Intel hit with another attack (SWAPGS)

[justpoet]

"The scores are falling!  The scores are falling!"

[captain_to_fire]

6 hours ago, Princess Luna said:

Oh yes because we're still on the days of downloading shady content from shady spam emails.... circles eyes

there is such a thing as targeted attacks like spearphishing emails

[NumLock21]

Instead of finding security holes where 99.9% of them won't be patched due to the age of these processors, how about focusing on whats to come like performance improvements. The only patch I ever got was for meltdown because of all the attention it got from the media, and that even that, the patches are half a55.

[TechyBen]

2 hours ago, NumLock21 said:

Instead of finding security holes where 99.9% of them won't be patched due to the age of these processors, how about focusing on whats to come like performance improvements. The only patch I ever got was for meltdown because of all the attention it got from the media, and that even that, the patches are half a55.

You cannot fix physics with a patch. You can fix broken coding.

 

It is easier to plaster over a crack, then build an entire skyscraper.

[NumLock21]

3 minutes ago, TechyBen said:

You cannot fix physics with a patch. You can fix broken coding.

 

It is easier to plaster over a crack, then build an entire skyscraper.

I would like to get plaster to say fix crack if they would be kind enough to provide me some.

[Kisai]

6 hours ago, NumLock21 said:

Instead of finding security holes where 99.9% of them won't be patched due to the age of these processors, how about focusing on whats to come like performance improvements. The only patch I ever got was for meltdown because of all the attention it got from the media, and that even that, the patches are half a55.

In current versions of Visual Studio 2019, you can select "spectre mitigation"

https://devblogs.microsoft.com/cppblog/spectre-mitigations-in-msvc/

 

Which means there is likely software being released without it, and anything compiled with earlier versions will not have mitigations inserted during compile.

 

Which begs the question of should that QSpectre flag be used at all? And what about Mingw or other gcc cross-compilers? If you're playing games, likely no, you shouldn't. If you're compiling OpenSSL, certainly.

[TechyBen]

9 hours ago, NumLock21 said:

I would like to get plaster to say fix crack if they would be kind enough to provide me some.

They have. The Specter mitigations. Like, exactly what you asked for.

[NumLock21]

4 hours ago, TechyBen said:

They have. The Specter mitigations. Like, exactly what you asked for.

I would like to get plaster for other cracks too.

Btw I already patch my system for meltdown and spectre.

And what's with the face palm emoji?

[TechyBen]

23 minutes ago, NumLock21 said:

I would like to get plaster for other cracks too.

 

Btw I already patch my system for meltdown and spectre.

 

And what's with the face palm emoji?

What other problems are you talking about? You complained that they should improve performance instead of fixing bugs/exploits. I explained fixing exploits is much easier than making a PC run faster. Some code cannot be optimised further.

 

So what are you complaining about that needs fixing?

[NumLock21]

23 minutes ago, TechyBen said:

What other problems are you talking about? You complained that they should improve performance instead of fixing bugs/exploits. I explained fixing exploits is much easier than making a PC run faster. Some code cannot be optimised further.

 

So what are you complaining about that needs fixing?

Making older PCs faster will be a waste of time so that's not what I'm talking about. What I meant by improving performance is for them to focus on improving the performance of their future products, rather than waste time on finding security holes for ancient hardware, where 99.9% of the users out there will never get patched.

As for my mentioning of board makers releasing patches with their half a55 approach. When everyone was talking about meltdown and spectre, they seem they want to release the patches for it, because it's so widely known, they have no choice but was force to release something. So the patch I got was a bios update, which is in BETA where it might contain bugs. So now I have no choice but to run this BETA bugged bios all for the sake of security, and they have no plans to release anything newer.

 

TL:DR Why bother finding security holes, when manufactures ain't even going to even patch them anyway, especially on their older hardware.

