Slashdot Mirror
Researchers Disclose New 'Inverse Spectre Attack' (digitaljournal.com)
A new Intel security flaw has been discovered that potentially allows passwords to be stolen. An anonymous reader quotes Digital Journal:
As EE News reports, researchers said the new flaw enables an "inverse spectre attack". According to Giorgi Maisuradze and Professor Dr. Christian Rossow a ret2spec (return-to-speculation) vulnerability with the chips allows for would-be attackers to read data without authorization. According to Professor Rossow: "The security gap is caused by CPUs predicting a so-called return address for runtime optimization."
The implications of this are: "If an attacker can manipulate this prediction, he gains control over speculatively executed program code. It can read out data via side channels that should actually be protected from access." This means, in essence, that malicious web pages could interpret the memory of the web browser in order to access and copy critical data. Such data would include stored passwords.
"At least all Intel processors of the past ten years are affected by the vulnerabilities," reports EE News, adding "Similar attack mechanisms could probably also be derived for ARM and AMD processors...."
"Manufacturers were notified of the weaknesses in May 2018 and were granted 90 days to remedy them before the results were published. That deadline has now expired."
The implications of this are: "If an attacker can manipulate this prediction, he gains control over speculatively executed program code. It can read out data via side channels that should actually be protected from access." This means, in essence, that malicious web pages could interpret the memory of the web browser in order to access and copy critical data. Such data would include stored passwords.
"At least all Intel processors of the past ten years are affected by the vulnerabilities," reports EE News, adding "Similar attack mechanisms could probably also be derived for ARM and AMD processors...."
"Manufacturers were notified of the weaknesses in May 2018 and were granted 90 days to remedy them before the results were published. That deadline has now expired."
I will worry about it. I promise.
How much is intel paying for the AMD FUD this time?
Escher was the first MC and Giger invented the HR department.
IMNSHO, the whole realm of Spectre/Meltdown vulnerabilities - while an interesting lab experiment - are complete horseshit.
Intel apologists are equally irrational to YHWH apologists.
In order for ANY of these vulnerabilities to be useful, you MUST be running malware on your system. If so, you are already hosed.
Javascript. Malware hidden in software. Virtualization. These are all real-world scenarios which affect basically everyone.
Given the enormous realms of malware extant than can much more quickly and easily grab your data (Hello, Equifax!), any true hacker would laugh at trying to use these vulnerabilities, because...
You're already vulnerable to shooting, so why worry about stabbing?
The idea that malware can tickle the cache millions of times to grab data (presuming it has not already been flushed), interpret said data and then prey that it is something useful, like passwords, when cache is normally filled with instructions more than data...
...has been demonstrated. Millions of times, so what? My computer does millions of things thousands of times per second.
Any of you who are now delaying purchases, etc. while you twist your hanky are doing the rest of us a favor by forcing prices down, so - Keep It Up!!
I'm not delaying purchases. I'm just happy I'm not using Intel, which is not only vulnerable to MELTDOWN, but is more vulnerable to SPECTRE-type attacks than my AMD CPU.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It sounds like you haven't read the details of these attack vectors.
1. The family of Spectre vulnerabilities are exploitable from javascript.
2. Yes, there is much malware, that doesn't make Spectre and meltdown attacks any less viable/devastating.
3. Statistical attacks have been used for a long time. Computers are great at performing them, because, yes, they are computers. Side channels don't need much bandwidth to steal critical information, like say, a users password or bank account details.
These attack vectors are serious. I'd encourage you to read the papers, and read up on side-channel attacks.
Considering that these vulnerabilities also (largely) apply to AMD and ARM, your cheap-shot snark is duly noted and ignored for the shit it is.
Mitigation is cheaper on AMD, because they at least tried to do the right thing. And they only tend to be a problem for 64-bit ARM. The biggest failures here are Intel and IBM.
Lots of word salad with no proof. Yawn...
There's no proof that those are real-world scenarios?
I can much more easily defend against a stabbing, because they need to be at very close range. (i.e. On your fucking system) whereas a bullet can travel over a mile and kill you.
Javascript is on your system. Malware hidden in applications is real, and on people's systems.
The rest of your statements are equally delusional and devoid of rationality, so...
...they're totally rational and you couldn't find any good arguments against them, either, so you just gave up. Noted.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
The term "gadget", in this context, means vulnerable code, preferably OS code, an especially kernel code. That's pre-existing code, part of the OS, that's vulnerable.
For Netspectre, an interesting gadget is a network card driver that is vulnerable.
Gadget does NOT mean malware.