CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more

Discussion in 'Hardware Components and Aftermarket Upgrades' started by hmscott, Jan 2, 2018.

  1. Papusan

    Papusan JOKEBOOK's Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    21,065
    Messages:
    22,717
    Likes Received:
    39,183
    Trophy Points:
    931
    There will come more Security flaws. Both in hardware, OS, software, drivers etc. A never ending cycle.
    http://forum.notebookreview.com/thr...nd-announcements.826887/page-14#post-10913668
     
    Vasudev, inm8#2 and joluke like this.
  2. Zymphad

    Zymphad Zymphad

    Reputations:
    2,321
    Messages:
    4,164
    Likes Received:
    353
    Trophy Points:
    151
    I feel wannacry and this are different. Wanna-Cry was easily done, as it traveled from infected machines to other machines quickly.

    These CPU vulnerabilities require such specific conditions to work, and it seems often you need administrative rights, access to BIOS, root etc, in which case you'd have to have direct control of the machine. My impression with these, if an attacker was able to use these vulnerabilities, this would be the LEAST of your worries.
     
    bennyg and tilleroftheearth like this.
  3. Zymphad

    Zymphad Zymphad

    Reputations:
    2,321
    Messages:
    4,164
    Likes Received:
    353
    Trophy Points:
    151
    So let's recap.

    From Intel Developer Zone: "MDS may allow a malicious user who can locally execute code on a system to infer the values of protected data otherwise protected by architectural mechanisms."
    - LOCALLY EXECUTE THE CODE. If you can LOCALLY EXECUTE the code, you don't need these vulnerabilities, it implies you have ACCESS TO THE MACHINE LOCALLY. HOLY SMOKES IS THIS CRYING SO OUT OF PROPORTION AND WHACKED!!!!!

    MDS attacks which encompass Zombieload RIDL and the other stupid attacks that don't actually work... Actually work as in, this vulnerability goes back EIGHT YEARS and not one instance or example of it has been documented thus far. No one has proven these attacks actually can work.

    The only examples I have seen on mdsattacks.com for example, the person demonstrating has to execute the vulnerability LOCALLY and it took them TWENTY FOUR HOURS TO WORK... HOLY CRAP, if someone has control of your machine in person for TWENTY FOUR HOURS, you got far more serious issue. Like basic security access to your machines.

    In all the examples, you would first either have to gain remote access to the machine with root privileges or gain direct access to the machine. In both cases, if the attacker succeeded, these exploits are pointless. The attacker has far more effective ways to gain access to your files. So far, from what I have garnered since details are so sparse on these vulnerabilities, a lot of generalized rubbish that amount to drivel nothingness, these vulnerabilities are idiotic, and almost not even worth mentioning.

    I'm not defending Intel, but to execute these vulnerabilities, holyshit, you have far more to worry about than this idiocy.

    Also most BIOS, Windows, Linux distros and Apple already have resolved these problems. So I think the tech world should continue to panic and cry over this. Yup definitely.
     
    Last edited: May 22, 2019
    bennyg, Vasudev, inm8#2 and 3 others like this.
  4. Talon

    Talon Notebook Virtuoso

    Reputations:
    1,129
    Messages:
    3,130
    Likes Received:
    3,570
    Trophy Points:
    331
    Change your password every 23 hours and you have nothing to worry about lol.

    :p
     
    Vasudev and Papusan like this.
  5. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,185
    Messages:
    19,393
    Likes Received:
    24,143
    Trophy Points:
    931
    When you come across an exploit through a browser or a download, that exploit is then run as "you" locally, until it finds an exploit to work to get elevated privileges.

    Running either as "you" or as the "superuser" locally, the package can then do it's work. It can sit there in the background, with it's task manager / process manager listing removed so it's invisible. It can take hours, or days, it doesn't matter, when the data is collected it can then be held or sent immediately. It can take as long as it wants, set up a server for other connections, or do what it wants.

    There are ways to find such things, even before they are ID'd, but those methods are also known to the attackers, and often the exploit package can hide it's presence.

    Each software exploit - through the browser, OS, firmware exploits are all old news. Exploits using CPU hardware security holes are more rare, and certainly at the constant level of findings for Intel vulnerabilities, it's gotten to the point where it's advisable to disable HT - advice from major OS /VM vendors, as posted previously. The OS / VM vendors are taking it all very seriously.

    Intel and Microsoft are the largest vendors with the largest market share and are therefore the largest target for exploits, and for bad actors to apply their energies to finding ways around mitigation.

