Slashdot Mirror
All Intel Chips Open To New 'Spoiler' Non-Spectre Attack (zdnet.com)
Spoiler is the newest speculative attack affecting Intel's micro-architecture. From a report: Like the Spectre and Meltdown attacks revealed in January 2018, Spoiler also abuses speculative execution in Intel chips to leak secrets. However, it targets a different area of the processor called the Memory Order Buffer, which is used to manage memory operations and is tightly coupled with the cache. Researchers from Worcester Polytechnic Institute, Massachusetts, and the University of Lubeck in north Germany detail the attack in a new paper, 'Spoiler: Speculative load hazards boost Rowhammer and cache attacks'. The paper [PDF] was released this month and spotted by The Register. The researchers explain that Spoiler is not a Spectre attack, so it is not affected by Intel's mitigations for it, which otherwise can prevent other Spectre-like attacks such as SplitSpectre.
Here we go again! I'm going to go make more popcorn.
As opposed to spammy, pop-up filled ZDNet article.
https://www.theregister.co.uk/...
The first principle is that you must not fool yourself - and you are the easiest person to fool. -Richard Feynman
Intel's committment to backward compatiblity
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
The researchers say that Spoiler improves Rowhammer attacks and cache attacks that reverse-engineer virtual-to-physical address mapping. Using Spoiler, they show the leakage can be used to speed up reverse-engineering by a factor of 256. It also can speed up JavaScript attacks in the browser.
It's not clear that this vuln allows you to attack anything by itself, but being able to speed up Rowhammer shows why you need to take vulnerabilities seriously, even if you can't figure out how to exploit them.
"First they came for the slanderers and i said nothing."
I simply have no words, basically once a month we discover our CPUs have one more unpatchable critical security flaw, all because Intel wanted to win the megahertz war of the late '90s. It is pointless to update anything, pointless to stay up to date with your OS, kernel, browser, apps, pointless to have an NSA-style firewall, every remedy is just p_o_i_n_t_l_e_s_s, every Intel CPU has a hole bigger that Rebel Wilson's asshole. And let's not forget all the problems with the Management Engine. And now think about hospitals, government agencies, the military, they all share the same massive security holes, all because of Intel troglodytes.
I'm tired, frustrated, I'm definitely never ever buying anything with Intel inside anymore in my life, I hate Intel and its engineers from the depth of my heart.
I see the Republicans have arrived.
Perhaps I've misunderstood what Rowhammer was. I thought it was a a corruption attack caused by repeated adjacent bank accesses flipping bits in another bank. Thus I thought it's intent was to corrupt the adjacent bank not read back the adjacent bank. I don't even see how the bit flipping could work in the reverse direction to leak out information.
Yet this article seems to say it amplifies a rowhammer attacks efficiency and also can be used to spy on other processes.
Not seeing how. So maybe I have this wrong?
Some drink at the fountain of knowledge. Others just gargle.
That speculative execution as a concept is flawed and insecure. Or at least the way it is understood today. Perhaps new implementations need to be developed or potentially we should just abandon the concept altogether and accept our CPUs will be a bit slower.
Ohhh. Retardissmo zAParKie.
On Mac or Linux you don't need native code for your text file merger. It can all be done in a bash script. Faster, safer, more trustworthy, with open code. And it can install it on a router and protect all your devices at once. But this is a black list, and that's a problem with blacklist - they only protect you from what is known. You need the reverse - everything is untrusted, good things are whitelisted. Your logic is broken
Did you hear someone in the next stall tapping their foot?
Obsidian and Flint never had these problems. Maybe we SHOULD go back to being Cavemen.
MOB attack
Buy an AMD chip and motherboard.
Anons need not reply. Questions end with a question mark.
Modern computing becomes so disappointing. New and new security issues are discovered in CPUs and the software becomes more and more inefficient after each mitigation without the full benefit of the speed of the modern hardware. I wonder if we'll the point where it will be more practical just not to optimize hardware in some ways anymore since more problems are created than solved.
Seriously, soon nothing left that is secure, and performance all gone all over the place :-/!
Instead of issuing a CVE they should be issuing a "spoiler alert".
You will see roughly 1/5th the performance, if you eliminate all speculation and OOO Execution.
(Which means 1/5th the battery life in a mobile device.)
The notion that giving up speculative execution is a reasonable option is deeply flawed.
We need to fix it so that information cannot leak via timing attacks.
Practically speaking we may only be able to reduce the bit rate of the leaks to something very slow, and in combination increasing the size of the secrets we are trying to protect. This will have the effect that meaningful secrets will take years to leak.
Ian Ameline
"The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior."
""The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments.""
There is nothing similar in AMD land, and no, there are no functional POC's right now for AMD. ARM yes. Malware waves use POC's that exist, not ones that don't.
all because Intel wanted to win the megahertz war of the late '90s.
