0 users browsing Programming. | 1 guest  
Main » Programming » Your daily dose of processor unit vulnerabilities
Pages: 1 2 Next Last
Posted on 18-11-16, 14:13
Not from my cellphone

Post: #33 of 835
Since: 10-30-18

Last post: 1 day
Last view: 3 hours
Another day, another load of Spectre/Meltdown CPU vulnerabilities get disclosed by researchers:

https://it.slashdot.org/story/18/11/14/181225/researchers-discover-seven-new-meltdown-and-spectre-attacks
Yes, it seems those now come in 67-packs. Of course Intel has to defend their broken CPUs: "Hey, you're already protected anyway!". Buying AMD or defecting to ARM won't save you, either.

But this doesn't end here: it seems we now have Meltdown for GPUs!
https://www.phoronix.com/scan.php?page=news_item&px=Uni-GPU-Side-Channel-Flaw
...not that GPUs have been guilty-free before, but this certainly is new. For now nVidia is affected (:linusfuckyou.jpg:), but presumably AMD may be impacted too. This doesn't surprise me, as GPUs and its device drivers are very complex beasts with a huge attack surface that it's only now being explored and exploited.

Anyway, expect more performance-crippling software patches to come in the future, despite the fact there are no real-world exploits doing the rounds yet (exploiting Spectre/Meltdown is doable if you're a well-funded nation-state level actor, but not exactly at the reach of Babby's My First Skript Kiddy Toolkit). Or simply give up computers for good - after all, a secure PC is one that is sitting inside its shipping box, not to be plugged to anything EVER. Make sure to remove the CMOS/RTC battery too!

Licensed Pirate® since 2006, 100% Buttcoin™-free
Posted on 18-11-16, 14:27

Post: #14 of 123
Since: 10-29-18

Last post: 113 days
Last view: 5 days
Posted by tomman
Or simply give up computers for good - after all, a secure PC is one that is sitting inside its shipping box, not to be plugged to anything EVER. Make sure to remove the CMOS/RTC battery too!

I think I can make do with having my main rig as a standalone, and a sacrificial rig for online stuff. Only way to get anything from/to the standalone is probably a removable device to be used exclusively between the two. So unless someone finds a way to read EM signals leaking from the power lines for example then... oh may gawd.

I still have no idea what I'm talking about.
Posted on 18-11-16, 14:55

Post: #16 of 307
Since: 10-29-18

Last post: 12 days
Last view: 43 min.
User is online
https://it.slashdot.org/story/09/07/12/0259246/stealing-data-via-electrical-outlet
https://security.stackexchange.com/questions/9725/are-powerline-ethernet-adapters-inherently-secure
https://www.schrockinnovations.com/hackers-steal-data-hard-drive-light/

My current setup: Super Famicom ("2/1/3" SNS-CPU-1CHIP-02) → SCART → OSSC → StarTech USB3HDCAP → AmaRecTV 3.10
Posted on 18-11-16, 18:28

Post: #14 of 175
Since: 10-30-18

Last post: 3 days
Last view: 3 days
Posted by tomman
Anyway, expect more performance-crippling software patches to come in the future, despite the fact there are no real-world exploits doing the rounds yet (exploiting Spectre/Meltdown is doable if you're a well-funded nation-state level actor, but not exactly at the reach of Babby's My First Skript Kiddy Toolkit). Or simply give up computers for good - after all, a secure PC is one that is sitting inside its shipping box, not to be plugged to anything EVER. Make sure to remove the CMOS/RTC battery too!

I turn off all these things on my machines. For one, you're not vulnerable without physical or VM access (it's impractical to exploit any other way), and the fact that everybody else's machines are patched means it's not cost effective to even try.

These exploits are just now becoming realized because everybody's using virtual hosts and cloud computing crap and freaking out because their "magic" container is being broken. Remember how we used to send email, passwords, and credit cards through the network in plain text? Or how everybody ran their own email server and they didn't understand that it would be complex to secure? It's more "oh shit, we've been doing things wrong for years, here's the right way to do it." New kiddies weren't around when these problems were being solved "the wrong way," and don't understand the reasons these implementations exist.
Posted on 18-11-16, 23:01

Post: #9 of 18
Since: 10-30-18

Last post: 463 days
Last view: 4 days
I'm getting pretty sick of this constant fear-mongering. What are the odds that your average consumer is ever going to be affected by exotic vulnerabilities like these? I'd rather just opt out of the "fixes" and get the full advertised speed out of my system, but sadly I'm a stupid Windows luser.
Posted on 18-11-16, 23:15

Post: #15 of 175
Since: 10-30-18

Last post: 3 days
Last view: 3 days
https://www.phoronix.com/scan.php?page=article&item=linux-420-bisect#=1
Posted on 18-11-17, 04:32 (revision 1)
Not from my cellphone

Post: #36 of 835
Since: 10-30-18

Last post: 1 day
Last view: 3 hours
Posted by BMF54123
I'm getting pretty sick of this constant fear-mongering. What are the odds that your average consumer is ever going to be affected by exotic vulnerabilities like these? I'd rather just opt out of the "fixes" and get the full advertised speed out of my system, but sadly I'm a stupid Windows luser.