    These new Intel CPU vulnerabilities are ripe for new exploits, and it's only a matter of time before they are used.

    To seriously believe that these new gaping holes won't be attacked over time is to ignore history. There's nothing to joke about here.
     
    Last edited: May 24, 2019
    ajc9988 and Vasudev like this.
  6. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,185
    Messages:
    19,393
    Likes Received:
    24,143
    Trophy Points:
    931
    Wanna cry was a combination of pieces put together for a purpose. The infection vector could be used to deliver other payloads.

    Here's a pretty good explanation of the package, how it initially infects, and the rest of the tasks of the payload.

    What is WannaCry ransomware, how does it infect, and who was responsible?
    Stolen government hacking tools, unpatched Windows systems, and shadowy North Korean operatives made WannaCry a perfect ransomware storm.
    https://www.csoonline.com/article/3...w-does-it-infect-and-who-was-responsible.html

    Imagine another exploit besides SMB is used for infection and delivery of the payload, and that payload instead can now use Intel CPU Vulnerabilities to extract data from your system - similarly to Wannacry, thousands of systems - and then you have an idea of what how little protection "running locally" really is.

    The Intel vulnerabilities don't need to provide an infection vector themselves, there are plenty of other attack vectors to deliver a package exploiting Intel CPU vulnerabilities.
     
    Last edited: May 24, 2019
    ajc9988 and Vasudev like this.
  7. TANWare

    TANWare Just This Side of Senile, I think. Super Moderator

    Reputations:
    2,431
    Messages:
    9,197
    Likes Received:
    4,479
    Trophy Points:
    431
    I used Wanna-cry not as a tech comparison but as a social one. If there is an exploit that can be had it will be used and to wait to do something until it is too late, well...…..
     
    ajc9988, hmscott and Vasudev like this.
  8. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    6,530
    Messages:
    10,068
    Likes Received:
    7,370
    Trophy Points:
    931
    JSP and HTML based fake website are easy to make and impersonate. Self signed exe from powershell can be a attack vector too. Or it might be layered malware using combination of drive by malware, miners,spectre/MDS based exploit target based data mining and processing/cleaning/extraction.
    Everyone PC has powerful CPUs and GPUs and for common users CPU/GPU hitting 100% won't be much of an issue.
     
    hmscott likes this.
  9. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,185
    Messages:
    19,393
    Likes Received:
    24,143
    Trophy Points:
    931
    Spectre/Meltdown/L1TF/MDS Mitigation Costs On An Intel Dual Core + HT Laptop
    Written by Michael Larabel in Hardware on 21 May 2019 at 08:19 AM EDT. 23 Comments
    https://www.phoronix.com/scan.php?page=news_item&px=Spec-Melt-L1TF-MDS-Laptop-Run

    "Following the recent desktop CPU benchmarks and server CPU benchmarks following the MDS / ZombieLoad mitigations coming to light and looking at the overall performance cost to mitigating these current CPU vulnerabilities, there was some speculation by some in the community that the older dual-core CPUs with Hyper Threading would be particularly hard hit. Here are some benchmarks of a Lenovo ThinkPad with Core i7 Broadwell CPU looking at those mitigation costs.

    Here are some quick complementary data points looking at the impact of the mitigations=off / mitigations=auto (the default kernel behavior for these mitigations) / mitigations=auto,nosmt (disabling Hyper Threading) when using a Core i7 5600U with two physical cores plus Hyper Threading, very different from the desktop/server CPU benchmarks in recent days with high core counts.
    ...
    There are quite a few graphs in that article, but it's otherwise short, check out the URL above.
    ...
    If looking at the geometric mean across dozens of benchmarks ran, the default/out-of-the-box mitigations dropped the performance by 18% or 25% when disabling Hyper Threading. See all the benchmarks via this OpenBenchmarking.org result file."

    This is where the main problem - loss of performance - comes into debilitating effect, on low core count CPU's and even new CPU's with steppings older than the latest from Intel production, check your CPU stepping against Intel's hardware mitigations list - if you CPU is a month or older it's likely not "fixed in hardware":

    Engineering New Protections Into Hardware
    https://www.intel.com/content/www/u...ngineering-new-protections-into-hardware.html

    "In 2018, the class of speculative execution side channel vulnerabilities, commonly referred to as Spectre and Meltdown, presented a unique challenge to Intel and the entire industry.

    Intel provided microcode updates (MCU) supporting nearly 10 years of Intel® products, which were coupled with updates from our partners to help protect against these vulnerabilities.

