SoylentNews is people
SoylentNews
from the hackers-may-violate-your-ring dept.
Intel has backtracked on the license for its latest microcode update that mitigates security vulnerabilities in its processors – after the previous wording outlawed public benchmarking of the chips.
With the Linux 4.19 kernel that just kicked off development this month has been continued churn in the Spectre/Meltdown space, just not for x86_64 but also for POWER/s390/ARM where applicable. For getting an overall look at the performance impact of these mitigation techniques I tested three Intel Xeon systems and two AMD EPYC systems as well as a virtual machine on each side for seeing how the default Linux 4.19 kernel performance -- with relevant mitigations applied -- to that of an unmitigated kernel.
At the BlackHat conference last month, Christopher Domas demonstrated an attack against an x86 CPU using MSR's and an embedded RISC core to bypass ring protections. The full presentation "GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs" is viewable on YouTube. Is it time for CPU vendors to rethink security?
(Score: 0) by Anonymous Coward on Monday September 03 2018, @09:00AM (1 child)
I've mentioned sandsifter last year in the context of blocking javascript and how it could expose secret instructions and microcode capable of circumventing ring privileges: https://soylentnews.org/comments.pl?noupdate=1&sid=22181&page=1&cid=586396#commentwrap [soylentnews.org]
People were fuzzing x86 CPUs for years. Domas recent discovery is important since it proves we weren't being paranoid for worrying about it all these years. But there still no known mass-market hardware being affected so it's not in the "tech journalism" are of coverage.
(Score: 0) by Anonymous Coward on Monday September 03 2018, @10:12AM
I see no problem with some form of mandatory code signing mechanism for javascript or GDPR type click-through for unsigned code.