[ / / / / / / / / / / / / / ] [ dir / biz / choroy / dempart / doomer / komica / magali / mewch / wooo ][Options][ watchlist ]

/tech/ - Technology

You can now write text to your AI-generated image at https://aiproto.com It is currently free to use for Proto members.
Email
Comment *
File
Select/drop/paste files here
Password (Randomized for file and post deletion; you may also set your own.)
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Expand all images

File (hide): bb3f36a1e44797d⋯.pdf (1.17 MB, 1903.00446.pdf) (h) (u)

[–]

 No.1038303>>1038320 >>1038645 [Watch Thread][Show All Posts]

https://archive.fo/0iwVt

>In a research paper distributed this month through pre-print service ArXiv, "SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks," computer scientists at Worcester Polytechnic Institute in the US, and the University of Lübeck in Germany, describe a new way to abuse the performance boost.

>The researchers -- Saad Islam, Ahmad Moghimi, Ida Bruhns, Moritz Krebbel, Berk Gulmezoglu, Thomas Eisenbarth and Berk Sunar – have found that "a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem" reveals memory layout data, making other attacks like Rowhammer much easier to carry out.

>The researchers also examined ARM and AMD processor cores, but found they did not exhibit similar behavior.

>"The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments."

>The issue is separate from the Spectre vulnerabilities, and is not addressed by existing mitigations. It can be exploited from user space without elevated privileges.

>"The root cause for SPOILER is a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem which directly leaks timing behavior due to physical address conflicts," the paper explains.

>SPOILER, the researchers say, will make existing Rowhammer and cache attacks easier, and make JavaScript-enabled attacks more feasible -- instead of taking weeks, Rowhammer could take just seconds. Moghimi said the paper describes a JavaScript-based cache prime+probe technique that can be triggered with a click to leak private data and cryptographic keys not protected from cache timing attacks.

>Mitigations may prove hard to come by. "There is no software mitigation that can completely erase this problem," the researchers say. Chip architecture fixes may work, they add, but at the cost of performance.

THE ABSOLUTE STATE OF INTELAVIV

 No.1038312>>1038316

Isn't speculative execution great?


 No.1038314

I wonder if Intel will seriously consider pushing for RISC-V desktop adoption as their existing chip designs have too many design flaws to fix within a reasonable amount of time.


 No.1038316>>1038592

>>1038312

Where have you personally seen any of these exploits used in the wild?


 No.1038320>>1038445 >>1038633

>>1038303 (OP)

>The researchers also examined ARM and AMD processor cores, but found they did not exhibit similar behavior.

What about POWER?


 No.1038336

these are just jewish tricks. they want to sell new cpus so they make these terrible patches that take away most of the performance.


 No.1038337>>1038364

>There is no software mitigation that can completely erase this problem

Using a hardened browser (e.g. icecat, tor browser) in an operating system that is solely composed of free software bonus points for compiling it yourself?


 No.1038362>>1038369

>Intel

>InTel Aviv

/pol/ is always right


 No.1038364>>1038439

>>1038337

just turn javascript off. anything that is not about displaying text or pictures wont work if its off.


 No.1038369

>>1038362

then get the fuck back there, stormfag


 No.1038398

ahhahahahahhahahah!

"Fuck grsecurity"

--linus.


 No.1038400>>1038642

Remeber: PaX and Spengler have a mitigation vs the spectre and meltdown bugs that doesn't kill performance.

Linus does not.


 No.1038439

>>1038364

This. Websites that literally don't work with javascript on are not worth visiting. With webshits wanting to run on shitty android stuff, there are surprisingly few nowadays. That being said, I'm glad I went full AMD ~2 years ago. Heh.

Would like to go full ARM to be honest, but they are not powerful enough and the ones that are run only on proprietary frankenkernels.


 No.1038445>>1038448 >>1038633

>>1038320

The only modern arch that generally doesn't have speculative execution is MIPS I believe.


 No.1038448>>1038450

>>1038445

older ARMs like the Cortex-A7 and very old Atoms don't have it either but they're quite slow. Older PowerPC CPUs and some of the more exotic chips (like VIA C7 etc.) and Transmeta CPUs should also be safe. That's all very old and slow stuff though.


 No.1038450

>>1038448

Cavium ThunderX doesn't, but ThunderX2 and Qualcomm's big server chip do, at least to a certain extent

>As for the server vendors, it’s a bit hard to determine Qualcomm’s exposure. Centriq is based on the ARMv8 design, but there are a lot of v8 designs, both in 32-bit and 64-bit derivatives. The Centriq core, code-named Falkor, does do branch prediction and out of order execution, so there is a good chance it does have exposure.

>As for Cavium, its chief competitor in the ARM server market, I’m told the ThunderX processor on the market does not have exposure to Meltdown and Spectre, but the ThunderX2, which is not out yet, is vulnerable. There was quite a change between the first and second version of ThunderX because the ThunderX2 is heavily derived from IP acquired from Broadcom in 2016.

>A Cavium spokesman said Cavium processors in production are not susceptible to all three variants of Meltdown. And due to differences in Cavium’s architecture, the company believes there is "a near zero risk to Cavium processors at this time." To mitigate any potential risks for ThunderX2, Cavium has software patches in place.

https://www.networkworld.com/article/3246707/meltdown-and-spectre-how-much-are-arm-and-amd-exposed.html


 No.1038592

>>1038316

When have you ever seen a cryptographic attack in the wild? Does that now mean cryptographic weaknesses don't matter?


 No.1038633

>>1038320

>What about POWER?

Unlikely, it has even less speculative memory stuff than AMD and ARM. Power9 instead has hardware transactional memory available to the programmer to accelerate memory operations which is better than speculative memory for parallel workloads but isn't enabled by default since its kinda niche and has some unpleasant side effects (you can have some memory accesses seemly traveling backward in time) for programs that are expecting a strict memory model like that of x86 and ARM.

>>1038445

This isn't actually speculative execution, its the memory controller speculating what memory is going to be accessed next and loading or storing to system memory and cache(s) it as appropriate.


 No.1038642

>>1038400

>PaX and Spengler

Spoonfeed me.


 No.1038645

>>1038303 (OP)

>Speculative Load Hazards Boost Rowhammer and Cache Attacks

that's not SPOILER, that's SPLHBRCA


 No.1038752

Laughs in N450


 No.1038792

File (hide): 4a829564f1309d0⋯.jpeg (18.79 KB, 800x450, 16:9, serveimage (8).jpeg) (h) (u)


 No.1050030

spoiler / meltdown is patched

also noscript blocks it in your browser



[Return][Go to top][Catalog][Screencap][Nerve Center][Cancer][Update] ( Scroll to new posts) ( Auto) 5
22 replies | 1 images | Page ?
[Post a Reply]
[ / / / / / / / / / / / / / ] [ dir / biz / choroy / dempart / doomer / komica / magali / mewch / wooo ][ watchlist ]