That's exactly the opposite of true. Speculative execution is entirely about "get the most done with each clock cycle", the opposite of ramping up clock cycles meaninglessly since little gets done on each.
Socialism: a lie told by totalitarians and believed by fools.
Its like a game to find out what deals the NSA has made with chip makers.
And it is also possible that AMD just fucked up a lot less than Intel. Remember that technologically, AMD has been ahead for quite a while (e.g. integrated memory controller, far better multi-core support, etc.), just speed-wise they lagged behind. We do now know where Intel got a significant part of that speed. So while AMD will have some vulnerabilities, it is quite possible that they have a lot less and that what they have is often a lot harder to exploit. This is the verdict on Spectre and Meltdown and there are good reasons to believe this is not an accident, but a systematic difference.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I'm pretty sure my 8080 is safe!
Interesting how this much-maligned, and all but dead, processor architecture remains immune to these attacks.
System security is overrated. Optar anything important and don't keep confidential data on computers. Problem solved! (Games and gossip is what they do best anyway)
In a word, wrong. AMD is not cross-process vulnerable without another vuln at RING-0, you can only attack in-process. That makes it much less useful - you need to have an existing hacked process to get THAT PROCESS data.
With intel you can get ANY process data from ANY OTHER PROCESS, even in VM's. It's not comparable. This article is a NEW, additional attack that makes it even more trivially exploited.
FTFY
We can have fast CPUs with speculation execution and all of that, and all of the same security for private keys you'd get with a simple, slow CPU.
An Intel Core i9 is good for transcoding video and cost $500.
An Intel 8051 is secure for handling encryption keys and cost $1.
If you can afford the $500 Core i9, you can afford to add the equivalent of an 8051 for the most security sensitive stuff like generating and handling encryption keys.
That's what chips like the DS5250 are for. They don't have speculative execution or any of that fancy stuff. A Core i9 has billions of transistors. Lots and lots of places for things to leak. Some of the smaller, much simpler CPUs have a few thousand transistors. That's a lot less attack surface. No reason not to have both. The DS5250 is designed for security and it costs about a buck.
bonus points if you remember these
See subject: Via APK Hosts File Engine 2.0++ 64-bit for Linux/BSD h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p
Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats = hostnames vs. IPaddy most firewalls use) more efficiently/FASTER + NATIVELY 4 less!
Vs. "Bolt on 'MoAr' illogic-logic" slowing u hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploit!
* For blocking malscript &/or sites delivering it, hosts work https://meltdownattack.com/mel...
APK
P.S.=> Protects vs. scripts/trackers (kernelmode fast vs. usermode slow NoScript vs. 3rd party script)/ads/DNS request tracking + redirect poisoned or downed DNS/botnets/malware download/malcript/mail malpayload
Oh projecting YOU're retarded, anon stalker of me: Did you surf here in Lynx (tty term *NIX browser) too? GUI's the future & Windows proved it.
* If Linux wants more "common-man" users, GUI's the way to get them.
APK
P.S.=> For the best hosts file multiplatform:
APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between chars & download)
APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down... (DL link @ bottom)
Soon for MacOS too (I just got a NEW Mac-Mini to port it there)... apk
MacOS model's not done: Stop IMPERSONATING me lying & proof portfilter err's can't happen in my work https://news.slashdot.org/comm...
HILARIOUS u ADMIT u have a /. acct & STALK me by UNIDENTIFIABLE ac https://hardware.slashdot.org/... - YOU have ISSUES, lunatic!
See subject & that's the "best ya got"? It proves You WISH you were ME (as your POOR imitation = the sincerest form of flattery).
Instead of WASTING your life STALKING me by UNIDENTIFIABLE anonymous posts OR IMPERSONATING me (since you WISH you were me)? Make a Wheel https://isc.sans.edu/forums/di... as I have that gives users more speed/security/reliability & anonymity NATIVELY doing more for less vs. ANY single 'solution' out there!
* LASTLY - the ONLY time you start IMPERSONATING me vs. STALKING me by UNIDENTIFIABLE anon posts is WHEN YOU ARE OUT OF "downmodpoints" I can easily NULLIFY by REPOSTING my posts RUNNING YOU DRY of them after you ABUSE them - I must've already, lol!
APK
P.S.=> I know WHY you do it though (out of "butthurt angst", lol): I've BLOWN YOU AWAY so many times under your MANY alter-ego SOCKPUPPET /. accounts FAKENAMES you're out for "revenge" only to have EGG ON YOUR FACE yet again https://tech.slashdot.org/comm... ... apk
You're a moron Ray.
Can someone tell me why after the Meltdown/Spectre attacks, Intel still exists?