[YoFavRussian]

On 8/7/2019 at 10:22 AM, Princess Luna said:

Oh yes because we're still on the days of downloading shady content from shady spam emails.... circles eyes

Yeah we are, you may not see it but I've had three people who are a little tech savvy. Tried to sign into a "FREE CS:GO CASE" website because they web page they were presented with looked exactly like the Steam login. Not to mention elders, or people who aren't as smart in terms of computer operation as we are. It takes absolutely no time at all to make one mistake. The biggest vulnerability in security is the people inside the organization, or the person on the system.

[RejZoR]

Whenever vulnerabilities are found, I wonder if any of them gets prevented by Core Isolation feature. It's relatively new and not enabled by default, but it isolates OS core from the rest. But no one ever mentions if it prevents anything in terms of exploits/vulnerabilities.

[Kisai]

2 hours ago, NumLock21 said:

Making older PCs faster will be a waste of time so that's not what I'm talking about. What I meant by improving performance is for them to focus on improving the performance of their future products, rather than waste time on finding security holes for ancient hardware, where 99.9% of the users out there will never get patched.

 

Maybe you're not getting the right take-away from this. All the chips affected are based on the Pentium III micro-architecture. Yes every chip from Core Duo and the Core i7's, the chip architecture goes back to the Pentium III, because Intel abandoned the Netburst super-long-pipeline chips with the first generation HT. Every CPU with HT is vulnerable (Fallout/Zombieload/RIDL/MDS,) which is pretty much every CPU made by Intel, and microcode patches only came out for Haswell and later chips for Spectre/Meltdown, because those parts were still under most OEM's warranty periods. Since collectively all these exploits will pull down a CPU up to 50% (30% loss from turning off HT, and 20% loss from Spectre mitigation) per core, Intel can only provide fixes to these in new silicon, and microcode fixes simply "turn off" or change the timing of things inside the CPU. It's like how the TSX instruction was turned off in Haswell parts by firmware updates. TSX also has a side channel vulnerability. SGX has a vulnerability (Foreshadow.) It's also possible to run malicious code inside SGX and AV products will be unable to see it.

 

One might make the argument that the entire reason Intel has been ahead of AMD is due to naive engineering errors that has resulted in all these exploits. You can have security or performance, not both.

[NumLock21]

1 hour ago, Kisai said:

Maybe you're not getting the right take-away from this.

What am I not, getting the right take-away from this?

[Kisai]

4 minutes ago, NumLock21 said:

What am I not, getting the right take-away from this?

The impression I'm reading is that you think they are wasting time "fixing old cpu's" at all. They aren't "fixing" old cpu's, they provided microcode updates that happen to apply to all older CPU's that microcode can be updated on and there are still significant customers under warranty using those parts. Dell released firmware updates to systems I didn't even think would be covered. Dell Haswell systems were certainly still under warranty in 2018.

 

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

 

Note that Sandy Bridge was "fixed" but many manufacturers (eg Asrock, asus, gigabyte, msi, etc) decided not to release updates to pre-haswell system.

[NumLock21]

38 minutes ago, Kisai said:

The impression I'm reading is that you think they are wasting time "fixing old cpu's" at all. They aren't "fixing" old cpu's, they provided microcode updates that happen to apply to all older CPU's that microcode can be updated on and there are still significant customers under warranty using those parts. Dell released firmware updates to systems I didn't even think would be covered. Dell Haswell systems were certainly still under warranty in 2018.

 

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

 

Note that Sandy Bridge was "fixed" but many manufacturers (eg Asrock, asus, gigabyte, msi, etc) decided not to release updates to pre-haswell system.

I wasn't expecting them to fix ancient CPUs, that would be stupid, not sure where you get that impression from, when you're reading from my post.  All I seeing right now is a bunch of mumbo jumbo security holes nonsense, where most of  the time, they aren't even being taken care of by releasing security, driver, and/or bios updates. And the average consumer couldn't care less about any of these.

