Massive CPU Security Flaws Revealed

Maybe dumb question but: how would an attacker know what memory to access to get whatever they’re looking for? Is that just arcane OS level stuff, but the identity and memory of other programs is generally available?

This forum doesn’t work without Javascript. And where there’s Javascript running, there’s the possibility of a exploit. Of course, easier said than done, but still.

As for other sources, yeah, it’s basically similar to other exploits, but harder to catch/detect. Being careful could keep you safe in that case.

Not a dumb question at all, actually. The full explanation is a bit technical, but here’s the important thing: in old OSs, it can actually be easy. In modern OSs with ASLR, it’s a lot harder, but not impossible.

If you run uBlock Origin in medium mode as I do (details linked below), you won’t run any 3rd party scripts by default, and if they don’t run they can’t attack you.

Of course that doesn’t defend against first-party scripts running on the server you’re actually visiting, and similarly won’t defend against cross-site scripting attacks which are very common. You should be running uBlock on medium mode if you care about your privacy, but I wouldn’t rely on it as a comprehensive defence against Meltdown or Spectre.

@Scotch_Lufkin: If you never see page damage with uBlock Origin, you’re running in Easy mode, not Medium. That blocks ads really well but doesn’t protect your privacy.

Acutally, ASLR isn’t a silver bullet.

This was a good overview of Meltdown/Spectre by a forensic security firm. Spectre can totally bust ASLR.

https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/

We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site.

The OEM’s cannot be happy. They’ve been feverishly pushing out BIOS updates on an unprecedented scale, and now they have to go and do them all over again.

retpolines do not require microcode updates and are a mitigation against variant 2.

That does not conflict with what I said.

Perhaps I’m not understanding you correctly, then. You stated that Spectre patches require microcode updates. Retpolines are a Spectre mitigation and do not require microcode updates.

To be more precise, some of the Spectre mitigations on some platforms do indeed rely on the changes Intel is putting in microcode. Others, retpolines being the prime example, do not.

My point is that OS and tools vendors are not without options in situations where microcode updates are either not applied or not available.

Does that match your understanding?

Yes, that is a more precise way to say it.

Well, I mean, of course they do. It would be shocking if they didn’t.

How long we talking.

Seems like they’ve found the answer to the limitation of silicon problem. Just find a new “flaw” every few years and everyone will have to buy new chips!

With Moore’s Law essentially dead, that might indeed be a “solution”…

They said “by the end of the year” meaning by December 2018.

Counting down until we see demands for exchanges of recent purchases of gen 8 CPUs.

Yeah my decision to skip Coffee Lake (more cores are pretty useless in the big scheme of things) seems smart in retrospect. Thanks Spectre!

https://www.wsj.com/articles/intel-warned-chinese-companies-of-chip-flaws-before-u-s-government-1517157430

That would be just dumb. Stone cold stupid prioritization, if true.