Researchers Discover Seven New Meltdown and Spectre Attacks

Discussion in '[H]ard|OCP Front Page News' started by Megalith, Nov 17, 2018.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    12,771
    Joined:
    Aug 20, 2006
    Seven new Meltdown and Spectre attacks affecting AMD, ARM, and Intel CPUs were revealed by researchers this week. These include Meltdown-BR, which exploits an x86 bound instruction on Intel and AMD processors, and Meltdown-PK, which bypasses memory protection keys on Intel CPUs. ARM and Intel have already acknowledged the researchers’ findings.

    Researchers say they've discovered the seven new CPU attacks while performing "a sound and extensible systematization of transient execution attacks" -- a catch-all term the research team used to describe attacks on the various internal mechanisms that a CPU uses to process data, such as the speculative execution process, the CPU's internal caches, and other internal execution stages. The research team says they've successfully demonstrated all seven attacks with proof-of-concept code.
     
  2. Hagrid

    Hagrid Kyle's Boo

    Messages:
    8,913
    Joined:
    Nov 23, 2006
    Holy crap. So what is the running count for each cpu? Did Intel or AMD fix any of them with their new cpu's that came out or just fixes that slow it down?
     
  3. Nolan7689

    Nolan7689 Gawd

    Messages:
    977
    Joined:
    Jun 5, 2015
    Spectre and Meltdown, the gifts of Christmas past that keep on giving for the whole year.

    AMDs event for 7nm Epyc apparently has hardware fixes.
     
  4. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,176
    Joined:
    Mar 4, 2013
    IMO - the search for attack vectors in the hardware is just getting started.
     
  5. TonyZ

    TonyZ [H]Lite

    Messages:
    113
    Joined:
    Jul 29, 2004
    Looks like I'm never going to get a fix for the Spectre/Meltdown stuff on my 4790k as its up to mobo manufacturers to release the fixes via a bios update and Gigabyte isn't doing that for any of its boards unless they are Z170 or newer...
     
    Arcygenical and ncjoe like this.
  6. Imhotep

    Imhotep Gawd

    Messages:
    698
    Joined:
    Feb 12, 2014
    All of my CPU's are covered with tin foil. Neither Spectre or Meltdown is getting trough. The so called reaserchers and "Quackademia" needs to focus on issues that are slightly more pressing than the fake and meaningless shit they come up with.
     
  7. jojo69

    jojo69 [H]ardForum Junkie

    Messages:
    10,498
    Joined:
    Sep 13, 2009

    you clearly don't do anything really important with your systems
     
  8. Imhotep

    Imhotep Gawd

    Messages:
    698
    Joined:
    Feb 12, 2014
    Important enough that its supporting me. We all have a choice in what we believe is true :D
     
  9. Hagrid

    Hagrid Kyle's Boo

    Messages:
    8,913
    Joined:
    Nov 23, 2006
    Yeah, some do not. I know I do. I game and browse. Pretty important to me stuff. :)

    I wonder if they have bios fixes? Already a reduction in performance from OS level and BIOS level fixes. I did update my BIOS, bit for the other small things it does.
     
  10. dgingeri

    dgingeri 2[H]4U

    Messages:
    2,807
    Joined:
    Dec 5, 2004
    Something that would eliminate this issue would be to have software contained in fully isolated VMs. That would also eliminate a lot of crashing problems, in that the software would not be able to have any libraries that overlap with other software, causing crashes on other software. Of course, this would also eliminate a lot of software that is put out as an addon to another program. (I've always hated that. Salesforce, for example, at least started as an addon to Outlook and MS Office, and completely failed to function reliably back in 2005-2006 and I was working with it. Shoretel's phone software did the same, and was absolutely horrible as well.) Perhaps these kind of vulnerabilities will finally convince people to develop software in a manner that is it completely isolated and contained so it doesn't step on other programs and can't get stepped on.
     
  11. Imhotep

    Imhotep Gawd

    Messages:
    698
    Joined:
    Feb 12, 2014
    I just slapped another layer of this time name brand tin foil. Im pretty sure im double protected even for the upcoming yet not discovered crap. lol …:D
     
    Travolta likes this.
  12. Mazzspeed

    Mazzspeed [H]ard|Gawd

    Messages:
    1,212
    Joined:
    Dec 27, 2017
    I've only got that wax covered baking paper... :(
     
  13. Imhotep

    Imhotep Gawd

    Messages:
    698
    Joined:
    Feb 12, 2014
    I also have a custom made sticker. Slapped to the 2nd layer of tin foil. That says. Hilary, why don't you suck a bowl of dicks. .. lol...:D
     
  14. Crystoff

    Crystoff [H]Lite

    Messages:
    70
    Joined:
    Jun 3, 2017
    You must be lost. The WCCFTech forum is over on their website. You'll love it - they speak your language.
     
