Security researchers discover seven more speculative execution attacks like Spectre and Meltdown

[Speed Weed]

Source: https://betanews.com/2018/11/14/spectre-meltdown-systematic-analysis/

Quote

One of the biggest security stories of 2018 has been the discovery of the Meltdown and Spectre chip flaws. Known as speculative execution exploits, the flaws make it possible to steal potentially sensitive information and there has been an on-going battle to issue patches wherever possible.

Just as things were starting to die down a little, security researchers have revealed details of no fewer than seven more speculative execution attacks. While some of these attack vectors have already been mitigated against, this is not the case for all of them.

As detailed by Ars Technica, researchers have undertaken a systematic analysis of the techniques involved in the Spectre and Meltdown exploits, and this is how the new variants have been discovered.
One of the newly-discovered exploits uses Intel's Protection Keys for Userspace (PKU), and Peter Bright explains:

Protection keys introduced with Skylake allow an application to mark pieces of memory with a four-bit key. Applications set the processor to use a particular protection key, and, during that time, attempts to access memory that is labeled with a different key will generate an error. Yet again, a few nanoseconds of speculation can occur between making an invalid access (accessing memory with a mismatched protection key) and the processor reporting the error, enabling information that should be protected to leak.

 

Quote

Intel, it seems, is not concerned, issuing a statement saying:

The vulnerabilities documented in this paper can be fully addressed by applying existing mitigation techniques for Spectre and Meltdown, including those previously documented here, and elsewhere by other chipmakers. Protecting customers continues to be a critical priority for us and we are thankful to the teams at Graz University of Technology, imec-DistriNet, KU Leuven, & the College of William and Mary for their ongoing research.

Oh man, when is this Spectre and Meltdown exploits are going to get fix permanently?! I mean for real though, the more Spectre and Meltdown exploits and patches, the more performance is going to get impact because some users have to disable Meltdown patch in order tor restore original performance. Right now, there is no known malicious application that can exploit Spectre and Meltdown, but in the future it will do if chip manufacturers don't seal the hole completely. 

[Firewrath9]

aw shit i hate those patches. imo would rather have the change of getting hacked then those patches.

[Fasauceome]

10 minutes ago, Speed Weed said:

when is this Spectre and Meltdown exploits are going to get fix permanently

It looks like it's just a fundamental flaw with speculative execution

[Speed Weed]

4 minutes ago, fasauceome said:

It looks like it's just a fundamental flaw with speculative execution

It is still Spectre and Meltdown to me. 

[Brooksie359]

12 minutes ago, Firewrath9 said:

aw shit i hate those patches. imo would rather have the change of getting hacked then those patches.

Yeah the usefulness of the exploit seems based on luck. They can access information in your cache memory mostly at random. I have no clue what they would be trying to shoot for or how they would even get the virus on to the computer to run and how they would transmit that data to where it needs to go without anyone knowing. My question becomes how much of this is actually a problem if you just prevent the virus from being on the computer in the first place? I mean how much more of a threat is this compared to a run of the mill virus running on your computer?

[Arika]

the more complicated something is, the more likely there will be flaws

[williamcll]

tbh I would rather have a chip that forgoes security over performance. 

[jagdtigger]

@williamcll

 

Then use an RPI... :

https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/

[vorticalbox]

7 hours ago, Brooksie359 said:

Yeah the usefulness of the exploit seems based on luck. They can access information in your cache memory mostly at random. I have no clue what they would be trying to shoot for or how they would even get the virus on to the computer to run and how they would transmit that data to where it needs to go without anyone knowing. My question becomes how much of this is actually a problem if you just prevent the virus from being on the computer in the first place? I mean how much more of a threat is this compared to a run of the mill virus running on your computer?

You can exploit these speculative from javascript so just visitimg a website could be quite bad.

 

 

That said I haven't heard of any in the wild malware taking advantage of the exploit.

 

[Canada EH]

3 minutes ago, vorticalbox said:

javascript

please have it disabled.

[vorticalbox]

Just now, Canada EH said:

please have it disabled.

Well if I want 80% of websites to function that's not really an option is it?