To opt-out of this madness:

- Linux: append "pti=off spectre_v2=off l1tf=off nospec_store_bypass_disable no_stf_barrier" to your kernel commandline (exact arguments may vary depending on your specific architecture). Details!

- Windows: You can edit the registry. Or for a more Windows-esque user friendly solution, run this checker tool which (when run as admin) allows you to toggle both protections on and off.

I haven't noticed that all of my vulnerable PCs are slower due to the fixes - good ol' software bloat already takes care of that. But I'll keep those switches in mind for future usage.

Licensed Pirate® since 2006, 100% Buttcoin™-free
Posted on 18-12-10, 21:12 (revision 1)
Post: #3 of 25
Since: 12-10-18

Last post: 439 days
Last view: 439 days
Posted by BMF54123
I'm getting pretty sick of this constant fear-mongering. What are the odds that your average consumer is ever going to be affected by exotic vulnerabilities like these? I'd rather just opt out of the "fixes" and get the full advertised speed out of my system, but sadly I'm a stupid Windows luser.

Can't you do that if you're not running Windows Baka Edition (W10) anyway? Though it means manually inspecting the KBs.

Even Vista and (I believe) XP increase in memory usage when all updates are installed. _._

Oh.
Posted on 18-12-11, 08:06
Post: #43 of 379
Since: 10-30-18

Last post: 19 days
Last view: 1 day
Posted by jjndig
Posted by BMF54123
I'm getting pretty sick of this constant fear-mongering. What are the odds that your average consumer is ever going to be affected by exotic vulnerabilities like these? I'd rather just opt out of the "fixes" and get the full advertised speed out of my system, but sadly I'm a stupid Windows luser.

Can't you do that if you're not running Windows Baka Edition (W10) anyway? Though it means manually inspecting the KBs.

Even Vista and (I believe) XP increase in memory usage when all updates are installed. _._
Microsoft switched to cumulative update packages for Windows 7 and 8 so I imagine the security updates are rolled up in to it making it an all or nothing proposition.

AMD Ryzen 3700X | MSI Gamer Geforce 1070Ti 8GB | 16GB 3600MHz DDR4 RAM | ASUS Crosshair VIII Hero (WiFi) Motherboard | Windows 10 x64
Posted on 18-12-11, 13:34
Not from my cellphone

Post: #75 of 835
Since: 10-30-18

Last post: 1 day
Last view: 3 hours
Screw it, I've disabled the Spectre/Meltdown workarounds across ALL of my computers.

They're old, and having an artificial limiter doesn't help me to win the battle against software bloat.

On Windows, run the GRC tool (InSpectre) as admin, click the button, reboot, done.
On Linux, add the magic enchants to your GRUB cmdline, update-grub, reboot, done.

I run adblockers, avoid Javascript shitpiles like the plague, and don't even bother with VMs at home anymore, and NONE of my systems are cherished production servers plugged directly to The Clown, so why bother? I'm adult enough to assume the risk.

Licensed Pirate® since 2006, 100% Buttcoin™-free
Posted on 18-12-11, 16:49
Post: #6 of 25
Since: 12-10-18

Last post: 439 days
Last view: 439 days
@NickSteel Oh yeah... I forgot about that. Ugh. -.-

Oh.
Posted on 18-12-11, 20:10
Not from my cellphone

Post: #76 of 835
Since: 10-30-18

Last post: 1 day
Last view: 3 hours
Posted by tomman
On Windows, run the GRC tool (InSpectre) as admin, click the button, reboot, done.
On Linux, add the magic enchants to your GRUB cmdline, update-grub, reboot, done.

On Mac, well, Macs have no flaws, Apple knows what's best for you, and you're due for a new port-less MacBook anyway. Yes, you can't disable the patches on macOS.

Licensed Pirate® since 2006, 100% Buttcoin™-free
Posted on 19-05-15, 04:49
Full mod

Post: #242 of 425
Since: 10-30-18

Last post: 15 days
Last view: 3 hours
Another bunch of attacks for the pile!

- Intel-only
- Affecting processors built since 2011
- Another kind of speculative execution attack, but not prevented by the Spectre/Meltdown workarounds

One mitigation is disabling hyper-threading in the BIOS, which can be a 40% performance hit if you're running thread-heavy code (i.e. not higan).