Also I just ran some tools to see how secure my laptop is, running on Intel 8th Gen,

 

 

I already applied all the updates, patches that are available to my laptop, and this still what I'm getting. Am I missing something or what. Are they planning to release something for this or should I just toss this perfectly good working laptop into the trash and go and by a new one.

Maybe that is what I'll do from now on. Whenever I get a new computer, and there is a security flaw discovered and nothing is being done about it, I'll just throw it out and buy a new one. /s

 

 

[Kisai]

1 hour ago, NumLock21 said:

 All I seeing right now is a bunch of mumbo jumbo security holes nonsense, where most of  the time, they aren't even being taken care of by releasing security, driver, and/or bios updates.

 

I have an ASRock z87 MB with the most recent BIOS and an 4th generation Intel CPU.

 

If you opt to not update the BIOS or the OS or the drivers, or anything else that is vulnerable, that is on you. Microsoft supports "capsule firmware updates" on Dell hardware, who knows if any other system supports this, but it ensures that the latest "non-vulnerable" firmware is loaded regardless if the system has been updated unless it's explicitly been turned off in the BIOS.

 

What features really matter depends on your situation. Gamers really should not care at all. Nearly all these exploits put virtualization in a tight spot, which means likely ALL web/server hosting environments are extremely vulnerable. If the server has not had the firmware updated, HT turned off, and OS patched, there's a good possiblity of that server being targeted by a user of that service. The big targets are AWS, Google Cloud and Microsoft Azure, since malicious actors will just spin up and down VM's until they find a vulnerable machine, and then reach into the machine to get the keys to whatever else is on the machine. You can avoid this by ensuring that your VM is shared with nobody. That typically means you have to lease the entire server.

[NumLock21]

20 minutes ago, Kisai said:

I have an ASRock z87 MB with the most recent BIOS and an 4th generation Intel CPU.

 

If you opt to not update the BIOS or the OS or the drivers, or anything else that is vulnerable, that is on you. Microsoft supports "capsule firmware updates" on Dell hardware, who knows if any other system supports this, but it ensures that the latest "non-vulnerable" firmware is loaded regardless if the system has been updated unless it's explicitly been turned off in the BIOS.

Most recent bios update, what Asrock Z87 board do you have?
If I decided not to patch up my system even if there are patches out there, then it's my own problem. But if I want to patch up my system and there are no patches out there that lets me do so, what else can I do to protect my system from these security vulnerabilities? Is my only solution, for the sake of being secure, is to throw away my entire computer, and just buy another one?

It's nice that Dell has that feature, other manufactures should do that too.

[TechyBen]

7 hours ago, NumLock21 said:

Making older PCs faster will be a waste of time so that's not what I'm talking about. What I meant by improving performance is for them to focus on improving the performance of their future products, rather than waste time on finding security holes for ancient hardware, where 99.9% of the users out there will never get patched.

As for my mentioning of board makers releasing patches with their half a55 approach. When everyone was talking about meltdown and spectre, they seem they want to release the patches for it, because it's so widely known, they have no choice but was force to release something. So the patch I got was a bios update, which is in BETA where it might contain bugs. So now I have no choice but to run this BETA bugged bios all for the sake of security, and they have no plans to release anything newer.

 

TL:DR Why bother finding security holes, when manufactures ain't even going to even patch them anyway, especially on their older hardware.

Whaaaat?! That's security. It does not stop them making new products. The firmware team that fixed Specter don't do the silicon that is 10nm speed boosts.

[Kisai]

1 hour ago, NumLock21 said:

Most recent bios update, what Asrock Z87 board do you have?
If I decided not to patch up my system even if there are patches out there, then it's my own problem. But if I want to patch up my system and there are no patches out there that lets me do so, what else can I do to protect my system from these security vulnerabilities? Is my only solution, for the sake of being secure, is to throw away my entire computer, and just buy another one?

