CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more

Discussion in 'Hardware Components and Aftermarket Upgrades' started by hmscott, Jan 2, 2018.

  1. Robbo99999

    Robbo99999 Notebook Prophet

    Reputations:
    3,834
    Messages:
    6,401
    Likes Received:
    5,449
    Trophy Points:
    681
    Ok, so it says that "an attacker...requires some kind of foothold in your machine in order to pull this off". If that's the case, then wouldn't an attacker with a foothold in your machine be able to use other types of attacks rather than this new Spectre attack to retrieve the same information - I mean it's another potential tool in their arsenal, but I'm surmising that they'd be able to find out the same information in other ways if they already had a foothold in your machine. If this is the case, then it kind of downplays the importance/significance of this new Spectre style attack, because it's probably not really increasing risk.
     
  2. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,131
    Messages:
    19,294
    Likes Received:
    24,029
    Trophy Points:
    931
    Many exploits need some elevated privilege access, and that's easily done through many other privilege exploits, most malware or hidden information gathering software uses multiple exploits in a concerted effort as a package to attain it's goals.

    It's kind of a "newbie" thing to say that an exploit that requires elevated privilege is useless because it requires an already exploited machine - since the delay between exploited and actively gathering data is a very short distance for these packaged malware data gatherers.

    There are many exploits like this that at one time weren't patched and had long legs before they were, and in a package of exploits to attain a goal there may be many such steps of "trying" to do a hack to get to the next step, with some failing and some working, until the overall goal of access of a particular type is attained.

    It's far more complex - and far more simple - than just poo-pooing something because it has pre-requisites to run successfully, as all exploits do, they first have to find a host running the level or revision of OS keen to it's exploit, then it needs to pass through the network in some way to hop onboard, then it needs to be initiated to start the process - so to speak - and then once the process is active there needs to be a way to get the data back home for use.

    One step at a time, just like the most complex programmatic goal, is all it takes.

    In the case of "Spoiler" apparently browsing a site with "javascript" enabled will be enough, or perhaps kitted along with an installer even better, there are many vehicles to deliver payloads these days, so I don't think "Spoiler" would have any trouble getting onboard and setup quickly.

    It also sounds like this little honey will be easier to code up and have a much higher success to attempt rate vs the typical Spectre hack.

    It's gonna be a good time to upgrade to AMD coming soon. :)
     
    Riley Martin likes this.
  3. Robbo99999

    Robbo99999 Notebook Prophet

    Reputations:
    3,834
    Messages:
    6,401
    Likes Received:
    5,449
    Trophy Points:
    681
    Well, I'm putting it in perspective by saying that they need a foothold in your computer before they can use this Spectre style attack, combined with the fact that they could do other attacks once they have a foot hold anyway, not just Spectre, so the risk is not vastly greater due to this new threat, that's my intuition of it. It's certainly not lowered the threat level, but I don't think it's increased it much.
     
  4. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,131
    Messages:
    19,294
    Likes Received:
    24,029
    Trophy Points:
    931
    Nah, you are trying to deflate the importance of practicing mitigation for an exploit by saying it's less dangerous because you say it requires prerequisites that might not exist on a targeted computer.

    And, I am saying you are naive, and putting people in actual danger by expressing your faulty logic.

    Naysaying security mitigation implementation is a slippery slope for the people and companies that listen to such half-baked comments. The person making them (you) are safe to make such comments having no responsibility for the consequences.

    If you are making such suggestions at the company you work, and they are compromised based on your recommendations, then you will be responsible, and likely fired.

    I sincerely hope you aren't in a position of responsibility for security policies and implementation at your company.
     
    Last edited: Mar 6, 2019
    Riley Martin and Maleko48 like this.
  5. tilleroftheearth

    tilleroftheearth Wisdom listens quietly...

    Reputations:
    4,665
    Messages:
    12,129
    Likes Received:
    2,190
    Trophy Points:
    631
    It goes without saying that in an actual business security should be first and foremost. No arguments there from myself or from Robbo99999, from his posts.

    But, like Robbo99999 is saying, if someone has the actual hardware in their possession, being 'unprotected' by that specific attack vector is moot. They then have otherwise full access to anything and everything they need to anyhow at that point.

    Trying to twist this solid logic to make Robbo99999 or anyone else to look wrong or incompetent only shows how insecure you are. This is (our) forum.notebookreview.com. Not forum.corporateplatform.com. ;)

    And I'll predict (safely, I'm sure) that just like when these Spectre/Meltdown attack vectors were first discovered, it isn't only Intel that is so compromised. Variations of Spoiler will be found in other vendors platforms too.

    I'm glad these are being discovered so quickly now. They'll eventually get this right. And by 'they'; I mean all CPU manufacturers that not only exist today but also those that will emerge in the future too.
     
    jclausius, Robbo99999 and bennyg like this.
  6. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,131
    Messages:
    19,294
    Likes Received:
    24,029
    Trophy Points:
    931
    If you two are so convinced security is all a bit of nonsense, and being in possession of your computers protects you against compromise, why are you wasting our time posting naysaying comments here?

    We are here to share the information on mitigations for exploits, and implement security around preventing compromises.

