Jump to content

Spectre and Meltdown

D_ManXX2

By D_ManXX2,
in General Discussion

Recommended Posts

Benmc20

Benmc20

Posted
Posted

More details...

 

Meltdown concerns every Intel CPU back to 2005 at least. AMD ones aren't normally concerned. Some ARM are concerned, but not all of them. There is a workaround.

 

Spectre is far more serious. And, worse, there isn't any workaround (neither won't be any available for existing CPUs). All modern CPU are concerned, Intel, AMD, ARM, since 1995. Yeah w're all fucked. Future Zen2 may correct this, but it isn't sure right now.

Link to comment
D_ManXX2

D_ManXX2

Posted
  • Author
Posted

I think this is far worse then the milenium bug back in 2000. Btw no one knows the implications of what this can be. like buisness and banks, everything is at risk.

 

I bet the NSA new about this bug many years ago. They kept their mouth shut, because if you dont know there is no harm they figured their enemies will find this too now all of suddon this is out. I do wonder why Europe will not sue these Americans company witch places all of their factories at risk. like America did with the car company. This far worse then temparing with cars.

Link to comment
Jazzman

Jazzman

Posted
Posted
3 hours ago, D_ManXX2 said:

Btw no one knows the implications of what this can be, like buisness and banks, everything is at risk.

Acc. to former NSA technical director William Binney, SPECTRE "goes back to GCHQ [the Government Communications Headquarters, the British signal intelligence agency] hacking into Gemalto in the early 2.000s, a company in the Netherlands where they were manufacturing chips, and what they did was they scraped off the web all the equivalence of access codes and identifiers of devices."

 

That's what you put in your computer or cell phone, so that when you log on your identifier goes up. That means the system has your access code to connect to you and send data to you.

"But when they did that they pulled down billions of relationships in the chips. If you have a computer or a cell phone, and you log onto the network, your identifier goes up. Then your access code is the network, it knows that from the chip, and therefore you can then work on the network. Your password is something that could protect your files, but the GCHQ was trying to break through passwords so now they can go directly to that attempt any time you log on anywhere in the world."

 

Gemalto (which blames both GCHQ and NSA) detected the hack already in 2010 and the investigation took the company years (sic!) so that the final results of the findings got published by the company not before January 2015. And it took three more years to establish a consensual understanding of the risks of direct external access to the chip caused by SPECTRE not just for the companies involved in chip production and application.

 

Here we are, in January 2018.  Now they all are up to shit creek w/o a paddle... and we too, encrypted or not. Long live Big Brother and 1984, huh?

And pls keep in mind that possible future workarounds inevitably turn your fast intel inside into a not so fast hamster inside for some time and a half...

 

Link to comment
Guest

Guest

Posted
Posted

I read the full article from Google Project Zero.

They identified 3 vulnerabilities (two are Spectre and another is Meltdown)

 

And they technically allow to read 4Gb of memory bypassing all protections of memory.

 

But they are also extremely inefficient. The memory can be read at approx 2000 bits/second. And not in a full sequential way.

And only if the CPU (at least one core) is monopolized by the attacker.

 

So quite difficult to be used. And patches are already available for all major concerned Operating Systems (Linux, BSD, MacOs, iOS, Android, Windows (starting from WinXP))

Link to comment
Benmc20

Benmc20

Posted
Posted
2 hours ago, CPU said:

I read the full article from Google Project Zero.

They identified 3 vulnerabilities (two are Spectre and another is Meltdown)

 

And they technically allow to read 4Gb of memory bypassing all protections of memory.

 

But they are also extremely inefficient. The memory can be read at approx 2000 bits/second. And not in a full sequential way.

And only if the CPU (at least one core) is monopolized by the attacker.

 

So quite difficult to be used. And patches are already available for all major concerned Operating Systems (Linux, BSD, MacOs, iOS, Android, Windows (starting from WinXP))

Read one couple of login/password don't need much data. Same for a credit card number. Here is the real danger in fact.

 

So, more infos:

 

Meltdown: concerns only Intel CPUs back to 1995 save the fist Atom CPU (not concerned) N270 and N330. Every other Intel CPU back the Pentium Pro (all families) are concerned. Meltdown is more serious than Spectre becuse one malicioups process can bypass all protection, OS included. Host OS too (if you execute this malicious code into a VM).

 

Spectre: Nearly all CPus in the market save those too old to not include OoO (Out of Order) instructions, Intel, AMD, ARM (Apple included in this one). As far as I know, for AMD, only Zen rev1 architecture is concerned and AMD announced that ZEN rev2 may be corrected. Wait and see.

 

Update your firmwares and OSes everyone.

Link to comment
Jazzman

Jazzman

Posted
Posted
9 hours ago, CPU said:

I read the full article from Google Project Zero.

They identified 3 vulnerabilities (two are Spectre and another is Meltdown)

 

And they technically allow to read 4Gb of memory bypassing all protections of memory.

 

But they are also extremely inefficient. The memory can be read at approx 2000 bits/second. And not in a full sequential way.

And only if the CPU (at least one core) is monopolized by the attacker.

