'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    This only would stop a Javascript based attack. I am sure there are other ways the attack can be deployed.
     
  2. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    WBD - do you have a 4th gen (Haswell) or earlier processor?
     
  3. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,004
    Location:
    Member state of European Union
    I don't think so. Exploiting Spectre requires user to execute code on computer. Scripts in Javascript are a programs temporary installed by websites (not in a typical OS meaning, but they re) and executed in browser. If you don't have Javascript (and WebAssembly) enabled, you don't have a way to exploit Spectre. At least in browser.
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    As far as I am concerned, this still remains the best test for Spectre: https://repl.it/repls/DeliriousGreenOxpecker . Granted it is "attacking" its own code running on the web server, the established assumption is it is enough proof to show you are still vulnerable.

    Intel folks that are fully patched now should access the site in their browsers and determine if the wording "The Magic Words are Squeamish Ossifrage" in the displayed output.
     
  5. mary7

    mary7 Registered Member

    Joined:
    Oct 17, 2017
    Posts:
    57
    Location:
    Italy
    I have a question:

    my desktop as BIOS 255 from 05/26/2015 System model: ASUS all series so what I have to put on the Asus site to search for the BIOS update?
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Based on what is described here: http://www.tomshardware.com/news/meltdown-spectre-exploit-browser-javascript,36221.html and other like articles, its not an issue of use of javacript by the browsers as much as javascript processing mechanisms within the browser for example could be exploited as one attack scenario:
    In other words, the software vendors are currently doing "Band-Aid" patches to mitigate known and currently demonstrated vulnerabilities.
     
  7. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Should these words appear if patched, or not?

    On all 3 laptops I get únclear'...
     
  8. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    I don't get how this works. The code isn't running on the local machine is it?

    Even fully patched machines or non-vulnerable machines (my raspberry pi for example) will see those words?
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    https://thepeninsulaqatar.com/artic...sider-Intel-rivals-after-security-flaws-found
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I get similar results after OS and browser updates were installed.
     
  11. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,004
    Location:
    Member state of European Union
    Yes, the server is indeed still vulnerable to Spectre.
    Everybody (AMD, ARM, Intel users whether patched or not)are going to see the same result, because test runs on remote server.

    Code:
    Unclear: 0x54=’T’
    This means that with high probability there is a character T.
    See next line for second character and so on. Resize or copy paste result to notepad for better visibility.
     
  12. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    What I meant was this test only checks the server. It doesn't matter of the local PC is patched or not.
     
  13. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    Code:
    gcc version 4.6.3
      
    Reading 40 bytes:
    Reading at malicious_x = 0xffffffffffdffaa8... Unclear: 0x54=’T’ score=999 (second best: 0xA2 score=610)
    Reading at malicious_x = 0xffffffffffdffaa9... Unclear: 0x68=’h’ score=996 (second best: 0xC8 score=646)
    Reading at malicious_x = 0xffffffffffdffaaa... Unclear: 0x65=’e’ score=994 (second best: 0xE5 score=726)
    Reading at malicious_x = 0xffffffffffdffaab... Unclear: 0x20=’ ’ score=998 (second best: 0x82 score=708)
    Reading at malicious_x = 0xffffffffffdffaac... Unclear: 0x4D=’M’ score=998 (second best: 0xF8 score=833)
    Reading at malicious_x = 0xffffffffffdffaad... Unclear: 0x61=’a’ score=998 (second best: 0x8C score=753)
    Reading at malicious_x = 0xffffffffffdffaae... Unclear: 0x67=’g’ score=998 (second best: 0xE5 score=841)
    Reading at malicious_x = 0xffffffffffdffaaf... Unclear: 0x69=’i’ score=998 (second best: 0x89 score=868)
    Reading at malicious_x = 0xffffffffffdffab0... Unclear: 0x63=’c’ score=999 (second best: 0x89 score=829)
    Reading at malicious_x = 0xffffffffffdffab1... Unclear: 0x20=’ ’ score=998 (second best: 0xE5 score=818)
    Reading at malicious_x = 0xffffffffffdffab2... Unclear: 0x57=’W’ score=995 (second best: 0xA2 score=796)
    Reading at malicious_x = 0xffffffffffdffab3... Unclear: 0x6F=’o’ score=998 (second best: 0x89 score=890)
    Reading at malicious_x = 0xffffffffffdffab4... Unclear: 0x72=’r’ score=998 (second best: 0x40 score=814)
    Reading at malicious_x = 0xffffffffffdffab5... Unclear: 0x64=’d’ score=998 (second best: 0x89 score=754)
    Reading at malicious_x = 0xffffffffffdffab6... Unclear: 0x73=’s’ score=997 (second best: 0xF9 score=776)
    Reading at malicious_x = 0xffffffffffdffab7... Unclear: 0x20=’ ’ score=999 (second best: 0xE5 score=832)
    Reading at malicious_x = 0xffffffffffdffab8... Unclear: 0x61=’a’ score=998 (second best: 0x89 score=772)
    Reading at malicious_x = 0xffffffffffdffab9... Unclear: 0x72=’r’ score=998 (second best: 0xE5 score=808)
    Reading at malicious_x = 0xffffffffffdffaba... Unclear: 0x65=’e’ score=991 (second best: 0x89 score=820)
    Reading at malicious_x = 0xffffffffffdffabb... Unclear: 0x20=’ ’ score=998 (second best: 0x8C score=803)
    Reading at malicious_x = 0xffffffffffdffabc... Unclear: 0x53=’S’ score=999 (second best: 0xE5 score=802)
    Reading at malicious_x = 0xffffffffffdffabd... Success: 0x71=’q’ score=45 (second best: 0xCA score=20)
    Reading at malicious_x = 0xffffffffffdffabe... Unclear: 0x75=’u’ score=998 (second best: 0x41 score=770)
    Reading at malicious_x = 0xffffffffffdffabf... Unclear: 0x65=’e’ score=996 (second best: 0xF8 score=777)
    Reading at malicious_x = 0xffffffffffdffac0... Unclear: 0x61=’a’ score=995 (second best: 0xE5 score=752)
    Reading at malicious_x = 0xffffffffffdffac1... Unclear: 0x6D=’m’ score=995 (second best: 0x8D score=710)
    Reading at malicious_x = 0xffffffffffdffac2... Unclear: 0x69=’i’ score=998 (second best: 0x89 score=728)
    Reading at malicious_x = 0xffffffffffdffac3... Unclear: 0x73=’s’ score=999 (second best: 0x8C score=761)
    Reading at malicious_x = 0xffffffffffdffac4... Unclear: 0x68=’h’ score=994 (second best: 0xE5 score=738)
    Reading at malicious_x = 0xffffffffffdffac5... Unclear: 0x20=’ ’ score=997 (second best: 0xE5 score=735)
    Reading at malicious_x = 0xffffffffffdffac6... Unclear: 0x4F=’O’ score=998 (second best: 0x89 score=730)
    Reading at malicious_x = 0xffffffffffdffac7... Unclear: 0x73=’s’ score=998 (second best: 0xF8 score=782)
    Reading at malicious_x = 0xffffffffffdffac8... Unclear: 0x73=’s’ score=997 (second best: 0x89 score=824)
    Reading at malicious_x = 0xffffffffffdffac9... Unclear: 0x69=’i’ score=999 (second best: 0x8C score=817)
    Reading at malicious_x = 0xffffffffffdffaca... Unclear: 0x66=’f’ score=999 (second best: 0x82 score=866)
    Reading at malicious_x = 0xffffffffffdffacb... Unclear: 0x72=’r’ score=998 (second best: 0x89 score=802)
    Reading at malicious_x = 0xffffffffffdffacc... Unclear: 0x61=’a’ score=990 (second best: 0x21 score=764)
    Reading at malicious_x = 0xffffffffffdffacd... Unclear: 0x67=’g’ score=997 (second best: 0xE5 score=726)
    Reading at malicious_x = 0xffffffffffdfface... Unclear: 0x65=’e’ score=992 (second best: 0x41 score=634)
    Reading at malicious_x = 0xffffffffffdffacf... Unclear: 0x2E=’.’ score=998 (second best: 0x89 score=791)
       
