Jump to content











Photo
- - - - -

CPU Microcode Update Driver

spectre meltdown

  • Please log in to reply
58 replies to this topic

#26 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14291 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 15 January 2018 - 02:52 PM

Bad news: A Spectre-like flaw will probably happen again
 
 
https://www.cnet.com...ars-pcs-phones/

Those are not "bad" or "good" news, they are "generic non-news".

 

A bug may be found that may ..., that is what we already know, and have always known, experts have been saying this all the time, including Armand Gracious ;):

https://www.dedoimed...rs/experts.html

 

Maybe it wasn't the image that was creating panic and getting people confused, it was you. :dubbio:

 

:duff:

Wonko



#27 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 15 January 2018 - 03:09 PM

I do not know why, but I believe Simon Segars concerns. He is chip designer ARM Holdings.

Maybe it wasn't just me .

Anyway, I wrote everything I had.

I can go to the cave where I came from. :buehehe:


p.s.


https://betanews.com...atches-malware/

:D



#28 Mr B

Mr B

    Newbie

  • Members
  • 17 posts
  •  
    Sweden

Posted 15 January 2018 - 07:10 PM

If you do not count CPUs without speculative execution the only safe device is probably the Abacus. :buehehe:

I think we are missunderstanding one and other, or, i hope so. My point was, that any CPU without it, is pretty much safe. This time around. While VIA simply weren't able to make competetive CPU's and therefor went and tried to make really energy efficient ones, and therefore excluded it in early versions, AMD included it in their low wattage units (to the best of my knowledge, all of them) in order to stay competetive. Intel, did both. First they didn't include it in the Atom family CPU's, and decided they had enough of a performance lead to remain competetive, and later they added it, as a cheap n' simple way to make the CPU ever so slightly more power hungry, but get more performance from them. Strictly speaking about Atom's here.
ARM CPU's have been developed both with, and without, in parallel, Since ARM wanted to be able to deliver designs that were both very power efficient, and ones that are more high performing.
I honestly don't really care much about the whole spectacle. Patch a few days after the patches are made available, let others take the initial hit from being early adopters, and stuff like borked patches will be pulled before you get there, and you will still be patched soon enough that as a end user, / consumer, the security risk remains negligible. Nobody could have prevented this, and now that it's a known issue, everyone is trying to fix it. Sadly. THAT is where i get upset.
It turns out that even if ARM, Intel, AMD, VIA, and so fourth, all create a patch for your specific application, your hardware vendor, be it the motherboard manufacturer, or the phone manufacturer, may very well not give a damn about forwarding that patch in a useful format to you as a end user. People still build "gaming rigs" on Core 2 Duo & Core 2 Quad systems for gods sake. Manufacturers like MSI that has clearly stated that they have no interest in providing updated BIOS binary's for anything past the previous generation, that just isn't cool.

 

Bad news: A Spectre-like flaw will probably happen again

Of course it will. It is just a matter of time. In something as complex as a modern CPU, there will always be flaws. Someone will find them. Sooner or later. And then someone will do their best to fix them.
 

Those are not "bad" or "good" news, they are "generic non-news".

Pretty much, yeah.
 

I do not know why, but I believe Simon Segars concerns. He is chip designer ARM Holdings.

Nobody said it was wrong. It's just not that relevant. Bugs are found, and squashed all the time. Old bugs or new, it doesn't really matter. It is an issue when black hats get a hold of them before the uh, good guys do. No, not the good guys, the service, and hardware providers. They have an interest in keeping us as safe as possible, so that we trust their brand, and keep spending out money. Thats why stuff like NSA leaked tools create huge havoc, where as this, which is a much larger security issue, with a much wider spectrum, has yet to see anyone attacked. Someone found the security issue, and adopted it for nefarious use much faster then most people could/would patch for it.

Edited by Mr B, 15 January 2018 - 07:11 PM.


#29 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 15 January 2018 - 07:36 PM

Thats why stuff like NSA leaked tools create huge havoc, where as this, which is a much larger security issue, with a much wider spectrum, has yet to see anyone attacked. Someone found the security issue, and adopted it for nefarious use much faster then most people could/would patch for it.

