Two New Meltdown/Spectre Variants Found

DooKey

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
13,552
It appears that the meltdown/spectre rabbit hole is deeper and more twisted than we realized. Researchers from Princeton and Nvidia have found two new variants they call MeltdownPrime and SpectrePrime. The good news about these is current software mitigation should prevent any attack using the variants. The bad news is that this finding identifies further hardware corrections that need to be made in future processors. Intel, AMD, and others have got their work cut out for them. You can read the paper here.

In short, the team have discovered new ways for malware to extract sensitive information, such as passwords and other secrets, from a vulnerable computer's memory by exploiting the Meltdown and Spectre design blunders in modern processors. The software mitigations being developed and rolled out to thwart Meltdown and Spectre attacks, which may bring with them performance hits, will likely stop these new exploits.
 
picard-riker-facepalm.jpg
 
whoever designed the Meltdown/Spectre ought to be in a very thick glass walled cell placed on Times Square with tons of cams pointed at the cell.

No privacy at all for the idiot.
 
Has Meltdown and Spectre been patched/fixed release for the common the folks out there?


Sorry I haven't really been keeping up with this.....
 
Gotta love how we've kept getting 5% or so perf improvement from a new generation Intel shift over course of several years and then comes these security holes that gets software patched and eats up that 4 year of performance progress in an instant. xD Perhaps I should be more concerned about the security aspect but I can't help the performance degredation aspect to be so fking annoying when the performance improvement (talking IPC) for my heavy non heavy threaded scenario needs where I could use a lot more still than the market offers.

So where will we be with Spectre + Meltdown + Prime fixes, back at 3770K performance?
 
Hallucinator said:
whoever designed the Meltdown/Spectre ought to be in a very thick glass walled cell placed on Times Square with tons of cams pointed at the cell.

No privacy at all for the idiot.
Click to expand...

Are you saying we should punish the security researcher that pointed out the exploitable weakness before the "bad guys" could get ahold of it, or the CPU designer that first implemented branch prediction?
 
Is the no end in sight to this steaming pile?

Well, besides upgrading to the latest Intel is throwing at us or a new AMD build(my choice when the time comes) anyway.
 
Wait till they find MeltdownMegatron and SpectreMegatron, then the real fireworks will begin.
 
buzzbomb said:
Are you saying we should punish the security researcher that pointed out the exploitable weakness before the "bad guys" could get ahold of it, or the CPU designer that first implemented branch prediction?
Click to expand...

*reads wiki*

Thank you for correcting me.
 
shatterstar said:
Has Meltdown and Spectre been patched/fixed release for the common the folks out there?


Sorry I haven't really been keeping up with this.....
Click to expand...
Yeah the meltdown has been done in the OSes (well recent ones anyway). But while I check everyday--nothing yet for the x99 platform and Spectre. Supposedly the new fix (after the botched first one) is now in beta.
 
Well spectre1 is mitigated in Linux and spectre2 mitigation is expected with Linux 4.16
 
If it's just exploiting the same vulnerability in a different way then it is not a new variant is it?

Using a tool differently doesn't make it into a new tool.
 
You must log in or register to reply here.
Back
Top