Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Discover Seven New Meltdown and Spectre Attacks (zdnet.com)

Posted by msmash on from the security-woes dept.

A team of nine academics has revealed today seven new CPU attacks. The seven impact AMD, ARM, and Intel CPUs to various degrees. From a report: Two of the seven new attacks are variations of the Meltdown attack, while the other five are variations on the original Spectre attack -- two well-known attacks that have been revealed at the start of the year and found to impact CPUs models going back to 1995. Researchers say they've discovered the seven new CPU attacks while performing "a sound and extensible systematization of transient execution attacks" -- a catch-all term the research team used to describe attacks on the various internal mechanisms that a CPU uses to process data, such as the speculative execution process, the CPU's internal caches, and other internal execution stages. The research team says they've successfully demonstrated all seven attacks with proof-of-concept code. Experiments to confirm six other Meltdown-attacks did not succeed, according to a graph published by researchers. Update: In a statement to Slashdot, an Intel spokesperson said, "the vulnerabilities documented in this paper can be fully addressed by applying existing mitigation techniques for Spectre and Meltdown, including those previously documented here, and elsewhere by other chipmakers. Protecting customers continues to be a critical priority for us and we are thankful to the teams at Graz University of Technology, imec-DistriNet, KU Leuven, & the College of William and Mary for their ongoing research."

3 of 98 comments (clear)

  1. Maybe... by jd · · Score: 4, Interesting

    ...This wasn't the best way to improve performance. There are other approaches, or modifications to existing ones.

    Does anyone know if Itanium 3 was affected? If not, Intel might want to revisit it, as there's bound to be commercial interest in fast, secure processors. (Because it was a ground-up redesign, it would have been free of defects from mainstream processors.)

    I'm guessing the UltraSPARC/T3 is safe, for similar reasons. Totally different internal architecture.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    1. Re:Maybe... by thegarbz · · Score: 3, Interesting

      ...This wasn't the best way to improve performance.

      Maybe given the incredibly low threat posed by side channel attacks given that they literally require letting someone not only run code on your computer but also have the opportunity to characterise that computer in attempt to learn how to actually achieve something with a speculative execution attack, maybe given all that it was a GREAT way to improve performance.

      We are nearly 1 year in, and there have been no nefarious exploits utilising this despite the fact that for the most part you could consider perfectly patching these holes almost impossible. Remember that when you think of trade-offs.

  2. Re:Soon all the last decade performance wins by DontBeAMoran · · Score: 4, Interesting

    For the majority of users, we could be doing fine with computers from 1998 if the operating systems, applications and the Web had not suffered so much bloat, especially because of the overuse and bloat of using multiple javascript librairies because web monkeys are too lazy to write their own five lines functions in javascript.

    The only regular users who need so much computing power are gamers, where security is not exactly critical.

    Then there is an extreme minority of users and datacenters who need both security and computing power, but those are specialized users and should move to a different architecture.

    --
    #DeleteFacebook