    Last edited: Nov 18, 2018
  15. Imhotep

    Imhotep Gawd

    Messages:
    698
    Joined:
    Feb 12, 2014
    My languge , homie wake up !
     
  16. Morphes

    Morphes 2[H]4U

    Messages:
    3,989
    Joined:
    Jul 16, 2001
    Hey I use Salesforce at work! Its actually one of the more reliable systems now.
     
  17. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    26,184
    Joined:
    Oct 29, 2000
    Jeez. More and more it seems like the end of virtual private servers is here. With all these exploits, who would use one?

    It seems to me like the new paradigm is that everything has access to everything else if it resides on on same bare metal server.

    Good bye virtualization. We hardly knew ye.
     
  18. UrielDagda

    UrielDagda 2[H]4U

    Messages:
    3,024
    Joined:
    Nov 16, 2004
    By the time they finish all of this, CPUs will all be single thread cores as fast as a 486, with the rest of the CPU being dedicated to realtime attack detection.
     
  19. cdr_74_premium

    cdr_74_premium [H]ard|Gawd

    Messages:
    1,612
    Joined:
    Oct 20, 2010
    The trendy cloudy fellas!
     
  20. funkydmunky

    funkydmunky 2[H]4U

    Messages:
    2,059
    Joined:
    Aug 28, 2008
    Not cool. Image often and have a strict re-image policy before adding in new software and then after.
     
    Pocatello likes this.
  21. Grimlaking

    Grimlaking 2[H]4U

    Messages:
    2,374
    Joined:
    May 9, 2006
    Do you realize how wrong you are here. A key component of some of the... specter or was it meltdown vulnerabilities is exploiting the speculative execution to access hardware level memory addressing and read what is in memory. This means a system running in a VM that is compromised can read what is happening in memory on other guests on the same host.

    So your trick of different VM's is specifically bypassed by what these vulnerabilities allow. If your local VM administrator is telling you otherwise they haven't bothered to educate themselves... OR they have already patched their systems to address known vulnerabilities with their Hypervisor provider.

    That is what makes these vulnerabilities so specifically dangerous.

    If you want to go into more detail around these I can explain more and why cloud vendors specifically HATE these vulnerabilities.
     
    LightsOut41 and Tawnos like this.
  22. theBrownLlama

    theBrownLlama Gawd

    Messages:
    678
    Joined:
    Aug 3, 2017
    that's why you just subscribe to whatever enterprise offers, then sue them if it gets broken. ( i mean, if you are a customer that is)

    now if only legislators can churn out a law to protect ordinary consumers.
     
  23. M76

    M76 [H]ardness Supreme

    Messages:
    8,148
    Joined:
    Jun 12, 2012
    There are 174 ways someone can break into your house. Still you don't burn it down and move into a cave.

    The question is not how many ways are there to break in, but how likely is a break-in to occur.
     
    Red Falcon likes this.
  24. juanrga

    juanrga Pro-Intel / Anti-AMD Just FYI

    Messages:
    2,264
    Joined:
    Feb 22, 2017
    Researchers found that current fixes for Spectre can be bypassed and (as I suggested many months ago) AMD is not invulnerable to Meltdown:

     
    Red Falcon likes this.
  25. SFB

    SFB n00bie

    Messages:
    54
    Joined:
    Feb 21, 2011
    You might find this usefull: VMware CPU Microcode Update Driver
    Applies to Windows 7 and 8 but NOT Win 10. Microsoft is pushing some microcode updates / mitigation via windows 10 updates.

    And some other relevant links:
     
  26. MrGuvernment

    MrGuvernment Stay [H]ard

    Messages:
    19,810
    Joined:
    Aug 3, 2004

    Everyone, because most people do not care about this stuff or even know about it. MS, AWS are not just going to up and shut down because of this stuff
     
  27. dgingeri

    dgingeri 2[H]4U

    Messages:
    2,807
    Joined:
    Dec 5, 2004
    You do realize that VMware's ESXi is completely invulnerable to these because of how it has handled VMs from its inception, as well as VirtualBox, right? It would not be a problem for VMs if the hypervisor is developed right from the start.
     
  28. Grimlaking

    Grimlaking 2[H]4U

    Messages:
    2,374
    Joined:
    May 9, 2006
    You are incorrect. They specifically had to patch these out. How do I know... the five different ESXi Clusters I am responsible for. Whomever told you they haven't been vulnerable to these was incorrect. Even the latest hyperthreading sidechannel vulnerability required that you both patch (included in 6.5 u2, and turn on an option due to potential performance impact of the vulnerability.)

    You are completely wrong here. They have not 'been invulnerable from the start' unless you started with 6.5 u2 or higher. AND are running a current BIOS. (edited to add the AND statement. Wouldn't want to be remiss and only give you a half solution.)

