Intel CPUs afflicted with simple spec-exec vulnerability

[rcmaehl]

I have some bad news

 

Reading the white paper (available here). They only tested on AMD BULLDOZER. Ryzen may likely affected by this.

[leadeater]

4 minutes ago, rcmaehl said:

They only tested on AMD BULLDOZER. Ryzen may likely affected by this.

....... Did they only test on Intel Pentium IIs as well? Hang on while I get my DeLorean out and go back to a time where I'd care about Bulldozer... woops broke space time.

[rcmaehl]

3 minutes ago, leadeater said:

....... Did they only test on Intel Pentium IIs as well? Hang on while I get my DeLorean out and go back to a time where I'd care about Bulldozer... woops broke space time.

They tested pretty much every revision of Intel CPUs but tested only ONE ARM (v8) and ONE AMD chip. I'm honestly surprised they DIDN'T test Pentium with how heavily Intel focused their testing was...
 

[Earnist_]

EVERYBODY ITS TIME WE ALL GO AMD AND NEVER LOOK BACK!!

[SpaceGhostC2C]

14 hours ago, leadeater said:

Very rarely does AMD refer to it as Northbridge, I have seen them do it but that's extremely rare. AMD coined the term Integrated Memory Controller and were the first to do it, referring to that as a Northbridge is just a hang over from the old technology and was done so people could understand what it was. It was also common to mistake the PCH as the Northbridge back then too, hence another reason why people referred to the IMC as Northbridge to help prevent that mistake.

(...)

It also didn't help that AMD didn't update their internal driver naming so you'd see things like Northbridge driver in Event Viewer or in driver descriptions, common failing with reusing/iterating on existing things.

I'm pretty sure AMD (or maybe motherboard manufacturers?) kept referring to both a Northbridge and a Southbridge in their chipsets, on top of the "CPU/NB" which was the integrated piece including the memory controller, up to the 990FX chipset. The later FM2+ processors had more integrated controllers so they lost the "Northbridge" (don't know if the IMC was still the "CPU/NB" in those BIOS).

 

To clarify, I know for a fact the name in BIOS was "CPU/NB", and that they included a "Southbridge" (SB950, SB920), but I'm not sure if there is any formal reference to the other chip as "Northbridge".

Also, I'm not claiming naming was consistent with functionality.

 

PS: found a screenshot I uploaded some time ago (970 motherboard) with NB multiplier, CPU NB voltage, and HT speed (separate from NB multiplier)

Spoiler

 

 

Anyway, speaking about CPU history: am I the only one less concerned about who goes bankrupt and more concerned about how much performance gain did Speculative Execution bring about, and how much we may give up if security holes accumulate to the point where it's ditched altogether? 

[Mira Yurizaki]

6 hours ago, rcmaehl said:

I have some bad news

 

Reading the white paper (available here). They only tested on AMD BULLDOZER. Ryzen may likely affected by this.

I'm going to assume any processor with speculative execution is vulnerable to any sort of speculative execution attack found on an Intel processor until proven otherwise. And even when proven otherwise, I'd like an explanation on why.

 

Security is knowledge. Secret sauce is not security.

 

2 hours ago, SpaceGhostC2C said:

Anyway, speaking about CPU history: am I the only one less concerned about who goes bankrupt and more concerned about how much performance gain did Speculative Execution bring about, and how much we may give up if security holes accumulate to the point where it's ditched altogether? 

That seems to be a big problem with tech circles whenever news like this comes out. They only see the smaller picture, never the bigger one.

 

It was especially annoying when someone tried to tell me something with fewer CVE entries is by default more secure (though I never did drop the bomb on them that Windows 98 has the fewest CVE entries of any OS while the Linux kernel has the most... so therefore Windows 98 is the most secure OS while Linux is the least, amirite?)

[SpaceGhostC2C]

5 minutes ago, Mira Yurizaki said:

It was especially annoying when someone tried to tell me something with fewer CVE entries is by default more secure (though I never did drop the bomb on them that Windows 98 has the fewest CVE entries of any OS while the Linux kernel has the most... so therefore Windows 98 is the most secure OS while Linux is the least, amirite?)

I guess it goes back to the old dilemma (trilemma?): would you rather find a worm, half a worm, or no worm in the apple you just bit? 

[leadeater]

3 hours ago, SpaceGhostC2C said:

To clarify, I know for a fact the name in BIOS was "CPU/NB", and that they included a "Southbridge" (SB950, SB920), but I'm not sure if there is any formal reference to the other chip as "Northbridge".

Yea I knew they used Southbridge but I didn't know they wen't back to using the Northbridge name for the IMC since they did stop that when they first did the IMC in the CPU. It's majorly testing my memory but I don't remember any references or NB naming being used on my old socket 939 FX-55. Those older boards still had two chipsets though since the CPUs didn't have on die PCIe controller and AGP was still a thing too, the chipset provided either PCIe or AGP connected to the CPU via HT and the SB came off that. That dual chipset model continued all the way through to 990FX/AM3+ as none of the CPUs still had any on die PCIe controllers.

 

Northbridge was the generic name, it's not even a technical term, for the chipset that handled memory and the graphics bus. Moving half of the function away then calling both NB is silly but hey AMD uses stupid naming on a lot of things, I'll eat my shoe before I call anything on the CPU die NB because it's not correct.

[leadeater]

1 hour ago, SpaceGhostC2C said:

I guess it goes back to the old dilemma (trilemma?): would you rather find a worm, half a worm, or no worm in the apple you just bit? 

Half a worm is easily the worst, because you know where the other half is 

[ZacoAttaco]

On 3/5/2019 at 10:43 PM, vitor_cut said:

The researchers – Saad Islam, Ahmad Moghimi, Ida Bruhns, Moritz Krebbel, Berk Gulmezoglu, Thomas Eisenbarth and Berk Sunar – have found that "a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem" reveals memory layout data, making other attacks like Rowhammer much easier to carry out.