     
  14. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Linux kernel versions older than 4.14 have less secure and buggier patches:
    https://news.ycombinator.com/item?id=16087736

    The test is not reliable. Tested an unpatched Firefox on unpatched OS on affected CPU, test says it is not vulnerable.
    Also keep in mind that the current Firefox patch and upcoming Chrome patch is only a partial, short-term migitation:
    https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
     
  15. guest

    guest Guest

    Check Linux for Spectre or Meltdown vulnerability
    https://www.ghacks.net/2018/01/11/check-linux-for-spectre-or-meltdown-vulnerability/
     
  16. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    344
  17. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    461
    Until things get settled, I wonder if it would help if after dealing with something sensitive (banking and other stuff that might be in memory that you don't want others to access) you shut off your computer and unplug it for a minute before plugging back in and going back to regular (non-sensitive) browsing? To clear the memory.
     
    Last edited: Jan 11, 2018
  18. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,345
    Location:
    Italy
    Last edited: Jan 11, 2018
  19. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,345
    Location:
    Italy
  20. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,004
    Location:
    Member state of European Union
    https://twitter.com/Taiki__San/status/950059312940044288
    https://twitter.com/ben_a_adams/status/949461631658053632
    https://twitter.com/matiasgoldberg/status/950911652555304960
     
  21. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Mine is 4th generation. Link: https://ark.intel.com/products/76616/Intel-Core-i7-4600U-Processor-4M-Cache-up-to-3_30-GHz

    I was under the impression that as long as it supports PCID/INVPCID that performance degradation would be minimal if at all. But even watching CCleaner, for example, has a 3x longer delay during Analyze stage. Starting Thunderbird and Chrome also, for example, have longer delays.

    So therefore it seems that the BIOS/microcode updates which enable hardware support for mitigating Spectre and Meltdown is what is causing performance delay and not the operating system workarounds to mitigate. This is going to be interesting...
     
  22. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,345
    Location:
    Italy
  23. guest

    guest Guest

    It also depends on the generation.
    Haswell and older: "more significant slowdowns" can be seen and the instructions to disable branch speculations are not "optimized", but on newer CPUs the instructions are refined so the performance penalty is much less.
    The speed of SSDs might suffer a liittle bit:
     
    Last edited by a moderator: Jan 11, 2018
  24. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Last edited: Jan 11, 2018
  25. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Browser/JS is easily the most dangerous way these exploits will arrive. Otherwise it's via the other ways "standard" malware arrives, but I can't really see the point of that from a "normal" malware writer's point of view - you'd just continue the attack through the many many exploits that are possible and give you a higher level of persistence, access and escalation. Spectre simply isn't very valuable for that, what it does do is allow stealing secrets in own and other processes, and is very much harder to mitigate and detect.

    Hence being paranoid about JS right now - except it's not paranoid.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.