Arthur T Knackerbracket has found the following story:
[...] The fourth variant can be potentially exploited by script files running within a program – such as JavaScript on a webpage in a browser tab – to lift sensitive information out of other parts of the application – such as personal details from another tab.
According to Intel, mitigations already released to the public for variant 1, which is the hardest vulnerability to tackle, should make attacks leveraging variant 4 much more difficult. In other words, web browsers, and similar programs with just-in-time execution of scripts and other languages, patched to thwart variant 1 attacks should also derail variant 4 exploits.
[...] If the processor core, while looking ahead in a program, finds an instruction that loads data from memory, it will predict whether or not this load operation is affected by any of the preceding stores. For example, if a store is writing to memory that a later load fetches back from memory, you'll want the store to complete first. If a load is predicted to be safe to run, the processor executes it speculatively while other parts of the chip are busy with store operations and other code.
That speculative act involves pulling data from memory into the level-one data cache. If it turns out the program should not have run the load before a store, it's too late to unwind the instruction flow and restart it: part of the cache was touched based on the contents of the fetched data, leaving enough evidence for a malicious program to figure out that fetched data. Repeat this over and over, and gradually you can copy data from other parts of the application. It allows, say, JavaScript running in one browser tab to potentially snoop on webpages in other tabs, for instance.
-- submitted from IRC
(Score: 2) by driverless on Tuesday May 22 2018, @08:27AM (5 children)
And the mitigation, as with the string of other mitigations, is yet another performance-impacting microcode change. At some point with the accumulated hit of all the mitigations it's going to be easier to just dust off an old 486 and run that, at least you know you won't be spending the next ten years applying one performance-affecting microcode patch after another.
(Score: 0) by Anonymous Coward on Tuesday May 22 2018, @08:48AM (2 children)
Or you could just... stop using the spynet.
(Score: 2) by Wootery on Tuesday May 22 2018, @09:24AM (1 child)
You realise this is a website, right?
(Score: 0) by Anonymous Coward on Tuesday May 22 2018, @09:32AM
I'm with the Agency.
(Score: 0) by Anonymous Coward on Tuesday May 22 2018, @10:58AM (1 child)
From TFA (emphasis mine):
So they are providing patches, but they will not be enabled by default. And by not enabling them there will be no observable performance hit. The AC in my car works the same way. It is off by default, and when it is off it has no observable performance impact on my engine's performance or efficiency. But if I enable it because I want to protect myself from the specter of a personal meltdown ... you know the rest.
(Score: 2) by driverless on Tuesday May 22 2018, @11:10AM
That's the vendor of the affected processor telling you that there's a performance hit but it's OK, you don't need to worry about it. I'm going to wait for third-party reports in a couple of weeks to see what the real effect is. And if it's always safely off by default, why provide it in the first place?
Now I'm not saying that it'll be surreptitiously enabled while pretending to be disabled, more that at some point in the future another update will turn it on by default, you know, just in case.
(Score: 2) by opinionated_science on Tuesday May 22 2018, @10:36AM (4 children)
Does this affect AMD cpus?
I read that most of these "OMG!!!!" exploits are mostly Intel, but we seem to have a CPU name missing from the summary....
(Score: 0) by Anonymous Coward on Tuesday May 22 2018, @10:50AM
Yes. According to this article [bleepingcomputer.com] it affects processors made by AMD, ARM, IBM, and Intel (Intel and AMD x86 chipsets, along with POWER 8, POWER 9, System z, and ARM CPUs).
(Score: 4, Insightful) by driverless on Tuesday May 22 2018, @11:12AM (1 child)
AMD and many others. This is an attack on a fundamental architectural issue, not on a particular vendor's design. Expect to see many, many more of these come up now that it's been pointed out, just as we've seen endless stack-smashing attacks since Aleph One pointed the way.
As for me, I'm going back to the 6502. If it was powerful enough to run a T-800, it's powerful enough for me.
(Score: 2) by takyon on Tuesday May 22 2018, @02:36PM
I'm sure you won't regret it.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Tuesday May 22 2018, @02:47PM
From TFA:
So yes, it affects AMD CPUs.
(Score: 4, Insightful) by crafoo on Tuesday May 22 2018, @11:10AM (1 child)
Javascript was a mistake.
The other side of the equation here is that we are expected to be OK with running random code from the internet "in a sandbox" for text & image formatting. and you know, poorly-written custom GUIs.
(Score: 4, Interesting) by takyon on Tuesday May 22 2018, @02:40PM
JavaScript is convenient for what it does, and manageable for power users.
If everyone stopped using JavaScript today, they would just start running pwned applications, or building from bad source. They would continue running random code from the internet. And good code will still have bad bugs. The only real way to be safe is to unplug from the internet.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by DannyB on Tuesday May 22 2018, @02:49PM (1 child)
Recent SN article:
Microsoft Makes Inroads With U.S. Spy Agencies [soylentnews.org]
I speculated that spy agencies might be interested on their "workloads" running on the same underlying hardware as other customer workloads. How would the spy agencies react if Microsoft were to segregate all of the spy agency workloads onto hardware not used by any other customer? Would they suddenly lose interest?
I speculated that there might be yet more unknown vulnerabilities in Intel processors (not to exclude AMD either).
With Intel's known ability to completely own your hardware through Intel Management Engine, and the ability to "fix" meltdown and spectre, I wonder how completely the spy agencies already own all Intel based systems?
Further, imagine the scenario where Intel has certain undocumented instructions, a proper sequence of which would give unprivileged code the ability to access any hardware that such code is not supposed to be able to see. Such as the processor's entire memory layout. Paranoid? I'll laugh at you if you say I'm paranoid. I was paranoid before Snowden -- at which point it turned out that reality was already much worse than my paranoid imaginings.
People today are educated enough to repeat what they are taught but not to question what they are taught.
(Score: 0) by Anonymous Coward on Wednesday May 23 2018, @09:37AM
1) Microsoft bought Skype for them, if the US spy agencies need access they can just send Microsoft a PO or NSL. There's no need to do so much extra work jumping through hoops, loops and virtual machines.
2) And the knife could cut both ways.
(Score: 0) by Anonymous Coward on Tuesday May 22 2018, @02:55PM
reasons_not_to_run_arbitrary_code_from_the_net+=1