Expect the Spectre....and Meltdown Soon

From memory. Bandwidth is pretty low on these attacks, so it could take forever for them to find what they are looking for to begin with. That might improve over time though. Just too man unknowns right now to be absolutely sure.
That's what I was talking about the minute when these were made public. But it's drowned out by all the noise. The attacks must be precise and specific. Having access to ALL MEMORY is not an advantage it's a disadvantage this way. Either the attacker has to send a ton of data back home, or they have to sift trough the data on the attacked computer, both should be detectable.
 
There are so many clueless denizens out there. If this plays out how we think it will, then shit is going to hit the fan.
 
I'm safe!

image.jpeg
 
For the people who like to look for more interesting content on the web....good luck. Every single site of that nature will be teaming with opportunities push this in't your machine. If you are paranoid, plan on sticking with mainstream sites with an ad blocker until you have a HW solution and/or patch in place.
 
For the people who like to look for more interesting content on the web....good luck. Every single site of that nature will be teaming with opportunities push this in't your machine. If you are paranoid, plan on sticking with mainstream sites with an ad blocker until you have a HW solution and/or patch in place.

They already do and have been for a while. You can still get malicious ads via legit/mainstream site. So IMO, not much has changed for consumers...
 
That's what I was talking about the minute when these were made public. But it's drowned out by all the noise. The attacks must be precise and specific. Having access to ALL MEMORY is not an advantage it's a disadvantage this way. Either the attacker has to send a ton of data back home, or they have to sift trough the data on the attacked computer, both should be detectable.

There would have to be a mechanism in place to measure Speculative Execution and BP metrics and look for significant changes in trends. It would be behavioral. Not saying it's impossible. Just difficult. Very difficult.
 
and what about the 90 percent of non current models that will never see any spectre firmware fix Venders won't spend the time nor cash to fix Intels FU. Thanks for the Backdoor er (flaw) Intel.....
 
No but it does give an attacker full undetectable access to do whatever they wish...

It *could* be used for that. Both attacks allow you to look at memory that is outside of your "zone". It doesnt mean you will get root access it just means that you could use it to shift through memory and find passwords. There are a number of ways you can exploit that access one of which is getting root. Its also "difficult" to detect not impossible. For example at least one meltdown variant can be detected through TSX Counters and watching for aborts.

The real issue is there are multiple ways to attack these things and we only know of a handful. Meltdown is most likely to be fixed in the kernel imo but spectre will be with us for quite some time until Intel figures out how to alter their branch prediction to be less vulnerable. Even then I anticipate we will see new variants against the new branch prediction algorithms in hardware.

From memory. Bandwidth is pretty low on these attacks, so it could take forever for them to find what they are looking for to begin with. That might improve over time though. Just too man unknowns right now to be absolutely sure.

You dont need a lot of bandwidth to own a box, just patience ;)
 
This is not like a virus, damn this is worse and I keep of thinking how can I protect myself.

As an initial step I will strongly reconsider my backup strategy and maybe use an isolated PC for business transactions - web banking - e-shopping ONLY. Then I need the following:


A) My workstation PC (with multi-backups)
B) A gaming non-patched PC
B) A Porn PC on a separate network. :LOL:
 
ad blockers just became needed.

Won't save you from JavaScript on every web page.

But they have always been a good line of defense, and will continue to be good practice.

I just expect hackers to take the easy way in and hack content servers directly, instead of hacking ad networks.
 
epic privacy browser, ctrl shift J, watch the network tab. Honestly, just prepare for the worst (cold backups , diconnected pc for solo gaming, etc...). I would rather be ready to lose whatever I have on it then worry about it every single time I check a site.
 
I don't have a full understanding of this other then... not good

kinda concerned for my i7-4790s(ES/QS/Xeon E3-1225-v3) and asrock h81m-itx setup.....

http://www.asrock.com/mb/Intel/H81M-ITX/#BIOS

asrock has no bios update, sure ive received all the windows updates (whatever may have been put out) but .... I see nothing beyond that.... any thoughts?


edit:

for the record I just looked up and downloaded the InSpectre program listed on hardocp news page some time ago,

System is Meltdown protected: YES
System is Sprectre protected: NO
Performance: GOOD
 
Last edited:
What SSD drive do you have? Could it be your connections? Can it be seen in Device Manager?

Using a Patriot Blast 240gb SSD under W10. Was in the process of filing my tax return when the computer randomly locked up all I had was the spinning circle, could still move the mouse. Restarted. Computer would not load Windows, gave me a black screen with a flashing dash at the top left corner.

Restarted. Went into BIOS and it did register the drive in the boot order. Made sure my boot order was correct. Restarted. Same thing. Took forever to load past the BIOS splash screen, then black screen.

I have a second drive that is the exact same drive used to play my games on. Loaded Windows onto it and everything is fine once again.

May try to only boot the computer with Just the defective SSD or OS & see if I can get it to come alive again. If it still registers in the BIOS I may see if I can hard set it to EUFI instead of EUFI+Legacy by default.
 