 

So quite difficult to be used. And patches are already available for all major concerned Operating Systems (Linux, BSD, MacOs, iOS, Android, Windows (starting from WinXP))

Sorry, but there is as yet no fix for Spectre, I repeat, no fix for Spectre, and should we see one in the near future it will be a workaround as I've mentioned already. What such a bottleneck solution means for the processor speed should be clear to everybody that has a driver license...

Link to comment
Nazzzgul666

Nazzzgul666

Posted
Posted

My whole security is based on avoiding sensitive data on the internet/my PC. Not a single website has my bank account and i don't even have a credit card. If it can't be paid via paysafecard, i don't spend any money. Worst that could happen is that somebody posts shit on LL with my account... 

 

That's why what is most important to me is that i've learned something useful about how CPUs work due to this form of attack, might be intresting for coders here as well. Here is a link i didn't finish yet, but it sounds very intersting: https://stackoverflow.com/questions/11227809/why-is-it-faster-to-process-a-sorted-array-than-an-unsorted-array

 

*edit: But i'm not sure if this really works anymore after the patches... chances are this gets eliminated.

 

*edit2, link for people without drivers license. ;) Epic games report about their server performance after the patch. https://www.epicgames.com/fortnite/forums/news/announcements/132642-epic-services-stability-update

Link to comment
pinky6225

pinky6225

Posted
Posted

Admittedly i'm not a hardware expert but to take advantage of this doesnt the system already need to be compromised by having some sort of software on there to read the memory and then pass it along so yeah bit shit if your system is already compromised but isn't the goal of security to prevent that in the first place? seems a bit like a reverse of the saying about having another cup fall of water poured on your head isn't really that bad if your already drowning

 

On a different note and this is probably patriotism talking but i kinda like the idea of GCHQ having the skill set to to do this (assuming that's true) nice to know our side has atleast some capability what with all the stories about russian hacking :smile:

Link to comment
LazyBoot

LazyBoot

Posted
Posted
3 hours ago, pinky6225 said:

Admittedly i'm not a hardware expert but to take advantage of this doesnt the system already need to be compromised by having some sort of software on there to read the memory and then pass it along so yeah bit shit if your system is already compromised but isn't the goal of security to prevent that in the first place? seems a bit like a reverse of the saying about having another cup fall of water poured on your head isn't really that bad if your already drowning

 

On a different note and this is probably patriotism talking but i kinda like the idea of GCHQ having the skill set to to do this (assuming that's true) nice to know our side has atleast some capability what with all the stories about russian hacking :smile:

I seem to recall reading that it has been shown to be possible to do via javascript loaded in a web-browser.

Link to comment
Guest

Guest

Posted
Posted
1 hour ago, LazyBoot said:

I seem to recall reading that it has been shown to be possible to do via javascript loaded in a web-browser.

Internet is full of fake news.

These new threats require a very specific assembler code to be exploited. And two over three that there is no multitasking on the exploited CPU core.

Link to comment
Zor2k13

Zor2k13

Posted
Posted

This sounds like a plot point from that 2011 deus ex game... don't get the update unless you want to end up bouncing off the walls with everyone else. The intel ceo sold a bunch of stock just before this was announced too. Maybe this is how they move more people in the business world away from windows 7?

Link to comment
Guest

Guest

Posted
Posted
On 1/4/2018 at 1:32 PM, MorePrinniesDood said:

Since OP didn't go into detail, there's been a hardware flaw discovered in numerous desktop, laptop, and smartphone CPUs that can potentially allow root/administrator privilege escalations. OS workarounds for it are being rolled out now.

 

Update your shit!

I have nothing worth stealing, and I have 24GB of RAM. Try searching through all that without me noticing some runtime anomaly, the only thing you're gonna find is my currently loaded PornHub video.

On 1/5/2018 at 10:10 AM, CPU said:

I read the full article from Google Project Zero.

They identified 3 vulnerabilities (two are Spectre and another is Meltdown)

 

And they technically allow to read 4Gb of memory bypassing all protections of memory.

 

But they are also extremely inefficient. The memory can be read at approx 2000 bits/second. And not in a full sequential way.

And only if the CPU (at least one core) is monopolized by the attacker.

 

So quite difficult to be used. And patches are already available for all major concerned Operating Systems (Linux, BSD, MacOs, iOS, Android, Windows (starting from WinXP))

All protections of memory, like oh, encrypting it? Good luck decrpyting 4GB of meaningless and ever-changing bytes. Most RAM is scrambled anyway. Passwords aren't stored in RAM, they're stored on hard drives. People are blowing this WAY out of proportion - you have to have a worthwhile target, and the target has to be doing something worthwhile, both activities which can be extrememly time consuming - finding a certain computer in a specific company's encrypted and firelwalled network, to which the user is currently typing a password, to which you'd have to find and unscramble in the 0.5 seconds it takes them to type it. Not to mention malware coded to do such a thing would be so big and noticable that you'd have to be an idiot to try. I don't quite remember which article it was but Intel said that ECC RAM was much less likely to be affected since the RAM stick itself is searching for corrupted data, a program looking through loaded bytes would trigger that mechanism and the ECC chip would kill it. What do most servers use? Oh right, ECC RAM. Checkmate, hackers. Suck a dick.

