'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

Page 19 of 54
  1. itman

    itman Registered Member

    This only would stop a Javascript based attack. I am sure there are other ways the attack can be deployed.
     
    itman, Jan 11, 2018
    #451
  2. paulderdash

    paulderdash Registered Member

    WBD - do you have a 4th gen (Haswell) or earlier processor?
     
    paulderdash, Jan 11, 2018
    #452
  3. reasonablePrivacy

    reasonablePrivacy Registered Member

    I don't think so. Exploiting Spectre requires user to execute code on computer. Scripts in Javascript are a programs temporary installed by websites (not in a typical OS meaning, but they re) and executed in browser. If you don't have Javascript (and WebAssembly) enabled, you don't have a way to exploit Spectre. At least in browser.
     
    reasonablePrivacy, Jan 11, 2018
    #453
  4. itman

    itman Registered Member

    As far as I am concerned, this still remains the best test for Spectre: https://repl.it/repls/DeliriousGreenOxpecker . Granted it is "attacking" its own code running on the web server, the established assumption is it is enough proof to show you are still vulnerable.

    Intel folks that are fully patched now should access the site in their browsers and determine if the wording "The Magic Words are Squeamish Ossifrage" in the displayed output.
     
    itman, Jan 11, 2018
    #454
  5. mary7

    mary7 Registered Member

    I have a question:

    my desktop as BIOS 255 from 05/26/2015 System model: ASUS all series so what I have to put on the Asus site to search for the BIOS update?
     
    mary7, Jan 11, 2018
    #455
  6. itman

    itman Registered Member

    Based on what is described here: http://www.tomshardware.com/news/meltdown-spectre-exploit-browser-javascript,36221.html and other like articles, its not an issue of use of javacript by the browsers as much as javascript processing mechanisms within the browser for example could be exploited as one attack scenario:
    In other words, the software vendors are currently doing "Band-Aid" patches to mitigate known and currently demonstrated vulnerabilities.
     
    itman, Jan 11, 2018
    #456
  7. paulderdash

    paulderdash Registered Member

    Should these words appear if patched, or not?

    On all 3 laptops I get únclear'...
     
    paulderdash, Jan 11, 2018
    #457
  8. pling_man

    pling_man Registered Member

    I don't get how this works. The code isn't running on the local machine is it?

    Even fully patched machines or non-vulnerable machines (my raspberry pi for example) will see those words?
     
    pling_man, Jan 11, 2018
    #458
  9. Minimalist

    Minimalist Registered Member

    https://thepeninsulaqatar.com/artic...sider-Intel-rivals-after-security-flaws-found
     
    Minimalist, Jan 11, 2018
    #459
  10. Minimalist

    Minimalist Registered Member

    I get similar results after OS and browser updates were installed.
     
    Minimalist, Jan 11, 2018
    #460
  11. reasonablePrivacy

    reasonablePrivacy Registered Member

    Yes, the server is indeed still vulnerable to Spectre.
    Everybody (AMD, ARM, Intel users whether patched or not)are going to see the same result, because test runs on remote server.

    Code:
    Unclear: 0x54=’T’
    This means that with high probability there is a character T.
    See next line for second character and so on. Resize or copy paste result to notepad for better visibility.
     
    reasonablePrivacy, Jan 11, 2018
    #461
  12. pling_man

    pling_man Registered Member

    What I meant was this test only checks the server. It doesn't matter of the local PC is patched or not.
     