Last edited:
Makes finding our way through "DOWNLOAD NOW" buttons much more dangerous. Choose the correct button and win glorius prizes. Select any other wrong ones and you'll need to buy a new computer.

Is it possible to design those buttons in such a way that all of the options are "the wrong button"? Just curious.
 
So are the new amd CPU not effected ? I might build a new amd rig and toss this 5 year old 4770k rig that ran great still...
 
So are the new amd CPU not effected ? I might build a new amd rig and toss this 5 year old 4770k rig that ran great still...

AMD cpu's are affect by one or the other (can't remember which) Intel cpu's are affected by both. Let me know if I'm wrong though.
 
Oh for the days when you only had to worry about Flash ;). I thinking about finding a copy of Lynx.
 
Well, I killed Javascript on Mozilla, to see what sorts of effects can be had, and I can guarantee you that almost none of the newer and handy features work.

No easy quoting forum posts
embeded Youtube videos do not load at all
no quick page previews
Many Ads also do not display at all, even with adblock disabled on the specific page

So now I feel like I am back to 2005, so far as browsing the internet is concerned.
Most of the damn web is run on javascript, it is almost a necessity.
 
AMD cpu's are affect by one or the other (can't remember which) Intel cpu's are affected by both. Let me know if I'm wrong though.

AMD CPUs for the last 2 decades are susceptible to Spectre. They are not susceptible to Meltdown. Meltdown is the easy one to patch Spectre is the difficult one to patch. Spectre is also more difficult to use as an exploit.

AMD had a press release a few days ago that Zen2 (next year) will have a hardware fix for Spectre.

Intel CPUs over the last 2 decades are affected by both Meltdown and Spectre. Intel claims a hardware fix for both will be in the next gen CPUs (due out later this year).
 
Makes finding our way through "DOWNLOAD NOW" buttons much more dangerous. Choose the correct button and win glorius prizes. Select any other wrong ones and you'll need to buy a new computer.
I'm not sure what that is.

I usually just use apt-get to install from trusted sources </sarcasm> :)

In all seriousness, I have a windows 7 box for gaming and I pretty much have given up on downloading anything from "download sites".
I grab:
AV from official AV site
Firefox from offical site
Chrome from official site
libreoffice from Official site
Putty from official site.

I think that is about all I'm willing to risk.
 
Last edited:
This just keeps getting better and better. Might as well just block all Javascript now. Oh wait, we can't without breaking most sites on the Internet. Wonderful.
I kind of like Umatrix extension for Chrome. Not perfect but it does stop most third party site stuff. Now if the original site is compromised you are still boned.

Edit: In reality, why not have all javscript be signed just like normal software is? Signed stuff gets run in your browser. Unsigned stuff doesn't.
 
Last edited:
My current system is the first Intel system I've ever built and it will be my last one as well. Back to AMD I go. If components weren't so outrageous right now I would have already built a new system. My income tax refund will be here soon enough.....
 
My current system is the first Intel system I've ever built and it will be my last one as well. Back to AMD I go. If components weren't so outrageous right now I would have already built a new system. My income tax refund will be here soon enough.....

Better wait till 2019 when Zen2 is released otherwise you will be purchasing an AMD CPU that is susceptible to Spectre.
 
My current system is the first Intel system I've ever built and it will be my last one as well. Back to AMD I go. If components weren't so outrageous right now I would have already built a new system. My income tax refund will be here soon enough.....

So you like slow computers with buggy firmware and chipsets that lag in features...?

[Yeah, I've run AMD plenty before, and I've run Intel even when they weren't faster because the AMD ecosystem sucked at times too]
 
Using a Patriot Blast 240gb SSD under W10. Was in the process of filing my tax return when the computer randomly locked up all I had was the spinning circle, could still move the mouse. Restarted. Computer would not load Windows, gave me a black screen with a flashing dash at the top left corner.

Restarted. Went into BIOS and it did register the drive in the boot order. Made sure my boot order was correct. Restarted. Same thing. Took forever to load past the BIOS splash screen, then black screen.

I have a second drive that is the exact same drive used to play my games on. Loaded Windows onto it and everything is fine once again.

May try to only boot the computer with Just the defective SSD or OS & see if I can get it to come alive again. If it still registers in the BIOS I may see if I can hard set it to EUFI instead of EUFI+Legacy by default.

Okay thanks, can it boot in safe mode, could you reach a restore point? How about if you connect it to a different SATA connection? Could there be some corrosion on your SSD's end connection or the SSD's PCB board? I hope you can sort out your SSD issue soon. I have SSDs exclusively as boot drives, and I haven't had any problems aside from one weird unbootable lock up, just would not boot and would be stuck at the flashing dash on a dark screen. Same as what you have. Went into safe mode, then did a restore point, and never had that problem again. Boot drive is Crucial MX200 in Widnows 7.
 
Back
Top