Link to comment
LazyBoot

LazyBoot

Posted
Posted
On 10/01/2018 at 3:05 AM, CPU said:

Internet is full of fake news.

These new threats require a very specific assembler code to be exploited. And two over three that there is no multitasking on the exploited CPU core.

Since even Mozilla states on their blog that it is possible to do via javascript (and that they have released fixes for it) I'm inclined to believe that it i possible

 

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

Link to comment
Guest

Guest

Posted
Posted
On 1/11/2018 at 3:24 PM, Benmc20 said:

You can test your browser here: http://xlab.tencent.com/special/spectre/spectre_check.html

 

Source (in french sorry) here: https://korben.info/spectre-navigateur-vulnerable.html

 

Upgrade your browser ASAP.

I've been using an outdated version of Chrome without antivirus for like 8 months now, and I don't have any viruses. i check like once every 6 months with Malwarebytes...

Link to comment
Guest

Guest

Posted
Posted
On 1/11/2018 at 3:24 PM, Benmc20 said:

You can test your browser here: http://xlab.tencent.com/special/spectre/spectre_check.html

 

Source (in french sorry) here: https://korben.info/spectre-navigateur-vulnerable.html

 

Upgrade your browser ASAP.

Looked at the script they were running using Chrome's F12 menu and saved it as it was running.

 

It's super fake. It's literally just a bunch of strings on a timer with random parameters.

 

Edit: All it does is check the version of your browser, if it's not the version that's been recently patched, it shows the "vulnerable" string. This is so fuckin stupid.

 

Edit 2: They can't steal anything, none of Chrome's passwords are stored in RAM during runtime they're stored int he application folder and in the cloud. Chrome also needs the user password to show the stored passwords and card info. Stop it with the fake news, you're pissing me off.

Link to comment
bicobus

bicobus

Posted
Posted
On 1/13/2018 at 12:40 AM, RussianPrince said:

Edit 2: They can't steal anything, none of Chrome's passwords are stored in RAM during runtime they're stored int he application folder and in the cloud. Chrome also needs the user password to show the stored passwords and card info. Stop it with the fake news, you're pissing me off.

With specter and meltdown, you can sniff user input. It is theoretically possible to implement in javascript, we don't know if it has been done.

 

As nobody gives a shit about you, because you're not a company, you probably won't get targeted. And if you're smart enough to not go on bad websites - like the major news network websites full of 3rd party JS, ads and tracking - you probably won't have any problem.

 

Your information would be easier to gather from badly designed websites and services than from yourself, see all the news about data leak recently.

Link to comment
Guest

Guest

Posted
Posted

False.

Both give the ability to read 4gb of memory (no control on bits over 32 of the address space)

And they work triggering branch prrediction failures and reading the missed read page.

 

No way to do it in javascript.

Link to comment
LazyBoot

LazyBoot

Posted
Posted
2 hours ago, CPU said:

False.

Both give the ability to read 4gb of memory (no control on bits over 32 of the address space)

And they work triggering branch prrediction failures and reading the missed read page.

 

No way to do it in javascript.

Then how come the paper on spectre even says that it's possible?

 

Quote

1.1 Our Results

Attacks using JavaScript. In addition to violating process isolation boundaries using native code, Spectre attacks can also be used to violate browser sandboxing, by mounting them via portable JavaScript code. We wrote a JavaScript program that successfully reads data from the address space of the browser process running it.

 

... 

 

4.3 Example Implementation in JavaScript

As a proof-of-concept, JavaScript code was written that, when run in the Google Chrome browser, allows JavaScript to read private memory from the process in which it runs (cf. Listing 2).

Source: https://spectreattack.com/spectre.pdf

Link to comment
Guest

Guest

Posted
Posted
13 hours ago, bicobus said:

And if you're smart enough to not go on bad websites

Most people should, but then an entire country voted for a celebrity rather than two other candidates that were actually qualified to run a nation (Bernie and Hillary).

11 hours ago, CPU said:

No way to do it in javascript.

I told you people that website was fake news.

 

8 hours ago, LazyBoot said:

Then how come the paper on spectre even says that it's possible?

 

Source: https://spectreattack.com/spectre.pdf

That's not the official statement by Intel and anything in that paper that is taken from Intel is taken ad verbatim.

Link to comment
Benmc20

Benmc20

Posted
Posted
On 15/01/2018 at 11:56 PM, RussianPrince said:

Most people should, but then an entire country voted for a celebrity rather than two other candidates that were actually qualified to run a nation (Bernie and Hillary).

I told you people that website was fake news.

 

That's not the official statement by Intel and anything in that paper that is taken from Intel is taken ad verbatim.

Don't trus Intel on this one, they usually deny anything. Trust independant security ressearchers instead.

Link to comment

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

View Community Rules

Help Support LoversLab

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. For more information, see our Privacy Policy & Terms of Use