 
The only good thing in the whole story is that all processor manufacturers will have to open up everything.
All Appendixes for Processor Architecture. To succeed for the fight Spectre.
We are all equally unsecure. From retirees to experts in the NSA.
Or maybe those in the NSA do not use Intel processors?
Or maybe they have workarounds to disable Spectre ?
And the pressure in public opinion will be worse and worse ...
The strange thing is who discovered this bugs and where. Scientists from Graz.
Yes. Someone will find them. Respectively BND. And then NSA will do their best to fix them  :buehehe:



#30 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10533 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 15 January 2018 - 07:45 PM

Graz seems to be in Austria, likely not so related to the BND: https://her.is/2B4ANLi

 

In either case wouldn't imagine the BND and friends with interest in exposing this feature, unless some other parties on the eastern sides of the globe had also discovered the same trick. People might forget how just 1~2 months ago there was also this big fuss about the hidden CPU running on Minix, that was no secret its sinister usage. Still, the news made a big fuss.

 

Might be the case that someone discovered that someone else knew more about these CPUs than desired, and that it was time to burn these entry points.


  • Mikorist likes this

#31 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 15 January 2018 - 07:53 PM

Graz seems to be in Austria, likely not so related to the BND: https://her.is/2B4ANLi

 
1.jpg

Cyberus Technology is accidentally in Dresden, Germany.

But never mind.
 
Just look at their CVs . They're pretty interesting.    :P
  • Nuno Brito likes this

#32 alacran

alacran

    Silver Member

  • Advanced user
  • 630 posts
  •  
    Mexico

Posted 15 January 2018 - 08:06 PM

experts have been saying this all the time, including Armand Gracious ;):

https://www.dedoimed...rs/experts.html

:duff:

Wonko

 Quote from your link:

 

 

Experts say ...


experts_armand.jpgInternet no longer safe


Posted by Armand Gracious, August 18, 2027, 13:33

 

It seams to me this guy should know very well what he says, since this article is from August 18, 2027.

 

alacran


  • Mikorist likes this

#33 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 15 January 2018 - 08:12 PM

 Quote from your link:

 

 

It seams to me this guy should know very well what he says, since this article is from August 18, 2027.

 

alacran

:party_time:



#34 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10533 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 15 January 2018 - 08:48 PM

Cyberus Technology is accidentally in Dresden, Germany.

 

It does make somewhat of a difference. They're really friendly to people who visit their site too.

 

giphy.gif



#35 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 15 January 2018 - 09:07 PM

It does make somewhat of a difference. They're really friendly to people who visit their site too.
 
giphy.gif

They're really friendly.
And they have a pretty impressive accomplishment and credit report for a company that's just a 8 months old  ;) 
Spoiler


#36 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14291 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 16 January 2018 - 10:03 AM

 Quote from your link:

 

 

It seams to me this guy should know very well what he says, since this article is from August 18, 2027.

 

alacran

Not really-really.

The date of his article is periodically updated, JFYI:

https://web.archive....rs/experts.html

we have traces of it being published in 2007 (dated 2009 of course, Armand Gracious is always ahead of his time and living in the future, just like all experts are).

 

And the word for today is:
https://en.wikipedia.org/wiki/Parody

 

 

:duff:

Wonko



#37 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 16 January 2018 - 10:19 AM

living in the future, just like all experts are).

 
 
Or they work in non-existent companies. Old couple months. :eek:
Made for one-time use. By agency.
To discover a CPU bug which has not been discovered by anyone last 20 years
and all the time was there.
 
 "The Hitchhiker's Guide to the Galaxy" is one of their favourite books.
1.jpg
 
It seems to be the crucial key to finding Meltdown - Spectre. :hyper:
 
 
 
Of course - I create panic in the whole story .  :buehehe: 


#38 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14291 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 16 January 2018 - 10:50 AM

Of course - I create panic in the whole story


Naah, you are not creating anything - unfortunately - you are just contributing to senselessly and aimlessly spread it.
 
Guess WHAT EXACTLY is on the cover of  "The Hitchhiker's Guide to the Galaxy"?
 
DON'T PANIC
 
(in large, friendly letters)


 
:duff:
Wonko


  • Nuno Brito and Mikorist like this

#39 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 16 January 2018 - 03:54 PM

Naah, you are not creating anything - unfortunately - you are just contributing to senselessly and aimlessly spread it.
 
Guess WHAT EXACTLY is on the cover of  "The Hitchhiker's Guide to the Galaxy"?
 
DON'T PANIC
 
(in large, friendly letters)


 
:duff:
Wonko

3c7118e82f0880b0e13c7da6a4b9ca62.jpg


  • Nuno Brito likes this

#40 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14291 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 16 January 2018 - 04:43 PM

Actually more like:

056347789X.02.LZZZZZZZ.jpg
 
:duff:
Wonko



#41 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 16 January 2018 - 05:02 PM



#42 Mr B

Mr B

    Newbie

  • Members
  • 17 posts
  •  
    Sweden

Posted 16 January 2018 - 11:47 PM

The only good thing in the whole story is that all processor manufacturers will have to open up everything.