 

The fact that it's Intel proprietary implementation is both good and bad. Good in the sense that not all CPUs are affected by this vulnerability but bad in that it makes me question how many other vulnerabilities are within each manufacturers chips. Every product has bugs, it just a much bigger deal when it comes to CPUs.

[Hellion]

Another month, another intel cpu vulnerability that will never be properly patched and won't be long before intel makes a statement that the only way to solve the issue is to conveniently buy a new cpu or face insecurity/massive performance penalties...

[Mooshi]

6 page thread and OP thread was more or less you have to be infected by browser aids to begin with. The thing that's always been an issue for computers.

 

In other enlightening news, water is still wet.

[mr moose]

2 hours ago, Mooshi said:

6 page thread and OP thread was more or less you have to be infected by browser aids to begin with. The thing that's always been an issue for computers.

 

In other enlightening news, water is still wet.

but but but, how can I make a petulant remark about Intel if I am rational about it?

[Curufinwe_wins]

2 hours ago, Mooshi said:

6 page thread and OP thread was more or less you have to be infected by browser aids to begin with. The thing that's always been an issue for computers.

 

In other enlightening news, water is still wet.

I think the lesson these past 2 years or so is more or less that with sufficient information/control any deterministic phenomena is repeatable (and thus exploitable).

 

Which admittedly is a key benefit in the generation of pseudo RNs for modeling, but also means any speculative execution is evidence that can be used to RE code/inputs.

 

The extent to which that has been shown these days is actually pretty cool from a scientific/information theory perspective, even if problematic from a security one.

[BetterThanLife]

A lot of stuff has been around that is similar to this, and all this stuff coming to light is not new, it's been around for decades, nobody cared then and almost nobody was affected.

 

Uninstall your patches and get better performance, that is if you are a normal PC user who has a clue what they are doing online.

[Curufinwe_wins]

38 minutes ago, BetterThanLife said:

A lot of stuff has been around that is similar to this, and all this stuff coming to light is not new, it's been around for decades, nobody cared then and almost nobody was affected.

 

Uninstall your patches and get better performance, that is if you are a normal PC user who has a clue what they are doing online.

Well for decades, many of the exploits were possible only in theory. And thats where things have changed. I dont think I'd recommend removing the patches when 0 days are always progressing and its probably just a matter of time before more exploits are discovered (plus combinations of themselves trivial/non-useful exploits can eventually be used together to quite powerful results, as console hacking has shown quite consistently).

 

But it's also not something to immediately worry about. And certainly not a 'sky is falling' moment.

[Cakemaster89]

On 3/11/2019 at 2:35 AM, Mooshi said:

6 page thread and OP thread was more or less you have to be infected by browser aids to begin with. The thing that's always been an issue for computers.

Not only here, but also on every other computer forums i visited, even worse: Bashing and trolling eachother, conspiracy theories, etc.

 

This may be a dumb thing to ask but, how can you "protect" yourself against stuff like that? Turning off Javascript in your browser (but then most of the websites are just broken)? Does an ad blocker like ublock origin already help a little? Can Wifi be an obsticle for a hacker?

 

Me for example, i do stuff sensitive stuff like online banking and now since  Spoiler accelerates Rawhammer attacks, i'm a  bit paranoid. 

 

I recently bought a laptop i'm typing on right now and it's not even a month old. HP 250 G6 in it's basic config (i3 7020u, 8GB RAM, Win 10 Pro). I actually thought i was save because Intel did fix the Spectre and Meltdown issue. Now i read about the Spoiler issue and  i was like, wtf? I cannot return it and get a laptop with AMD inside and buying another would be a bit too crazy. 

[jagdtigger]

49 minutes ago, Cakemaster89 said:

 (i3 7020u, 8GB RAM, Win 10 Pro).

Your sensitive data is already taken. Best way to avoid it is to have a linux thumb-drive that is encrypted and only used for sensitive stuff.... (Or have its separate encrypted partition and have a second linux install  for general stuff.)

[79wjd]

1 hour ago, Cakemaster89 said:

Not only here, but also on every other computer forums i visited, even worse: Bashing and trolling eachother, conspiracy theories, etc.

 

This may be a dumb thing to ask but, how can you "protect" yourself against stuff like that? Turning off Javascript in your browser (but then most of the websites are just broken)? Does an ad blocker like ublock origin already help a little? Can Wifi be an obsticle for a hacker?

 

Me for example, i do stuff sensitive stuff like online banking and now since  Spoiler accelerates Rawhammer attacks, i'm a  bit paranoid. 

 

I recently bought a laptop i'm typing on right now and it's not even a month old. HP 250 G6 in it's basic config (i3 7020u, 8GB RAM, Win 10 Pro). I actually thought i was save because Intel did fix the Spectre and Meltdown issue. Now i read about the Spoiler issue and  i was like, wtf? I cannot return it and get a laptop with AMD inside and buying another would be a bit too crazy. 

Truthfully there are probably bigger concerns to worry about -- like the fact that your laptop probably isn't encrypted and your passwords are generally less than ideal and/or reused on multiple sites.

[Teddy07]

I really would like to know how long the NSA knew about this exploit. I bet they know a few undiscovered ones as well.

[Cakemaster89]

4 hours ago, 79wjd said:

Truthfully there are probably bigger concerns to worry about -- like the fact that your laptop probably isn't encrypted and your passwords are generally less than ideal and/or reused on multiple sites.

For very sensitive stuff i use different and long passwords, tbh. I know them by hard  so that aint a problem. About encrypting: Does that make my data safer from attacks like Rawhammer?