    We don't need your help trying to convince us that it's all really nothing to get worried about. :)
     
    Last edited: Mar 7, 2019
    Riley Martin likes this.
  7. tilleroftheearth

    tilleroftheearth Wisdom listens quietly...

    Reputations:
    4,665
    Messages:
    12,129
    Likes Received:
    2,190
    Trophy Points:
    631
    You really like to make things up and/or pull things out of thin air to make yourself look superior. Heads up, you don't and you aren't.

    My comments are in support of Robbo99999's statements which any and every other logical person here would agree to.

    Don't try to dig so deep to prove how right you are. Others can be just as right too. Re-read what I and Robbo99999 wrote. Please don't put words in other peoples mouths.
     
  8. ajc9988

    ajc9988 Death by a thousand paper cuts

    Reputations:
    1,449
    Messages:
    5,471
    Likes Received:
    7,791
    Trophy Points:
    681
    Chiming in only on how widespread spoiler is. It only effects Intel chips because only Intel uses the specific way of securing the memory. AMD uses a very different table setup which is NOT exploitable in this specific way. It's also why AMD wasn't exposed to the other Intel memory attack from a couple months back. ARM also has a different implementation. Don't speak without understanding why it was already shown Intel is vulnerable and the others are not.

    This is NOT to say there may not exist some memory exploit for AMD (looking at PSP exploits, which AMD employs and Intel doesn't). It is to say don't confuse this with a speculative side channel exploit, or portsmash which also only effects Intel machines (if I remember correctly, that is the L1 cache speculative exploit).

    Sent from my SM-G900P using Tapatalk
     
  9. tilleroftheearth

    tilleroftheearth Wisdom listens quietly...

    Reputations:
    4,665
    Messages:
    12,129
    Likes Received:
    2,190
    Trophy Points:
    631
    Agree overall with what you state below. However, history/experience has taught me that once an exploit is discovered in any system, the idea behind it can be most likely be leveraged similarly in other/different system.

    I did and I do understand before I posted; please don't jump to conclusions. ;)

    When an idea is put into a coder (or hackers) head; the end result can usually be achieved, regardless of equipment/hardware.

     
    Riley Martin likes this.
  10. ajc9988

    ajc9988 Death by a thousand paper cuts

    Reputations:
    1,449
    Messages:
    5,471
    Likes Received:
    7,791
    Trophy Points:
    681
    Yes, but there is a reason Intel requires an all encrypted memory segmentation or none, while AMD can do partial encryption, partial not. That difference is not insignificant.

    That is why security relies on level headed examination. What was found with meltdown only applied to Intel CPUs and a couple ARM designs. With spectre, it depended on variant of the exploit as to who was vulnerable and the degree to which they were vulnerable. Some of those attacks were not verified on AMD do to researchers not having AMD equipment upon which to verify the exploit (this comes down to market share, and Intel is the behemoth). For portsmash with L1 cache, that was all Intel. For the ones that were done as a hit piece on AMD that the "research security" company released without giving AMD a chance to patch, those were solely AMD chips (most were real, but fixed in a subsequent microcode update and remedied within a month or two). And then there are ARM specific exploits that don't effect AMD or Intel.

    My overall point is playing teams, regardless of side you take, is ridiculous when it comes to security. Instead, you need a level headed look at what your deployment is and how exposed the hardware is in that deployment environment. There are times where Intel's vulnerabilities are more likely to be exploited in certain environments, and times AMDs will be.

    With that said, no company is willing to turn off predictive branch completely because of the performance hit, instead relying on a couple hardware tweaks, microcode updates, firmware updates, and the bulk in software updates, unfortunately.

    What spectre and meltdown started was an avalanche of discovered exploit variants, all while leading researchers to make a name finding new hardware weaknesses.

    For spoiler, it is a new one found on Intel related to their memory that others are not vulnerable to. Intel will likely find a hardware fix in time for ice lake desktop, which should be about ready for tape out (too late for the laptop chips expected this summer). That instead acts as a good argument to grab AMD now or Intel possibly then if your deployment scenario runs a specific or elevated risk to the type of attack.

    Meanwhile AMD still enjoys the security through obscurity related to their version of Intel's management engine that is found on AMD chips (not saying ME and AMD's implementation are anything alike). At least one vulnerability related to it was discovered and fixed, but it is relatively new, and we've all seen how Intel's management engine is chocked full of exploits. Given enough time, security through obscurity never works. It is great at first, but people will figure it out whether you tell them what is happening with a system or don't.

    Because of this, I'm not here to say pick one over the other. It really depends on your deployment as to what risk is being run.

    For me, personally, the Intel exploits are too much of a risk, from SXG exploits to the hits from mitigations on speculative attacks to the memory attacks. But that is my deployment and risk tolerance. Others may differ.

    Either way, my recommendation is to wait for Intel's server chips this summer and AMD's Zen 2 desktop and server offerings this summer to see what has been fixed by then. There has been little to no opportunity to fix some of the most recent exploits, while others, the answer in re-engineering has not been as quick as hoped. That happens. But, awareness is the first step.

    Sent from my SM-G900P using Tapatalk
     
Loading...
Similar Threads - Vulnerabilities Meltdown Spectre
  1. Starlight5
    Replies:
    14
    Views:
    811

Share This Page