'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,515
    Location:
    U.S.A.
    As far as Spectre ever being fully mitigated, I believe Cyberbit said it best:
    https://threatpost.com/experts-weigh-in-on-spectre-patch-challenges/129337/
     
  2. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    857
    Location:
    Member state of European Union
    There is also a factor of compiler. You can have patched compiler and compiled code can be mitigated against Spectre, but it doesn't mean every program downloaded from Internet is mitigated. Windows users usually don't compile programs, they just download binary files and run it.

    I think Spectre can be also useful to bypass sandboxes. Usually you need to more than one vulnerability to bypass sandbox. Spectre is only read-only vuln, so you can't use it alone to bypass sandbox. Spectre can be useful in combination with other vulnerabilities, because exploiting other vulnerabilities often needs leaked information.
     
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,709
    Location:
    UK
    Good points, and for programs that don't need internet access, sandboxes and RBAC can prevent exfiltration of a successful Spectre-class attack.

    The other BIG area for mitigation is the one that's been obvious for some time, yet not mandated even on websites dealing with money:- get proper 2FA like U2F implemented. Then secret stealing won't be such a threat. There's also quite a lot that could be done with HSM for storing certificates outside the memory space, and various forms of co-processors, doing similar things.
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,515
    Location:
    U.S.A.
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,515
    Location:
    U.S.A.
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
    Hello,

    ESET's software works fine with Microsoft's patch and has announced it via usual channels (customer advisory, KB article, press release, etc.). I got to do the write-up for it on the blog, and one of the things I decided to do was to keep it updated with every vendor security advisory/bulletin I could find. Currently, I have managed to find over 130 of them. Here's a direct link into that section:

    https://www.welivesecurity.com/2018/01/05/meltdown-spectre-cpu-vulnerabilities/#vendors

    Perhaps some of you will find it of use.

    Regards,

    Aryeh Goretsky
     
  7. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Thank you for the details. :)
    I am always running with SSD's as well, so I've got a double hit in this case I suppose.

    It's taken my lightning-fast Core i7 and quite literally made my i7 dog-s**t slow. Some of you folks who have not yet received the microcode update are in for a surprise. I can't refer to this as anything other than dog-s**t slow. I believe that the only thing I can do now is remove any process mitigations and all other security to help reduce the impact here. I am someone who takes pride in efficiency as well so this just boggles my mind.

    Left with one choice: Buy new hardware. Ugh.

    This is a great article. I recall seeing many security researchers speaking about said embargo in the first few hours as this news started to come out initially.
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,515
    Location:
    U.S.A.
    Hum ......... Appears AMD has "re-evaluated" the situation:
    https://www.theverge.com/2018/1/11/16880922/amd-spectre-firmware-updates-ryzen-epyc

    So again the question is will the motherboard manufacturers provide a BIOS flash update for these? So far, all I have seen is silence from them.

    -EDIT- Appears some are; Intel updates that is:
    http://www.tomshardware.com/news/motherboard-vendors-release-bios-updates-spectre,36316.html
     
    Last edited: Jan 11, 2018
  9. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    857
    Location:
    Member state of European Union
    Which one? Anything from Intel has 3 vulnerabilities, even newest generation.

    I sometimes think that some performance degradation reports are just a result of Nocebo effect.
     
  10. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    32,306
    Location:
    U.S.A.
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,515
    Location:
    U.S.A.
    I guess this pretty much sums it up:
     
  12. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    32,306
    Location:
    U.S.A.
    Correct! :)
     
  13. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,852
    What are storage benchmarks? Meaning disk I/O tasks?
     
  14. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Chip Flaws Spectre and Meltdown are Actually Three Vulnerabilities and Proving Hard to Mitigate
    Link: https://www.crowdstrike.com/blog/ch...vulnerabilities-and-proving-hard-to-mitigate/
    By Alex Ionescu


     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,745
    Location:
    Among the gum trees
    Last edited: Jan 11, 2018
  16. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    5,794
    CPU Vulnerability Assessment and Fix Tool 2.0
    Author: Qihu 360 Software Co.
    http://www.majorgeeks.com/files/details/cpu_vulnerability_assessment_and_fix_tool.html
    --------
    360 released the Very First CPU Vulnerability Assessment and Fix Tool
    https://blog.360totalsecurity.com/en/360-first-cpu-vulnerability-assessment-fix-tool/
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,745
    Location:
    Among the gum trees
  18. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    5,794
    Please keep in mind that the CPU Vulnerability Assessment and Fix Tool is just a diagnostics utility that can aid you in downloading the necessary patches to protect your computer. It does not contain patches or vulnerability fixes itself.
    http://www.softpedia.com/get/Securi...U-Vulnerability-Assessment-and-Fix-Tool.shtml
     
  19. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,745
    Location:
    Among the gum trees
    Yes, and so is the AShampoo tool which made undocumented changes to Powershell ExecutionPolicy settings.
     
  20. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,132
    I discovered Qihoo's (Qihu/360) tool yesterday, but did not post about it as it does not work. I ran in on two computers. On the first computer, it found no vulnerabilities. However, when I ran Ashampoo's Spectre Meltdown CPU Checker on the same computer it reported that Spectre was sill vulnerable (but not Meltdown).

    I then ran in on a second computer.

    360 3.png

    360 4.png

    360 5.png

    The above screenshots are from a Windows 7 computer. It spent time supposedly downloading and installing the patch. However after rebooting and running the tool again, it still showed that my computer was vulnerable. Ashampoo's Spectre Meltdown CPU Checker, also showed that my computer was still vulnerable.

    I rebooted to my Windows 10 partition on the same computer and ran Qihoo's tool again and the results were the same. After clicking on Fix and then rebooting afterwards, the vulnerability was not fixed and Ashampoo's tool said the same.
     
  21. PEllis

    PEllis Guest

    I got the same results as Roger. Both Ashampoo and 360 say I'm still vulnerable.
     
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,478
    Location:
    Under a bushel ...
    :(:thumbd:

    One thing that confuses me though, given your statement I bolded above, is that I received the BIOS update before KB4056892 CU, but I only noticed the slowdown after applying the CU ...

    Can't afford new hardware right now, having just bought new laptop no.1 (which would also have the vulnerability). Will just have to live with it for now, laptop 2 seems even slower than 3 now (too old for BIOS update).
     
  23. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    857
    Location:
    Member state of European Union
    Yes. Files and databases. They are usually more focused on use-cases for file storage companies and companies running MySQL, PostgreSQL (webhosting, webapps?) and similar databases than regular consumer.
     
  24. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    11,102
    Location:
    Here
    Maybe it's a combination of both updates that creates a slowdown? Install only one, all is fine, install both and you get slow performance...
     
  25. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    103
    Location:
    Bulgaria
    Last edited: Jan 12, 2018
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.