 

 

[Canada EH]

1 minute ago, vorticalbox said:

80% of websites

What websites are you visiting?

[vorticalbox]

Just now, Canada EH said:

What websites are you visiting?

Literally any website that uses any of the major frameworks (angular, react, vue) even things like bootstrap require jQuery for some functions like modal Windows.

 

You can't log into Microsoft office website without JavaScript enabled, you can't register to facebook without JavaScript.

 

Much of the web depends on websotes to function correctly.

[Canada EH]

I rarely run into those problems and when I do, I analyze the site then disabled Java.

Its rare.

[LAwLz]

1 hour ago, Canada EH said:

I rarely run into those problems and when I do, I analyze the site then disabled Java.

Its rare.

You said you had JavaScript disabled, not Java.

Java and JavaScript are two very different things.
For example if you turn of JavaScript on this website the quoting function stops working, along with the WYSIWYG editor.

If you visit this site without Java enabled, nothing change because this website doesn't use Java.

[williamcll]

4 hours ago, jagdtigger said:

@williamcll

 

Then use an RPI... :

https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/

No wait I mean the other way around, I prefer performance over security

[leadeater]

12 hours ago, Brooksie359 said:

Yeah the usefulness of the exploit seems based on luck. They can access information in your cache memory mostly at random. I have no clue what they would be trying to shoot for or how they would even get the virus on to the computer to run and how they would transmit that data to where it needs to go without anyone knowing. My question becomes how much of this is actually a problem if you just prevent the virus from being on the computer in the first place? I mean how much more of a threat is this compared to a run of the mill virus running on your computer?

It's a problem for shared computing hardware or shared operating systems, if I could potentially read memory for any one of the VMs running on the host server or other user sessions on an RDS host then it's a problem for these use cases.

 

What would stop me signing up to a free trial of a RDS hosted platform, or paying a small 1 day fee, to see if I can exploit their system and then after that see what I can read. 

[vorticalbox]

13 minutes ago, leadeater said:

What would stop me signing up to a free trial of a RDS hosted platform, or paying a small 1 day fee, to see if I can exploit their system and then after that see what I can read. 

I would have hoped they have patched their systems by now

[straight_stewie]

28 minutes ago, leadeater said:

What would stop me signing up to a free trial of a RDS hosted platform, or paying a small 1 day fee, to see if I can exploit their system

The feds. NZ is a member of FVEY.

[leadeater]

14 minutes ago, straight_stewie said:

The feds. NZ is a member of FVEY.

That wouldn't stop anything, no 'policy' is actually going to do that it'll just define if and how big of a book they can throw at me if found out.

 

Though that was more of a general statement of collective me, anyone. If I could do it, so could the next guy from any country 

[leadeater]

34 minutes ago, vorticalbox said:

I would have hoped they have patched their systems by now

Now days I wouldn't hope too hard lol. Pretty much all the big corporate and gov data breaches have all been from un-patched systems of known exploits.

[straight_stewie]

1 minute ago, leadeater said:

That wouldn't stop anything, no 'policy' is actually going to do that it'll just define if and how big of a book they can throw at me if found out.

I was being facetious 

[leadeater]

1 minute ago, straight_stewie said:

I was being facetious 

Yea I gathered that, just felt like saying that. That's kind of the thing about the internet too though, it pretty much doesn't actually matter where you are really from because very little can stop you from doing something and it's easy to hide where you are from. For all you know I could be in orbit jumping between sat links while drinking cocktails in zero gravity 

[straight_stewie]

1 minute ago, leadeater said:

For all you know I could be in orbit jumping between sat links while drinking cocktails in zero gravit

Holy Astromod! That'd be one slow connection!

But yes. Anonymity is both a blessing and a curse of the internet.

[Brooksie359]

6 hours ago, vorticalbox said:

You can exploit these speculative from javascript so just visitimg a website could be quite bad.

 

 

That said I haven't heard of any in the wild malware taking advantage of the exploit.

 

You can get alot bad shit from JavaScript if I remember correctly. I thought that is why most people are moving away from it. I always use ad block and have that type of stuff disabled.