It's been found out that Intel knew about these massive vulnerabilities and yet still released new processors. On top of that it was during peak shopping season, during Black Friday/Cyber Monday & X-Mas holidays. Does that not constitute of enough fraud that they should be shutdown completely?
You should post the data since the link says nothing : Basically you've proven my point by linking to the specifics.
Overview
At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. Recent public disclosures have brought to the forefront the constant need to protect and secure data.
This site is a centralized location for the latest security-related updates as they relate to AMD.
Updates
Foreshadow
8/14/18 – Updated
As in the case with Meltdown, we believe our processors are not susceptible to these new speculative execution attack variants: L1 Terminal Fault – SGX (also known as Foreshadow) CVE 2018-3615, L1 Terminal Fault – OS/SMM (also known as Foreshadow-NG) CVE 2018-3620, and L1 Terminal Fault – VMM (also known as Foreshadow-NG) CVE 2018-3646, due to our hardware paging architecture protections. We are advising customers running AMD EPYC processors in their data centers, including in virtualized environments, to not implement Foreshadow-related software mitigations for their AMD platforms.
Spectre Mitigation Update
7/13/18
This week, a sub-variant of the original, Google Project (GPZ) variant 1 / Spectre security vulnerability was disclosed by MIT. Consistent with variant 1, we believe this threat can be mitigated through the operating system (OS). AMD is working with the software ecosystem to mitigate variant 1.1 through operating system updates where necessary. We have not identified any AMD x86 products susceptible to the Variant 1.2 vulnerability in our analysis to-date. Please check with your OS provider for the latest information.
AMD has also updated related portions of the Software Techniques for Managing Speculation on AMD Processors whitepaper.
“Speculative Store Bypass” Vulnerability Mitigations for AMD Platforms
5/21/18
Today, Microsoft and Google Project Zero researchers have identified a new category of speculative execution side channel vulnerability (Speculative Store Bypass or SSB) that is closely related to the previously disclosed GPZ/Spectre variant 1 vulnerabilities. Microsoft has released an advisory on the vulnerability and mitigation plans.
AMD recommended mitigations for SSB are being provided by operating system updates back to the Family 15 processors (“Bulldozer” products). For technical details, please see the AMD whitepaper. Microsoft is completing final testing and validation of AMD-specific updates for Windows client and server operating systems, which are expected to be released through their standard update process. Similarly, Linux distributors are developing operating system updates for SSB. AMD recommends checking with your OS provider for specific guidance on schedules.
Based on the difficulty to exploit the vulnerability, AMD and our ecosystem partners currently recommend using the default setting that maintains support for memory disambiguation.
We have not identified any AMD x86 products susceptible to the Variant 3a vulnerability in our analysis to-date.
As a reminder, security best practices of keeping your operating system and BIOS up-to-date, utilizing safe computer practices and running antivirus software are always the first line of defense in maintaining device security.
Spectre Mitigation Update
4/10/18 (Updated 5/8/18 to reflect Microsoft release of Windows Server 2016)
Today, AMD is providing updates regarding our recommended mitigations for Google Project Zero (GPZ) Variant 2 (Spectre) for Microsoft Windows users. These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows. For Linux users, AMD recommended mitigations for GPZ Variant 2 were made available to our Linux partners and have been released to distribution earlier this year.
As a reminder, GPZ Variant 1 (Spectre) mitigation is provided through operating system up
Possibly, but so far, Intel HAS shown more flaws, more serious flaws, and a bigger performance hit from the mitigations.
Intel Core Arch was a Pentium 3 derivative made by one of Intel's Israeli design teams. Does anyone really think they were dumb enough to end up with all of these layered exploits in the CPU core without one of the many Israeli research groups/Mossad documenting the exploits and keeping them under wraps for future operations?
All the China and Russia threats pale in comparison to Israel, because they are the modern day Venice of technology, combined with the ruthlessness of all the major intelligence services put together (and moles in each!)
See subject: APK Hosts File Engine 1.0++ 64-bit for MacOS h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r M a c O S . z i p
Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less!
Vs. "Bolt on 'MoAr' illogic-logic" slowing you hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploitation!
* ONLY 1 of its kind in GUI 4 MacOS!
(Better vs. Windows model in speed/efficiency)
APK
P.S.=> Protects against ALL known & unknown vulnerabilities. Now supports port filters in hosts. My work is world-class & China copied it because they can't do better. I am God's gift to Slashdot... apk
It's looking more and more like major cloud vendors may be obligated by risk compliance officers to offer AMD only cloud services, since clearly Intel clearly screwed the pooch on speculative execution security enforcement in an attempt to eek out more performance. Not that AMD itself is entirely in the clear, as the recent google paper showing Spectre is effectively here to stay.