That isn't going to happen. And the reason is simple. IF they did, any number of issues like this will surface. Not that they know of them before hand, but a lot of people will dig in to the resources, and find their own exploits. Some wont be benevolent about it either.
Turning something like a OS, or a CPU in to open source, isn't done lightly, after it's been iterated on for years, as closed source.

#43 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 17 January 2018 - 04:27 AM

That isn't going to happen. And the reason is simple. IF they did, any number of issues like this will surface. Not that they know of them before hand, but a lot of people will dig in to the resources, and find their own exploits. Some wont be benevolent about it either.
Turning something like a OS, or a CPU in to open source, isn't done lightly, after it's been iterated on for years, as closed source.


That's exactly was happened. But manufacturers did not do it. This was done by a small company from Dresden instead of them.
And that's exactly the result. Any number of issues comes every day. It could be even worse, since we don't know clear how quickly
can Intel (or anyone else) find an suitable alternative design that can eliminate this bug forever while not sacrificing performance.

What would they replace x86 with?

I think it's the only way out Open Source Processor.

Like RISC . The Parallella 16-core Epiphany RISC SOC
https://www.parallella.org/board/
http://adapteva.com/...1_datasheet.pdf

And what do you think where is CEO at Adapteva after this employed?  https://www.linkedin...andreasolofsson  :whistling:

 

As closed source - manufacturers showing smug, believing no one can threaten them or make them change their ways.
And their closed source is what got us to where we are now - a severely damaged architecture , believing they can do no wrong.
Like they are God.


  • Nuno Brito likes this

#44 Mr B

Mr B

    Newbie

  • Members
  • 17 posts
  •  
    Sweden

Posted 17 January 2018 - 10:43 AM

That's exactly was happened.

I suspect this is something of a language barrier. But no, This isn't the result of anyone handing over designs, and someone else from this figuring out a weakness. This is a lot of hard work, to reverse engineer the chip, figure out what makes a very small part of it tick, and then finding a flaw in that. If you hand over the designs openly, you may find that there is something similar in pretty much any part, or function of the CPU. (Unrealistic, but there could be.) With a few 100 thousand persons trying to find a weak spot, exploits would be discovered a lot faster then they could be fixed, and as i said before, not everyone looking for exploits would turn over their results to the companies in order for a small reward...

But manufacturers did not do it. This was done by a small company from Dresden instead of them.

Of course this wasn't done by the manafacturors. They have been going over the code for years, and more or less decided that this stuff was safe, and being told other-ways is of course a shock.

And that's exactly the result. Any number of issues comes every day. It could be even worse, since we don't know clear how quickly
can Intel (or anyone else) find an suitable alternative design that can eliminate this bug forever while not sacrificing performance.

Issues like these pretty much never have been exposed before, in a CPU. What comes close is Intels Management Engine, but that isn't really a "CPU" issue, and doesn't affect anyone else but Intel.

What would they replace x86 with?

Nothing. But why would they? This isn't a x86 issue.

I think it's the only way out Open Source Processor.

Again, this is not, and have never been, about open, or closed source. Amber, LEON, OpenSparc, Parallax Propeller, ZPU, & Zet, are open source CPU's. Not that they are all under active development, or that they can compete with modern CPU's, but that shouldn't need pointing out. Investing large chunks of research in developing open source chips, just to have the next competitor use it for free, will only make you go out of business.

As closed source - manufacturers showing smug, believing no one can threaten them or make them change their ways.
And their closed source is what got us to where we are now - a severely damaged architecture , believing they can do no wrong.

The source is closed for two reasons. To keep the designs somewhat secret from the competition, and to prevent people with nefarious intent from easily finding exploits like these. Hardware developers aren't smug and thinking "nobody can touch us", it's quite the opposite, "Holy shit we are vulnerable, i sure hope we can stay on top of this."
I don't understand why people keep thinking this is something anyone did with intent to screw anyone, especially them, over.

#45 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 18 January 2018 - 12:37 AM

Issues like these pretty much never have been exposed before, in a CPU. What comes close is Intels Management Engine, but that isn't really a "CPU" issue, and doesn't affect anyone else but Intel.