The ending of the words is ALMSIVI.
Posted on 19-05-15, 11:39
Not from my cellphone

Post: #322 of 835
Since: 10-30-18

Last post: 1 day
Last view: 3 hours
*yawn*

Another website-and-logo processor vulnerability. Damn Intel, where is my new, hardware-fixed i9?!

I stopped caring, just like most people out there. It's quite amuse to read that "Disable JavaScript" is a common mitigation strategy nowadays.

Also, I've always knew HT is a bad idea. Never liked the concept (I'll take full cores rather than "not leaving resources idle", please).

Licensed Pirate® since 2006, 100% Buttcoin™-free
Posted on 19-05-15, 12:43
Custom title here

Post: #449 of 960
Since: 10-30-18

Last post: 16 days
Last view: 2 hours
Posted by tomman
Damn Intel, where is my new, hardware-fixed i9?!

I stopped caring, just like most people out there.

Intel stopped caring too. That's the problem.


Also, I've always knew HT is a bad idea. Never liked the concept (I'll take full cores rather than "not leaving resources idle", please).
Hyper-threading is about getting more from what you have, in the same way that out-of-order execution, pipelining, and branch prediction.

More cores and hyper-threading are complementary, rather than contradictory. And it is frankly embarrassing that they disable hyper-threading on any of their products(just like so many other things they disable so they can charge a premium for something their entire product line is capable of).

--- In UTF-16, where available. ---
Posted on 19-05-15, 14:56
Stirrer of Shit
Post: #286 of 717
Since: 01-26-19

Last post: 316 days
Last view: 314 days
Posted by CaptainJistuce
Intel stopped caring too. That's the problem.

I don't see any problem. I've never once been affected by these Spectre or Meltdown vulnerabilities. If I would be, then whatever exploit kit manages to use it would affect many other people too, and then presumably someone (who still isn't me, mind you) would do something. I don't really have a dog in this fight, so why would I care?

More cores and hyper-threading are complementary, rather than contradictory. And it is frankly embarrassing that they disable hyper-threading on any of their products(just like so many other things they disable so they can charge a premium for something their entire product line is capable of).

That's actually reasonable, though. The marginal cost of manufacturing a chip is negligible, R&D (and masks) is the expensive part. So it makes more sense to only manufacture a few types of CPUs, disable the parts that don't turn out so well, and then market them as different processor models based on what clock frequency, core count, etc they could sustain.

Sure, you could argue this is immoral, but it's more efficient than trying to make all the different kinds of CPUs, throwing away some, and wasting enormous overclocking potential in some.

I don't get it.
On 14 May 2019 ... coordinated with Intel, disclosed their discovery


Security people are infamous for having lax morals and a tenuous grasp on reality. But yet they felt the need to do the whole "responsible disclosure" schtick?
Fine if you can actually fix it. But in this case, we're all fucked anyway. So why not release the paper, and then just go all-in on puts? It's not even illegal.
Say they're 10 people, can pool up $10k each. That'd be big enough to get a good deal on the transaction costs. Buy puts with to get like 50x leverage. Say it goes down by 2%, they've doubled their money. Spectre/Meltdown had it down by over 5%, and that was with responsible disclosure too.

Probably they could get more leverage or money too. The odds of it going up are infinitesimal, so they only really have to fear random fluctuations before the news hit the market. And I'm sure the smart money'd be happy to back them.

There was a guy who had an idea for a hedge fund like this, but he got into some legal trouble (for other stuff, later exonerated) and then later on some political trouble. Not sure if I'm allowed to speak positively about him here. But it seems like a workable idea, and one that would be good for society.

There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this.
Posted on 19-05-16, 05:30 (revision 1)
Custom title here

Post: #451 of 960
Since: 10-30-18

Last post: 16 days
Last view: 2 hours
Posted by sureanem

More cores and hyper-threading are complementary, rather than contradictory. And it is frankly embarrassing that they disable hyper-threading on any of their products(just like so many other things they disable so they can charge a premium for something their entire product line is capable of).

That's actually reasonable, though. The marginal cost of manufacturing a chip is negligible, R&D (and masks) is the expensive part. So it makes more sense to only manufacture a few types of CPUs, disable the parts that don't turn out so well, and then market them as different processor models based on what clock frequency, core count, etc they could sustain.

Sure, you could argue this is immoral, but it's more efficient than trying to make all the different kinds of CPUs, throwing away some, and wasting enormous overclocking potential in some.

I don't get it.

If this were like the 486 SX, I'd agree.

Intel moved several years ago to gating off features and setting clockspeeds based on what they WANTED to sell rather than supply being restricted by yields. It is why you occasionally see a processor model that reliably overclocks by 100%. The reason it isn't being sold as a faster part is because Intel doesn't want there to be a larger supply of faster parts.

Especially obvious with things like ECC RAM and hyper-threading. There's no hardware failure I can imagine that renders them unusable that doesn't also kill the rest of the processor.