    We have also taken steps to integrate these protections into our hardware.

    Side Channel Mitigation by Product CPU Model
    The table below provides details on how the protections are integrated into Intel® products:"

    See the above URL for the wide tables to find your CPU - if listed - and if it is find out which was the first "stepping" that solves the vulnerabilities listed in hardware (not all vulnerabilities are fixed in hardware yet).

    schmidtbag 05-21-2019, 09:01 AM
    "This is one of the few situations where I've actually been able to notice the performance losses without needing benchmarks to confirm my observations. I've noticed my i3 Haswell laptop getting slower and my overall CPU usage going up the past few months."
    https://www.phoronix.com/forums/for...tel-dual-core-ht-laptop?p=1100561#post1100561

    teresaejunior 05-21-2019, 02:02 PM
    "This is so much fun. Slower I/O, memory allocation, network latency. Some SSDs work at almost half speed. Thanks, Intel."
    https://www.phoronix.com/forums/for...tel-dual-core-ht-laptop?p=1100705#post1100705
     
    Last edited: May 28, 2019
    Vasudev likes this.
  10. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,185
    Messages:
    19,393
    Likes Received:
    24,143
    Trophy Points:
    931
    I hope you find it helpful to hear from the perspective of a semiconductor security POV.

    Meltdown, Spectre And Foreshadow
    Why security must be addressed at the architectural rather than the micro-architectural level.
    Semiconductor Engineering
    Published on Jun 1, 2019
    Ben Levine, senior director of product management for Rambus’ Security Division, talks with Semiconductor Engineering about hardware-specific attacks, why they are so dangerous, and how they work


    Welcome to Semiconductor Engineering
    https://semiengineering.com/

    I believe that the initial response to Spectre / Meltdown Vulnerabilities that CERT gave us "to replace the vulnerable CPU with another CPU that isn't vulnerable", is the only real solution, and has been all along:

    "But the Computer Emergency Response Team, or CERT, has issued a statement saying there is only one way to fix the vulnerability: replace the CPU.

    CERT is based at Carnegie Mellon University and is officially sponsored by the U.S. Department of Homeland Security’s Office of Cybersecurity and Communications.

    The underlying vulnerability is primarily caused by CPU architecture design choices,” CERT researchers wrote. “Fully removing the vulnerability requires replacing vulnerable CPU hardware.

    They also advise users to apply the various software patches but note that this will only mitigate the underlying hardware vulnerability."
    https://venturebeat.com/2018/01/04/...nd-spectre-vulnerabilities-is-to-replace-cpu/

    CERT now has a less curt more detailed yet similar statement in their online Solutions as it exists today:

    "...
    Apply updates
    Operating system, CPU microcode updates, and some application updates mitigate these attacks. Note that in many cases, the software fixes for these vulnerabilities will have a negative affect on system performance. Also note that Microsoft Windows systems will no longer receive security updates via Windows Update if they are not running compliant anti-virus software. As with deploying any software updates, be sure to prioritize and test updates as necessary.

    Consider CPU Options
    Initial reports from the field indicate that overall system performance is impacted by many of the available patches for these vulnerabilities. Depending on the software workflow and the CPU capabilities present, the performance impact of software mitigations may be non-trivial and therefore may become an ongoing operational concern for some organizations.

    While we recognize that replacing existing CPUs in already deployed systems is not practical, organizations acquiring new systems should evaluate their CPU selection in light of the expected longevity of this vulnerability in available hardware as well as the performance impacts resulting from the various platform-specific software patches.

    Deployment contexts and performance requirements vary widely, and must be balanced by informed evaluation of the associated security risks. Contact your system vendor to determine if the CPU and operating system combination will experience a performance penalty due to software mitigations for these vulnerabilities."
    https://www.kb.cert.org/vuls/id/584653/

    CERT said it the way it is, which is the only way it should be stated when communicating urgent and clear security solutions. Plainly and simply.

    But, now with more text wrapped around it to make it less scarily blunt, because so many from outside of the security world were drawn in to read their statements.

    I'm as exposed as others with my Intel hardware, some of it without even so much as a firmware patch available to protect it in conjunction with OS protections, even though that once expensive hardware is perfectly adequate to do work today, and for many years to come.
     
    Last edited: Jun 4, 2019
Loading...
Similar Threads - Vulnerabilities Meltdown Spectre
  1. Starlight5
    Replies:
    14
    Views:
    863

Share This Page