    pling_man, Jan 11, 2018
    #462
  13. Infected

    Infected Registered Member

    Code:
    gcc version 4.6.3
  
Reading 40 bytes:
Reading at malicious_x = 0xffffffffffdffaa8... Unclear: 0x54=’T’ score=999 (second best: 0xA2 score=610)
Reading at malicious_x = 0xffffffffffdffaa9... Unclear: 0x68=’h’ score=996 (second best: 0xC8 score=646)
Reading at malicious_x = 0xffffffffffdffaaa... Unclear: 0x65=’e’ score=994 (second best: 0xE5 score=726)
Reading at malicious_x = 0xffffffffffdffaab... Unclear: 0x20=’ ’ score=998 (second best: 0x82 score=708)
Reading at malicious_x = 0xffffffffffdffaac... Unclear: 0x4D=’M’ score=998 (second best: 0xF8 score=833)
Reading at malicious_x = 0xffffffffffdffaad... Unclear: 0x61=’a’ score=998 (second best: 0x8C score=753)
Reading at malicious_x = 0xffffffffffdffaae... Unclear: 0x67=’g’ score=998 (second best: 0xE5 score=841)
Reading at malicious_x = 0xffffffffffdffaaf... Unclear: 0x69=’i’ score=998 (second best: 0x89 score=868)
Reading at malicious_x = 0xffffffffffdffab0... Unclear: 0x63=’c’ score=999 (second best: 0x89 score=829)
Reading at malicious_x = 0xffffffffffdffab1... Unclear: 0x20=’ ’ score=998 (second best: 0xE5 score=818)
Reading at malicious_x = 0xffffffffffdffab2... Unclear: 0x57=’W’ score=995 (second best: 0xA2 score=796)
Reading at malicious_x = 0xffffffffffdffab3... Unclear: 0x6F=’o’ score=998 (second best: 0x89 score=890)
Reading at malicious_x = 0xffffffffffdffab4... Unclear: 0x72=’r’ score=998 (second best: 0x40 score=814)
Reading at malicious_x = 0xffffffffffdffab5... Unclear: 0x64=’d’ score=998 (second best: 0x89 score=754)
Reading at malicious_x = 0xffffffffffdffab6... Unclear: 0x73=’s’ score=997 (second best: 0xF9 score=776)
Reading at malicious_x = 0xffffffffffdffab7... Unclear: 0x20=’ ’ score=999 (second best: 0xE5 score=832)
Reading at malicious_x = 0xffffffffffdffab8... Unclear: 0x61=’a’ score=998 (second best: 0x89 score=772)
Reading at malicious_x = 0xffffffffffdffab9... Unclear: 0x72=’r’ score=998 (second best: 0xE5 score=808)
Reading at malicious_x = 0xffffffffffdffaba... Unclear: 0x65=’e’ score=991 (second best: 0x89 score=820)
Reading at malicious_x = 0xffffffffffdffabb... Unclear: 0x20=’ ’ score=998 (second best: 0x8C score=803)
Reading at malicious_x = 0xffffffffffdffabc... Unclear: 0x53=’S’ score=999 (second best: 0xE5 score=802)
Reading at malicious_x = 0xffffffffffdffabd... Success: 0x71=’q’ score=45 (second best: 0xCA score=20)
Reading at malicious_x = 0xffffffffffdffabe... Unclear: 0x75=’u’ score=998 (second best: 0x41 score=770)
Reading at malicious_x = 0xffffffffffdffabf... Unclear: 0x65=’e’ score=996 (second best: 0xF8 score=777)
Reading at malicious_x = 0xffffffffffdffac0... Unclear: 0x61=’a’ score=995 (second best: 0xE5 score=752)
Reading at malicious_x = 0xffffffffffdffac1... Unclear: 0x6D=’m’ score=995 (second best: 0x8D score=710)
Reading at malicious_x = 0xffffffffffdffac2... Unclear: 0x69=’i’ score=998 (second best: 0x89 score=728)
Reading at malicious_x = 0xffffffffffdffac3... Unclear: 0x73=’s’ score=999 (second best: 0x8C score=761)
Reading at malicious_x = 0xffffffffffdffac4... Unclear: 0x68=’h’ score=994 (second best: 0xE5 score=738)
Reading at malicious_x = 0xffffffffffdffac5... Unclear: 0x20=’ ’ score=997 (second best: 0xE5 score=735)
Reading at malicious_x = 0xffffffffffdffac6... Unclear: 0x4F=’O’ score=998 (second best: 0x89 score=730)
Reading at malicious_x = 0xffffffffffdffac7... Unclear: 0x73=’s’ score=998 (second best: 0xF8 score=782)
Reading at malicious_x = 0xffffffffffdffac8... Unclear: 0x73=’s’ score=997 (second best: 0x89 score=824)
Reading at malicious_x = 0xffffffffffdffac9... Unclear: 0x69=’i’ score=999 (second best: 0x8C score=817)
Reading at malicious_x = 0xffffffffffdffaca... Unclear: 0x66=’f’ score=999 (second best: 0x82 score=866)
Reading at malicious_x = 0xffffffffffdffacb... Unclear: 0x72=’r’ score=998 (second best: 0x89 score=802)
Reading at malicious_x = 0xffffffffffdffacc... Unclear: 0x61=’a’ score=990 (second best: 0x21 score=764)
Reading at malicious_x = 0xffffffffffdffacd... Unclear: 0x67=’g’ score=997 (second best: 0xE5 score=726)
Reading at malicious_x = 0xffffffffffdfface... Unclear: 0x65=’e’ score=992 (second best: 0x41 score=634)
Reading at malicious_x = 0xffffffffffdffacf... Unclear: 0x2E=’.’ score=998 (second best: 0x89 score=791)
     