It's nice that Dell has that feature, other manufactures should do that too.

 

https://www.asrock.com/mb/Intel/Z87 Extreme4/#BIOS

 

Take note the beta bios. 

3.50

2018/5/9

Asus only released updates for their 6th generation boards (z170) or newer

https://www.asus.com/US/support/FAQ/1035291

 

Gigabyte released updates for X99 chipset, z170 or newer

https://www.gigabyte.com/MicroSite/481/intel-sa-00088.html

 

MSI has updates to z170 boards and later

 

 

Your laptop has a BIOS update released last month:

https://support.hp.com/us-en/drivers/selfservice/swdetails/hp-envy-15-bp100-x360-convertible-pc/16851044/swItemId/ob-234061-1

 

Incidentally, you need to actually install the ME "firmware" to update the ME firmware separately on HP's

https://support.hp.com/us-en/drivers/selfservice/swdetails/hp-envy-15-bp100-x360-convertible-pc/16851044/swItemId/ob-233585-1

 

[Loote]

As always, I wonder if it's possible to exploit it using for example javascript on a webpage(or advertisment, as it happened in the past). If it's possible, then how does the data look? If it's random memory that could contain password if you're extremely unlucky, I don't think it's that dangerous, if it's easily managed access to the whole system's memory, or there's an easy way to elevate permissions using this, now that'd be bad.

 

Though I understand that it's impossible to predict all the attack routes using this method and researchers saying 'it's safe, don't worry' when someone smart thinks of an easy way to exploit it would be really bad.

[TechyBen]

2 hours ago, Loote said:

As always, I wonder if it's possible to exploit it using for example javascript on a webpage(or advertisment, as it happened in the past). If it's possible, then how does the data look? If it's random memory that could contain password if you're extremely unlucky, I don't think it's that dangerous, if it's easily managed access to the whole system's memory, or there's an easy way to elevate permissions using this, now that'd be bad.

 

Though I understand that it's impossible to predict all the attack routes using this method and researchers saying 'it's safe, don't worry' when someone smart thinks of an easy way to exploit it would be really bad.

AFAIK while random data, the example codes for Spector at least showed it only takes seconds to comb through that memory and get a hit. Sometimes it was 30 minutes. So if say and add in Facebook had the code to do this, then browsing a facebook page for 30 mins, and bam, they have a memory dump of your PC. However, as you say, it all depends if the add/browser can escalate to local user rights.

[NumLock21]

I just want to say SWAPGS sounds more like a e-sports team than a vulnerability.

They need to come up with better names that's also scary, so people will take this seriously.

[Kisai]

7 hours ago, Loote said:

As always, I wonder if it's possible to exploit it using for example javascript on a webpage(or advertisment, as it happened in the past). If it's possible, then how does the data look? If it's random memory that could contain password if you're extremely unlucky, I don't think it's that dangerous, if it's easily managed access to the whole system's memory, or there's an easy way to elevate permissions using this, now that'd be bad.

 

Though I understand that it's impossible to predict all the attack routes using this method and researchers saying 'it's safe, don't worry' when someone smart thinks of an easy way to exploit it would be really bad.

 

One reason for the recent fixes to browsers was to prevent some of these attacks from working by making it so that the timing of the script wouldn't work. It's not like you can dump a users 32GB of ram, no you're pulling bits out of memory at a time via the L3 cache more or less. The L1 and L2 cache are only shared by the hyper threading, so if you turn hyper threading off, that removes the possibility of there being data to take as it passes through the CPU's pipeline. The L3 cache is share by all cores on a CPU, so unless you want to operate on one core only, any real fix has to be done in silicon, by removing the L3 cache as a shared cache, and instead increasing the L2 cache. Meltdown specifically uses the caches for timing attacks. But doing this incurs a performance issue since frequently pulled data would then have to be pulled from system ram instead of L3, or kept in copies in L2 on each core, thus synchronization issues.