Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Tuesday May 22 2018, @07:33AM   Printer-friendly
from the [...] dept.

Arthur T Knackerbracket has found the following story:

[...] The fourth variant can be potentially exploited by script files running within a program – such as JavaScript on a webpage in a browser tab – to lift sensitive information out of other parts of the application – such as personal details from another tab.

According to Intel, mitigations already released to the public for variant 1, which is the hardest vulnerability to tackle, should make attacks leveraging variant 4 much more difficult. In other words, web browsers, and similar programs with just-in-time execution of scripts and other languages, patched to thwart variant 1 attacks should also derail variant 4 exploits.

[...] If the processor core, while looking ahead in a program, finds an instruction that loads data from memory, it will predict whether or not this load operation is affected by any of the preceding stores. For example, if a store is writing to memory that a later load fetches back from memory, you'll want the store to complete first. If a load is predicted to be safe to run, the processor executes it speculatively while other parts of the chip are busy with store operations and other code.

That speculative act involves pulling data from memory into the level-one data cache. If it turns out the program should not have run the load before a store, it's too late to unwind the instruction flow and restart it: part of the cache was touched based on the contents of the fetched data, leaving enough evidence for a malicious program to figure out that fetched data. Repeat this over and over, and gradually you can copy data from other parts of the application. It allows, say, JavaScript running in one browser tab to potentially snoop on webpages in other tabs, for instance.

-- submitted from IRC


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2) by driverless on Tuesday May 22 2018, @08:27AM (5 children)

    by driverless (4770) on Tuesday May 22 2018, @08:27AM (#682566)

    And the mitigation, as with the string of other mitigations, is yet another performance-impacting microcode change. At some point with the accumulated hit of all the mitigations it's going to be easier to just dust off an old 486 and run that, at least you know you won't be spending the next ten years applying one performance-affecting microcode patch after another.

    • (Score: 0) by Anonymous Coward on Tuesday May 22 2018, @08:48AM (2 children)

      by Anonymous Coward on Tuesday May 22 2018, @08:48AM (#682570)

      Or you could just... stop using the spynet.

      • (Score: 2) by Wootery on Tuesday May 22 2018, @09:24AM (1 child)

        by Wootery (2341) on Tuesday May 22 2018, @09:24AM (#682582)

        You realise this is a website, right?

        • (Score: 0) by Anonymous Coward on Tuesday May 22 2018, @09:32AM

          by Anonymous Coward on Tuesday May 22 2018, @09:32AM (#682583)

          I'm with the Agency.

    • (Score: 0) by Anonymous Coward on Tuesday May 22 2018, @10:58AM (1 child)

      by Anonymous Coward on Tuesday May 22 2018, @10:58AM (#682597)

      And the mitigation, as with the string of other mitigations, is yet another performance-impacting microcode change.

      From TFA (emphasis mine):

      "To ensure we offer the option for full mitigation and to prevent this method from being used in other ways, we and our industry partners are offering an additional mitigation for Variant 4, which is a combination of microcode and software updates," the [Intel] exec said.

      "This mitigation will be set to off-by-default, providing customers the choice of whether to enable it or not. We expect most industry software partners will likewise use the default-off option. In this configuration, we have observed no performance impact. If enabled, we’ve observed a performance impact of approximately 2-8 per cent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client and server test systems."

      So they are providing patches, but they will not be enabled by default. And by not enabling them there will be no observable performance hit. The AC in my car works the same way. It is off by default, and when it is off it has no observable performance impact on my engine's performance or efficiency. But if I enable it because I want to protect myself from the specter of a personal meltdown ... you know the rest.

      • (Score: 2) by driverless on Tuesday May 22 2018, @11:10AM

        by driverless (4770) on Tuesday May 22 2018, @11:10AM (#682599)

        That's the vendor of the affected processor telling you that there's a performance hit but it's OK, you don't need to worry about it. I'm going to wait for third-party reports in a couple of weeks to see what the real effect is. And if it's always safely off by default, why provide it in the first place?

        Now I'm not saying that it'll be surreptitiously enabled while pretending to be disabled, more that at some point in the future another update will turn it on by default, you know, just in case.

  • (Score: 2) by opinionated_science on Tuesday May 22 2018, @10:36AM (4 children)

    by opinionated_science (4031) on Tuesday May 22 2018, @10:36AM (#682591)

    Does this affect AMD cpus?

    I read that most of these "OMG!!!!" exploits are mostly Intel, but we seem to have a CPU name missing from the summary....