 
1.png

Never say never.  ( I just said twice ) And read red  bottom line.   :rolleyes:
 
Btw. Simha is Prof at Columbia CS: Computer Architecture; Computer Security; and how to use architecture to improve security.
 
He knows very well what he's talking about. "Unlike amateur clammers, who usually dig clams by hand during the summer"
 
For those interested in the papers above: here are links: (SVF) http://www.cs.columbia.edu/~simha/preprint_isca12_svf.pdf ; Time Warp http://www.cs.columbia.edu/~simha/preprint_isca12_tw.pdf ; and Side-Channel Vulnerability Metrics: SVF vs. CSV  http://wcs.columbia.edu/~simha/wddd_svf.pdf 

#46 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14291 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 18 January 2018 - 03:58 PM

 

Bottom line: Basically any shared structure can leak information.

 

And the word for today is:

https://en.wikipedia.org/wiki/Truism

 

:duff:

Wonko



#47 Mr B

Mr B

    Newbie

  • Members
  • 17 posts
  •  
    Sweden

Posted 18 January 2018 - 08:49 PM

I'm not sure exactly what the picture above is supposed to suggest. Yes, shared resources CAN leak. Keyword being CAN. Everyone involved thought they had shut this sharing of data down, but it turns out, there was a flaw in the implemented security. Dude above never pointed to a specific issue, but was talking about a theoretical problem. As i said, to my knowledge this kind of flaw pretty much never have been exposed before, but it will be again, it's just a matter of time, and it always only was a matter of time.

#48 agni

agni

    Frequent Member

  • Tutorial Writer
  • 270 posts
  • Location:Bengaluru (Bangalore)
  •  
    India

Posted 19 January 2018 - 05:14 AM

I have a very basic question - I have not completely read the details of the vulnerability and hence the question.

 

Using either Spectre or Meltdown, what exactly can be done ? Can system privileges be obtained from a guest account on a Window OS ? Can keystrokes be captured ? 

 

I understand ( i may be wrong here) that the vulnerability allows certain special areas of the memory to be accessed. How does this help a hacker ?



#49 omniplex

omniplex

    Newbie

  • Members
  • 12 posts
  •  
    Germany

Posted 22 January 2018 - 01:38 AM

Unfortunatelly after running SpecuCheck I got this:

 

 

Nothing unusual, the NT Kernel is loaded before your device driver, and decides what you have, with your result "disabled due to lack of microcode" in time to do anything.. For older CPUs like my core i3 we'd need the Linux-Microcode (you have that, I don't, because Intel first tries this with newer CPUs), and an old MBR BIOS without tricks (harddisk encryption, TPM, ...), where you can insert the Microcode business before the NT Kernel is loaded, Actually I was confident to find a simple recipe here, but apparently that's not yet the case. On a German forum somebody allegedly managed this with Grub on a stick, Not what I'm looking for, I'd want it on my one and only MBR harddisk.

 

Unrelated, of course a WINE 3.0 published 4 days ago and tested after a code freeze weeks ago in 2017 cannot yet deploy new GCC options published in 2018. Just because it's Linux doesn't mean that they can do time travel- ;)



#50 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 22 January 2018 - 01:58 AM

I have a very basic question - I have not completely read the details of the vulnerability and hence the question.
 
Using either Spectre or Meltdown, what exactly can be done ? Can system privileges be obtained from a guest account on a Window OS ? Can keystrokes be captured ? 
 
I understand ( i may be wrong here) that the vulnerability allows certain special areas of the memory to be accessed. How does this help a hacker ?


It's pointless though since Spectre in general is overblown. This concrete example of Spectre PoC from pdf above is to read special areas of the memory, but many of us have known how to do that for years.

IMO an average trojan is worse than Spectre on a patched system (Spectre variant 1 + Meltdown). Update your applications and it can't even do anything, but a trojan  :hmm:  still can .

So really the only reason Spectre is talked about is because it also works on Linux and Mac OS. :( 

 

You can (not) imagine what will happen if they can start to (or already they are) compromise ALL Amazon AWS servers with Spectre.

Shared hosting & Cloud's kernel and memory is the biggest problem here.  :lamo: 

I already see the lawsuit of Amazon to Intel. And Google too...And everyone else.

 

Just so you know, the Spectre PoC giving you the magic result isn't a bad thing since it's reading the result from it's own address space.

 

They did not publish PUBLIC the one that directly attacks apps (Inter-Application PoC) and is not harmless. :rofl2: 

 

And I hope they never will. ;) 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users