New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers

Article was not clear on conditions to make this type of attack vulnerable. Can it be done remotely or is physical access needed? OS differences or one OS more vulnerable then another.
 
Spectre-NG - VM Access to compromise host

So yeah, remote works in that situation. Not sure this has been validated by Intel or AMD.
 
At this point I don't care. Whatever they do to mitigate these vulnerabilities will end up slowing down my CPU's. I'm at the point where I disable the mitigations to get back my performance.
 
At this point I don't care. Whatever they do to mitigate these vulnerabilities will end up slowing down my CPU's. I'm at the point where I disable the mitigations to get back my performance.
Exactly. Everything important on my hard drive can be found online anyways. ;)
 
Present in billions? Yeah, but affecting only a fraction.
 
An Intel spokesperson shared the following statement: “Intel reviewed the report and informed researchers that existing mitigations were not being bypassed and that this scenario is addressed in our secure coding guidance. Software following our guidance already have protections against incidental channels including the uop cache incidental channel. No new mitigations or guidance are needed."

As of now, no microcode updates or OS patches have been released, and it may just stay that way. That's because the nature of the attacks and their mitigations are convoluted and come with a major caveat. According to Tom's Hardware, the danger may be limited to direct attacks as exploiting micro-ops cache vulnerabilities is extremely difficult. In essence, the malware would have to bypass all other software and hardware security measures that modern systems have.
 
  • Like
Reactions: Nobu
like this
Wow. What a huge 180 about spectre on this board. People were screaming bloody murder over it when first discovered.
That's because at first it sounded terrible. OMG my CPU's branch prediction cache can be used to find encryption keys and run root on my shit. Three years later and as far as I know nobody has made any virus or malware to exploit this. Nobody has hacked a PS4 using this. Nobody jailbroken Apple devices using this. New CPU's are released today still vulnerable to Spectre. It makes sense that using Spectre to exploit a system wouldn't be easy either. The idea is that you're hoping that the data you're looking for will exist in the branch prediction cache that may or may not have what you're looking for. The more shit you run on your cpu then the harder it'll be to shift through all that clutter. It's particularly bad when the mitigations effect older CPU's more, for some reason. This wouldn't be a problem if new CPU's were cheap, but nothing today is cheap. So the mitigations will get turned off to reclaim my lost performance.
 
Last edited:
Back
Top