Massive CPU Security Flaws Revealed


#322

Maybe dumb question but: how would an attacker know what memory to access to get whatever they’re looking for? Is that just arcane OS level stuff, but the identity and memory of other programs is generally available?


#323

This forum doesn’t work without Javascript. And where there’s Javascript running, there’s the possibility of a exploit. Of course, easier said than done, but still.

As for other sources, yeah, it’s basically similar to other exploits, but harder to catch/detect. Being careful could keep you safe in that case.


#324

Not a dumb question at all, actually. The full explanation is a bit technical, but here’s the important thing: in old OSs, it can actually be easy. In modern OSs with ASLR, it’s a lot harder, but not impossible.


#325

If you run uBlock Origin in medium mode as I do (details linked below), you won’t run any 3rd party scripts by default, and if they don’t run they can’t attack you.

Of course that doesn’t defend against first-party scripts running on the server you’re actually visiting, and similarly won’t defend against cross-site scripting attacks which are very common. You should be running uBlock on medium mode if you care about your privacy, but I wouldn’t rely on it as a comprehensive defence against Meltdown or Spectre.

@Scott_Lufkin: If you never see page damage with uBlock Origin, you’re running in Easy mode, not Medium. That blocks ads really well but doesn’t protect your privacy.


#326

Acutally, ASLR isn’t a silver bullet.

This was a good overview of Meltdown/Spectre by a forensic security firm. Spectre can totally bust ASLR.


#327

We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site.

The OEM’s cannot be happy. They’ve been feverishly pushing out BIOS updates on an unprecedented scale, and now they have to go and do them all over again.


#328

retpolines do not require microcode updates and are a mitigation against variant 2.


#329

That does not conflict with what I said.


#330

Perhaps I’m not understanding you correctly, then. You stated that Spectre patches require microcode updates. Retpolines are a Spectre mitigation and do not require microcode updates.

To be more precise, some of the Spectre mitigations on some platforms do indeed rely on the changes Intel is putting in microcode. Others, retpolines being the prime example, do not.

My point is that OS and tools vendors are not without options in situations where microcode updates are either not applied or not available.

Does that match your understanding?


#331

Yes, that is a more precise way to say it.


#332

#333

Well, I mean, of course they do. It would be shocking if they didn’t.


#334

How long we talking.


#335

Seems like they’ve found the answer to the limitation of silicon problem. Just find a new “flaw” every few years and everyone will have to buy new chips!


#336

With Moore’s Law essentially dead, that might indeed be a “solution”…


#337

They said “by the end of the year” meaning by December 2018.


#338

Counting down until we see demands for exchanges of recent purchases of gen 8 CPUs.


#339

Yeah my decision to skip Coffee Lake (more cores are pretty useless in the big scheme of things) seems smart in retrospect. Thanks Spectre!


#340

https://www.wsj.com/articles/intel-warned-chinese-companies-of-chip-flaws-before-u-s-government-1517157430


#341

That would be just dumb. Stone cold stupid prioritization, if true.