'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,453
    Location:
    Slovenia
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,400
    Location:
    U.S.A.
    Simple solution. Use IE11 since it appears it won't support it: https://webassembly.org/
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,453
    Location:
    Slovenia
    For me that would be last option :) I'm sure that vendors will implement mitigations for WebAssembly also.
     
  4. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,436
    Location:
    Member state of European Union
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,453
    Location:
    Slovenia
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,453
    Location:
    Slovenia
  7. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Joke of the year.
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    Some Spectre In-Browser Mitigations Can Be Defeated
    June 28, 2018
    https://www.bleepingcomputer.com/news/security/some-spectre-in-browser-mitigations-can-be-defeated/
     
  9. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Microcode Revision Guidance (Updated) - New Link
    June 22, 2018
    Link: w w w.intel.com/content/dam/www/public/us/en/documents/sa00115-microcode-update-guidance.pdf


    Intel Releases "Spectre" Hardening Microcode Updates for "Ivy Bridge" thru "Westmere" Architectures
    Link: https://www.techpowerup.com/245653/intel-releases-spectre-hardening-microcode-updates-for-ivy-bridge-thru-westmere-architectures


    EDIT: It seems that OEM's have new release schedules for this variant.
    Link: https://www.dell.com/support/articl...-on-dell-pcs-and-thin-client-products?lang=en
     
    Last edited: Jul 2, 2018
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,453
    Location:
    Slovenia
    New Spectre-like attack uses speculative execution to overflow buffers
    https://arstechnica.com/gadgets/201...es-speculative-execution-to-overflow-buffers/
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    Intel Pays $100,000 Bounty for New Spectre Variants
    July 11, 2018
    https://www.securityweek.com/intel-pays-100000-bounty-new-spectre-variants
    Paper: https://people.csail.mit.edu/vlk/spectre11.pdf
     
  12. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    886
    Location:
    USA
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,615
    Location:
    Outer space
    Note that InSpectre hasn't been updated recently, so it only checks for Spectre variants 1, 2 and 3(Meltdown). Spectre 3a and 4 and the latest 1.1 and 1.2 are not checked.
     
  14. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    886
    Location:
    USA
    Just waiting for the next generation of Intel silicon. :argh:
     
  15. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    Senators Fear Meltdown and Spectre Disclosure Gave China an Edge
    July 11, 2018
    https://www.wired.com/story/meltdown-and-spectre-intel-china-disclosure/
     
  16. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    Academics Announce New Protections Against Spectre and Rowhammer Attacks
    July 23, 2018
    https://www.bleepingcomputer.com/ne...ctions-against-spectre-and-rowhammer-attacks/
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,453
    Location:
    Slovenia
    Researchers Detail New CPU Side-Channel Attack Named SpectreRSB
    https://www.bleepingcomputer.com/ne...new-cpu-side-channel-attack-named-spectrersb/
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    Spectre Will Haunt us for a Long Time
    These vulnerabilities have existed for over 20 years, and we are not even close to closing the door on these significant risks.
    July 23, 2018

    https://threatpost.com/spectre-will-haunt-us-for-a-long-time/134298/
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    How to (slowly) steal secrets over the network from chip security holes: NetSpectre summoned
    Billions of devices potentially at risk – but Intel isn't worried
    July 26, 2018

    https://www.theregister.co.uk/2018/07/26/netspectre_network_leak/
    'NetSpectre: Read Arbitrary Memory over Network' (PDF): https://misc0110.net/web/files/netspectre.pdf
     
  20. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,453
    Location:
    Slovenia
    Samsung S7 Smartphones Vulnerable To Meltdown Exploit
    https://www.silicon.co.uk/mobility/smartphones/samsung-s7-meltdown-exploit-235753
     
  21. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,615
    Location:
    Outer space
    I'm trying to run the powershell script, but I'm stuck (powershell noob here).
    I'm using Windows 7 with the script downloaded from technet, following instructions here:
    https://support.microsoft.com/en-us...-of-get-speculationcontrolsettings-powershell
    The first part goes fine, but "Import-Module.\SpeculationControl.psd1" gives an error(I did cd to the proper path first):
    Btw, the script has been updated for ForeShadow/L1TF.
     
  22. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    I feel as though they forgot a space in their documentation:
    Code:
    Import-Module .\SpeculationControl.psd1
    Try it with the space before the period like above.

    Or since you already changed directory into current directory, try:
    Code:
    Import-Module SpeculationControl.psd1
    Also, did you already modify execution policy for powershell?

    I personally never tried this method of downloading it manually from TechNet. I had initially used the PowerShell Gallery version.
     
  23. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,615
    Location:
    Outer space
    Haha, they did forget a space, that worked. However, now it's complaining about the module:
    powershell.png

    Yes.

    Yes, I think PowerShell on Windows 7 does not support that.
     
  24. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    Intel Publishes Microcode Security Patches, No Benchmarking Or Comparison Allowed!
    August 22, 2018
    https://perens.com/2018/08/22/new-intel-microcode-license-restriction-is-not-acceptable/
     
    Last edited: Aug 24, 2018
  25. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,615
    Location:
    Outer space
    It has been a while since MS added older CPU models to their microcode update for Windows 10, and they still haven't added all older CPU's that received an update from Intel. Also, they don't seem to update the already supported CPU's as well, so only protection from Spectre v2, not newer side channel attacks like SSBD and L1TF.


    On Windows 10 it didn't throw any errors when using the module from Technet, maybe the module is no longer compatible with older powershell on Win7..

    I hope Intel will lose marketshare over these vulnerabilities and their handling of them. There needs to be more competition on the CPU market.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.