New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers

N

noko

Supreme [H]ardness
Joined
Apr 14, 2010
Messages
7,068
Article was not clear on conditions to make this type of attack vulnerable. Can it be done remotely or is physical access needed? OS differences or one OS more vulnerable then another.
 
M

Mega6

2[H]4U
Joined
Aug 13, 2017
Messages
3,881
Spectre-NG - VM Access to compromise host

So yeah, remote works in that situation. Not sure this has been validated by Intel or AMD.
 
D

DukenukemX

Supreme [H]ardness
Joined
Jan 30, 2005
Messages
6,688
At this point I don't care. Whatever they do to mitigate these vulnerabilities will end up slowing down my CPU's. I'm at the point where I disable the mitigations to get back my performance.
 
R

Randall Stephens

[H]ard|Gawd
Joined
Mar 3, 2017
Messages
1,631
DukenukemX said:
At this point I don't care. Whatever they do to mitigate these vulnerabilities will end up slowing down my CPU's. I'm at the point where I disable the mitigations to get back my performance.
Click to expand...
Exactly. Everything important on my hard drive can be found online anyways. ;)
 
M76

M76

[H]F Junkie
Joined
Jun 12, 2012
Messages
13,305
Present in billions? Yeah, but affecting only a fraction.
 
GoodBoy

GoodBoy

2[H]4U
Joined
Nov 29, 2004
Messages
2,454
An Intel spokesperson shared the following statement: “Intel reviewed the report and informed researchers that existing mitigations were not being bypassed and that this scenario is addressed in our secure coding guidance. Software following our guidance already have protections against incidental channels including the uop cache incidental channel. No new mitigations or guidance are needed."

As of now, no microcode updates or OS patches have been released, and it may just stay that way. That's because the nature of the attacks and their mitigations are convoluted and come with a major caveat. According to Tom's Hardware, the danger may be limited to direct attacks as exploiting micro-ops cache vulnerabilities is extremely difficult. In essence, the malware would have to bypass all other software and hardware security measures that modern systems have.
Click to expand...
 
  • Like
Reactions: Nobu
like this
D

DukenukemX

Supreme [H]ardness
Joined
Jan 30, 2005
Messages
6,688
vegeta535 said:
Wow. What a huge 180 about spectre on this board. People were screaming bloody murder over it when first discovered.
Click to expand...
That's because at first it sounded terrible. OMG my CPU's branch prediction cache can be used to find encryption keys and run root on my shit. Three years later and as far as I know nobody has made any virus or malware to exploit this. Nobody has hacked a PS4 using this. Nobody jailbroken Apple devices using this. New CPU's are released today still vulnerable to Spectre. It makes sense that using Spectre to exploit a system wouldn't be easy either. The idea is that you're hoping that the data you're looking for will exist in the branch prediction cache that may or may not have what you're looking for. The more shit you run on your cpu then the harder it'll be to shift through all that clutter. It's particularly bad when the mitigations effect older CPU's more, for some reason. This wouldn't be a problem if new CPU's were cheap, but nothing today is cheap. So the mitigations will get turned off to reclaim my lost performance.
 
Last edited:
You must log in or register to reply here.
Top