    Infected, Jan 11, 2018
    #463
  14. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Linux kernel versions older than 4.14 have less secure and buggier patches:
    https://news.ycombinator.com/item?id=16087736

    The test is not reliable. Tested an unpatched Firefox on unpatched OS on affected CPU, test says it is not vulnerable.
    Also keep in mind that the current Firefox patch and upcoming Chrome patch is only a partial, short-term migitation:
    https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
     
    BoerenkoolMetWorst, Jan 11, 2018
    #464
  15. guest

    guest Guest

    Check Linux for Spectre or Meltdown vulnerability
    https://www.ghacks.net/2018/01/11/check-linux-for-spectre-or-meltdown-vulnerability/
     
    guest, Jan 11, 2018
    #465
  16. liba

    liba Registered Member

    liba, Jan 11, 2018
    #466
  17. noway

    noway Registered Member

    Until things get settled, I wonder if it would help if after dealing with something sensitive (banking and other stuff that might be in memory that you don't want others to access) you shut off your computer and unplug it for a minute before plugging back in and going back to regular (non-sensitive) browsing? To clear the memory.
     
    Last edited: Jan 11, 2018
    noway, Jan 11, 2018
    #467
  18. Sampei Nihira

    Sampei Nihira Registered Member

    Last edited: Jan 11, 2018
    Sampei Nihira, Jan 11, 2018
    #468
  19. Sampei Nihira

    Sampei Nihira Registered Member

    Sampei Nihira, Jan 11, 2018
    #469
  20. reasonablePrivacy

    reasonablePrivacy Registered Member

    https://twitter.com/Taiki__San/status/950059312940044288
    https://twitter.com/ben_a_adams/status/949461631658053632
    https://twitter.com/matiasgoldberg/status/950911652555304960
     
    reasonablePrivacy, Jan 11, 2018
    #470
  21. WildByDesign

    WildByDesign Registered Member

    Mine is 4th generation. Link: https://ark.intel.com/products/76616/Intel-Core-i7-4600U-Processor-4M-Cache-up-to-3_30-GHz

    I was under the impression that as long as it supports PCID/INVPCID that performance degradation would be minimal if at all. But even watching CCleaner, for example, has a 3x longer delay during Analyze stage. Starting Thunderbird and Chrome also, for example, have longer delays.

    So therefore it seems that the BIOS/microcode updates which enable hardware support for mitigating Spectre and Meltdown is what is causing performance delay and not the operating system workarounds to mitigate. This is going to be interesting...
     
    WildByDesign, Jan 11, 2018
    #471
  22. Sampei Nihira

    Sampei Nihira Registered Member

    Sampei Nihira, Jan 11, 2018
    #472
  23. guest

    guest Guest

    It also depends on the generation.
    Haswell and older: "more significant slowdowns" can be seen and the instructions to disable branch speculations are not "optimized", but on newer CPUs the instructions are refined so the performance penalty is much less.
    The speed of SSDs might suffer a liittle bit:
     
    Last edited by a moderator: Jan 11, 2018
    guest, Jan 11, 2018
    #473
  24. itman

    itman Registered Member

    Last edited: Jan 11, 2018
    itman, Jan 11, 2018
    #474
  25. deBoetie

    deBoetie Registered Member

    Browser/JS is easily the most dangerous way these exploits will arrive. Otherwise it's via the other ways "standard" malware arrives, but I can't really see the point of that from a "normal" malware writer's point of view - you'd just continue the attack through the many many exploits that are possible and give you a higher level of persistence, access and escalation. Spectre simply isn't very valuable for that, what it does do is allow stealing secrets in own and other processes, and is very much harder to mitigate and detect.

    Hence being paranoid about JS right now - except it's not paranoid.
     
    deBoetie, Jan 11, 2018
    #475
Page 19 of 54
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice