-loving-care, yes it's more secure than the cloud, but the average user won't bother, including many businesses.

The "problem" with the cloud is similar to nuclear power generation. Technically its record is safer than the alternatives. However, its failures make big news, which skews perceptions and fears. (Gas and coal kill through cancer and other ailments, and over time the total deaths far exceeds deaths related to nuclear power plant accidents.)

Therefore, the cloud has a PR problem, not so much a technical problem when it comes to security. It's not perfect by any stretch, but will probably be statistically better than the alternatives. But being statistically better may not be enough.

Re:Cloud Safety [Re:Hype! Hype! Hype!]

[scdeimos]

If cloud isn't inherently less secure than the traditional approach then why do Goog-azon-zure run separate GovClouds for government and military customers?

Ignoring network considerations the main reason cloud is less secure than local servers is because of shared infrastructure. Unless you're paying Goog-azon-zure top dollar for dedicated servers your instance is going to be sharing physical hardware with other customers. Side-channel attacks like this allow Nefarious Scumbag A to get one instance and feret out secret data from other instances on the physical machine.

Re:Cloud Safety [Re:Hype! Hype! Hype!]

[Marxist+Hacker+42]

If you can break the VM barrier to read arbitrary memory anywhere on the iron, then yes, the security of the cloud is broken. If you don't have a dedicated server, you don't know who you are sharing with.

Re:Cloud Safety [Re:Hype! Hype! Hype!]

[Tablizer]

There's a lot of ways to breach dedicated servers also. Focusing on just Intel's cross-process goofs is too narrow a perspective.

Re:Cloud Safety [Re:Hype! Hype! Hype!]

[sjames]

The cloud can never be as safe as your own machines. When you set up a VM in the cloud, you're still running it. It's still you making it safe or not. If you can;t secure your own machine in your home or in a colo, you won't do any better running a VM in the cloud.

The difference is, in the cloud you don't know who else is running a VM on the same host. That opens up an attack surface that doesn't exist when you own your own.

Lots of Intel shills piling in.

Intel shills (and assorted useful idiots) and their myths:

1. "This isn't a real problem, it needs physical/root access so you'd be fucked anyhow"

False: For any cloud systems, it potentially allows $randomclouduser access to any other cloud user on the same physical hardware. AWS, Azure etc.

2. "OK, so only cloud services are affected, no-one else"

False: For non-cloud systems, any system that allows untrusted code to run - including any system that runs untrusted Javascript (99% of systems running a browser) - is vulnerable.

AMD processors? May have similar problems. Currently unknown for this particular issue.. Intel? Definitely vulnerable.

Re: AMD needs to have ryzen pro with ipmi and Thre

[Brockmire]

No one agreed with you the first 100 times you've said this. Give it a rest.

uhhh...

[SuperDre]

If i have access and can run arbitrary code then I can do whatever on that computer.......... so this isn't really a vulnerability..