    Next time you might want to double check your sources.

    Here is a link to the Vmware kb article discussing the patches JUST IN CASE you are responsible for some ESXi hosts and didn't bother to do any actual research.

    https://kb.vmware.com/s/article/52491?lang=en_US

    Thank you have a nice day.

    Also if you can't be bothered to do a modicum of research please stop posting things like this that are blatantly incorrect. You might actually cause a system administrator to think. 'Oh, ok cool I'm good some guy on a forum I trust said so.'
     
    Last edited: Nov 18, 2018
    LightsOut41 likes this.
  29. ccityinstaller

    ccityinstaller 2[H]4U

    Messages:
    3,631
    Joined:
    Feb 23, 2007
    So with new knowledge, and a completely new type of attack, that means you "knew AMD was vunerable as you suggested many months ago"...Yet, you, nor anyone else, could prove that meltdown had any affect on AMD products...You just crack me up man. You should consider a career in standup..You will be your biggest fan. :ROFLMAO::ROFLMAO::ROFLMAO::ROFLMAO::ROFLMAO:

    It is going to be interesting to see how much moar performance is lost with the OS and BIOS level hack job defenses are...Cannot wait for Zen2!
     
    LightsOut41 likes this.
  30. LightsOut41

    LightsOut41 Limp Gawd

    Messages:
    395
    Joined:
    Mar 5, 2017
    There's bound to be some type of vulnerability in Zen2 that is just waiting to be discovered down the road.
     
  31. filip

    filip [H]ard|Gawd

    Messages:
    1,044
    Joined:
    Aug 15, 2012
    I get what your saying but my state has a castle law. There may be 174 ways of getting in my house but only one way of getting out.
     
  32. Aireoth

    Aireoth [H]ard|Gawd

    Messages:
    1,814
    Joined:
    Oct 12, 2005
    Is that you Comixbooks?
     
    ZeqOBpf6 likes this.
  33. juanrga

    juanrga Pro-Intel / Anti-AMD Just FYI

    Messages:
    2,264
    Joined:
    Feb 22, 2017
    Hahahaha!

    When Meltdown was discovered. AMD claimed that Zen was invulnerable to Meltdown attacks, and researchers said something different:

    What happened is that their specific vector of attack was only successful on Intel hardware, but modifying the attack could probably affect AMD CPUs as well. Nothing in Zen muarch really prohibited Meltdown attacks to work and researchers proved that a toy model they developed worked on both ARM and AMD. So my point, in older threads devoted to this topic, was that the invulnerability of AMD to Meltdown attacks was far from unproven... and new research just confirms they are affected.
     
    Red Falcon likes this.
  34. longblock454

    longblock454 [H]ard|Gawd

    Messages:
    1,593
    Joined:
    Nov 28, 2004
    So after all these patch hits, my old 300A will be king once again?
     
  35. FLECOM

    FLECOM Modder(ator) & [H]ardest Folder Evar Staff Member

    Messages:
    16,382
    Joined:
    Jun 27, 2001
    spent all weekend playing C&C for DOS on my 300A box... most fun I've had on a PC in years
     
  36. Spun Ducky

    Spun Ducky Limp Gawd

    Messages:
    474
    Joined:
    Feb 1, 2009
    The university I am at is flourishing with students looking into hardware exploits and staff as well right now. It is kind of the wild west that no one took a close look at until recently. The research is just finally getting into the right motivated people.
     
    cdr_74_premium likes this.
  37. schmide

    schmide Limp Gawd

    Messages:
    132
    Joined:
    Jul 22, 2008
    Actually it's still the same. The Meltdown/Spectre types that were revealed back then are still Intel only. (some ARM)

    Intel has done well by spiting its tables to mitigate a lot of cross privilege exploits.

    Welcome to monday morning hyperbole.

    These are new attacks and do not cross privilege level and of these only the bound instruction works on AMD. This is for same or very near address space.

    Guess what bound isn't valid for 64bit programs.

    So 7 v 1 total. Cross Privilege exploits 4 v 0.
     
    Last edited: Nov 28, 2018
    TurboGLH likes this.
  38. ccityinstaller

    ccityinstaller 2[H]4U

    Messages:
    3,631
    Joined:
    Feb 23, 2007
    Ssssh, stop with facts. It makes him have to work overtime.
     
    TurboGLH, juanrga and Hagrid like this.
  39. Monkey34

    Monkey34 [H]ardness Supreme

    Messages:
    5,011
    Joined:
    Apr 11, 2003
    Security through obscurity right? ;) Call it vintage and it becomes popular again.

    I'm digging in my basement...
     
  40. filip

    filip [H]ard|Gawd

    Messages:
    1,044
    Joined:
    Aug 15, 2012
    I got a new meltdown and specter attack I found... brake into someone's house and steal their drives and PC. Works on every system no one is safe.