    • (Score: 0) by Anonymous Coward on Tuesday May 22 2018, @10:50AM

      by Anonymous Coward on Tuesday May 22 2018, @10:50AM (#682596)

      Does this affect AMD cpus?

      Yes. According to this article [bleepingcomputer.com] it affects processors made by AMD, ARM, IBM, and Intel (Intel and AMD x86 chipsets, along with POWER 8, POWER 9, System z, and ARM CPUs).

    • (Score: 4, Insightful) by driverless on Tuesday May 22 2018, @11:12AM (1 child)

      by driverless (4770) on Tuesday May 22 2018, @11:12AM (#682601)

      AMD and many others. This is an attack on a fundamental architectural issue, not on a particular vendor's design. Expect to see many, many more of these come up now that it's been pointed out, just as we've seen endless stack-smashing attacks since Aleph One pointed the way.

      As for me, I'm going back to the 6502. If it was powerful enough to run a T-800, it's powerful enough for me.

    • (Score: 0) by Anonymous Coward on Tuesday May 22 2018, @02:47PM

      by Anonymous Coward on Tuesday May 22 2018, @02:47PM (#682651)

      Does this affect AMD cpus?

      From TFA:

      It affects modern out-of-order execution processor cores from Intel, AMD, and Arm, as well as IBM's Power 8, Power 9, and System z CPUs. Bear in mind, Arm cores are used the world over in smartphones, tablets, and embedded electronics.

      So yes, it affects AMD CPUs.

  • (Score: 4, Insightful) by crafoo on Tuesday May 22 2018, @11:10AM (1 child)

    by crafoo (6639) on Tuesday May 22 2018, @11:10AM (#682600)

    Javascript was a mistake.
    The other side of the equation here is that we are expected to be OK with running random code from the internet "in a sandbox" for text & image formatting. and you know, poorly-written custom GUIs.

    • (Score: 4, Interesting) by takyon on Tuesday May 22 2018, @02:40PM

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Tuesday May 22 2018, @02:40PM (#682647) Journal

      JavaScript is convenient for what it does, and manageable for power users.

      If everyone stopped using JavaScript today, they would just start running pwned applications, or building from bad source. They would continue running random code from the internet. And good code will still have bad bugs. The only real way to be safe is to unplug from the internet.

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
  • (Score: 2) by DannyB on Tuesday May 22 2018, @02:49PM (1 child)

    by DannyB (5839) Subscriber Badge on Tuesday May 22 2018, @02:49PM (#682654) Journal

    Recent SN article:
    Microsoft Makes Inroads With U.S. Spy Agencies [soylentnews.org]

    I speculated that spy agencies might be interested on their "workloads" running on the same underlying hardware as other customer workloads. How would the spy agencies react if Microsoft were to segregate all of the spy agency workloads onto hardware not used by any other customer? Would they suddenly lose interest?

    I speculated that there might be yet more unknown vulnerabilities in Intel processors (not to exclude AMD either).

    With Intel's known ability to completely own your hardware through Intel Management Engine, and the ability to "fix" meltdown and spectre, I wonder how completely the spy agencies already own all Intel based systems?

    Further, imagine the scenario where Intel has certain undocumented instructions, a proper sequence of which would give unprivileged code the ability to access any hardware that such code is not supposed to be able to see. Such as the processor's entire memory layout. Paranoid? I'll laugh at you if you say I'm paranoid. I was paranoid before Snowden -- at which point it turned out that reality was already much worse than my paranoid imaginings.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    • (Score: 0) by Anonymous Coward on Wednesday May 23 2018, @09:37AM

      by Anonymous Coward on Wednesday May 23 2018, @09:37AM (#683022)

      I speculated that spy agencies might be interested on their "workloads" running on the same underlying hardware as other customer workloads. How would the spy agencies react if Microsoft were to segregate all of the spy agency workloads onto hardware not used by any other customer? Would they suddenly lose interest?

      1) Microsoft bought Skype for them, if the US spy agencies need access they can just send Microsoft a PO or NSL. There's no need to do so much extra work jumping through hoops, loops and virtual machines.
      2) And the knife could cut both ways.

  • (Score: 0) by Anonymous Coward on Tuesday May 22 2018, @02:55PM

    by Anonymous Coward on Tuesday May 22 2018, @02:55PM (#682656)

    reasons_not_to_run_arbitrary_code_from_the_net+=1

(1)