--- In UTF-16, where available. ---
Posted on 19-05-16, 08:46 (revision 1)
Full mod

Post: #244 of 425
Since: 10-30-18

Last post: 15 days
Last view: 3 hours
Posted by sureanem
Security people are infamous for having lax morals and a tenuous grasp on reality. But yet they felt the need to do the whole "responsible disclosure" schtick?

Security issues tend to be subtle, and understanding them usually requires a thorough understanding of the product in question, such as the product's designer might have. If you announce a vulnerability alongside patches and mitigation guides written by the vendor, you've probably found something cool and worth paying attention to. If you announce a vulnerability out of the blue, the best that's going to happen is that people will ask the vendor what's up, and the vendor will say "we dunno, give us a month or two to figure out whether this has any merit whatsoever". Much less dramatic, and hence much less likely to win you the respect of the security industry, or tenure, or whatever.

Of course, the interesting thing with *this* vulnerability is that basically the same thing was found by many individuals and research groups, and Intel made all of them swear to secrecy individually, and strung them all along for up to a year, never letting them know about each other. If they'd been allowed to talk to each other, they might have been able to properly explore the security implications of today's CPUs, maybe even discover the *next* vulnerability-with-a-logo. Instead, they sat and twiddled their thumbs waiting for the responsible disclosure period to elapse.

EDIT: Also, https://make-linux-fast-again.com/

The ending of the words is ALMSIVI.
Posted on 19-05-16, 11:24

Post: #60 of 100
Since: 10-30-18

Last post: 334 days
Last view: 4 days
The Mill was right.
Posted on 19-05-16, 14:11
Stirrer of Shit
Post: #289 of 717
Since: 01-26-19

Last post: 316 days
Last view: 314 days
Posted by CaptainJistuce
If this were like the 486 SX, I'd agree.

Intel moved several years ago to gating off features and setting clockspeeds based on what they WANTED to sell rather than supply being restricted by yields. It is why you occasionally see a processor model that reliably overclocks by 100%. The reason it isn't being sold as a faster part is because Intel doesn't want there to be a larger supply of faster parts.

Especially obvious with things like ECC RAM and hyper-threading. There's no hardware failure I can imagine that renders them unusable that doesn't also kill the rest of the processor.

No, I don't mean they're restricted by yields anymore, R&D is their main cost. And chip binning is just a simple optimization to do.
But R&D is still a cost. You could argue that they're holding back the computer industry, which I suppose is true, but I think this is for the best. We don't deserve any better. Say clock speeds were to jump tomorrow, what would happen?
A) people keep writing software like usual, but it now goes 2x as fast
B) people make their software use 2x as much resources and claim the compiler will optimize it

As much as I hate to say it, Intel did nothing wrong.

Posted by Screwtape
Security issues tend to be subtle, and understanding them usually requires a thorough understanding of the product in question, such as the product's designer might have. If you announce a vulnerability alongside patches and mitigation guides written by the vendor, you've probably found something cool and worth paying attention to. If you announce a vulnerability out of the blue, the best that's going to happen is that people will ask the vendor what's up, and the vendor will say "we dunno, give us a month or two to figure out whether this has any merit whatsoever". Much less dramatic, and hence much less likely to win you the respect of the security industry, or tenure, or whatever.

Depends on how big the vulnerability is. The Israelis messed up by posting a paper that was as shady as can be, with no proof, and by an unknown company. If a (relatively) well-renowned university had posted it, with proof, and with some PoC code (ready for use) included, then the stock probably wouldn't do so well.

Would you really think Intel would help them exploit their CPU? They'd do research, sure, but I don't think they'd share it with the public until they've fixed it.

Of course, the interesting thing with *this* vulnerability is that basically the same thing was found by many individuals and research groups, and Intel made all of them swear to secrecy individually, and strung them all along for up to a year, never letting them know about each other. If they'd been allowed to talk to each other, they might have been able to properly explore the security implications of today's CPUs, maybe even discover the *next* vulnerability-with-a-logo. Instead, they sat and twiddled their thumbs waiting for the responsible disclosure period to elapse.

EDIT: Also, https://make-linux-fast-again.com/

Now THAT's impressive. Say they had 10 people at each "discoverer" who knew about it, that's 110 people, and none of them took out short positions.

Or maybe they did. I suppose we wouldn't know about it unless they told us. It's perfectly legal, so the bank wouldn't tattle on them, and if they want to be on good terms with the uni they wouldn't tell them about it either. So the only one who would hear about it would be their friends, if any, and even if they in turn would tattle on them, there'd be no conclusive proof either way. Especially not if they were smart and got someone else to do it.

There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this.
Pages: 1 2 Next Last
Main » Programming » Your daily dose of processor unit vulnerabilities
Kawa's Github