Posted July 12, 2018 Primary Source: Intel (PDF), Research Paper (PDF), ARM (PDF) Secondary Source: Bleeping Computer Quote Speculative Buffer Overflows: Attacks and Defenses Abstract Practical attacks that exploit speculative execution can leak confidential information via microarchitectural side channels. The recently-demonstrated Spectre attacks leverage speculative loads which circumvent access checks to read memory-resident secrets, transmitting them to an attacker using cache timing or other covert communication channels. We introduce Spectre1.1, a new Spectre-v1 variant that leverages speculative stores to create speculative buffer overflows. Much like classic buffer overflows, speculative out-ofbounds stores can modify data and code pointers. Data-value attacks can bypass some Spectre-v1 mitigations, either directly or by redirecting control flow. Control-flow attacks enable arbitrary speculative code execution, which can bypass fence instructions and all other software mitigations for previous speculative-execution attacks. It is easy to construct return-oriented-programming (ROP) gadgets that can be used to build alternative attack payloads. We also present Spectre1.2: on CPUs that do not enforce read/write protections, speculative stores can overwrite readonly data and code pointers to breach sandboxes. We highlight new risks posed by these vulnerabilities, discuss possible software mitigations, and sketch microarchitectural mechanisms that could serve as hardware defenses. We have not yet evaluated the performance impact of our proposed software and hardware mitigations. We describe the salient vulnerability features and additional hypothetical attack scenarios only to the detail necessary to guide hardware and software vendors in threat analysis and mitigations. We advise users to refer to more user-friendly vendor recommendations for mitigations against speculative buffer overflows or available patches. Looks like CPU vulnerabilities will just keep popping out as security researchers continue to poke holes and chip makers are playing a game of whack-a-mole with these vulnerabilities. I have a feeling that 2018 will end and security researchers have found variant 10 vulnerability and it will come as a smear campaign by a CTS lab wannabe and will give Intel 12 hours to patch it. Quote Spectre 1.1 and Spectre 1.2 short description According to researchers, a Spectre 1.1 attack uses speculative execution to deliver code that overflows CPU store cache buffers in order to write and run malicious code that retrieves data from previously-secured CPU memory sections. Spectre 1.1 is very similar to the Spectre variant 1 and 4, but the two researchers who discovered the bug say that "currently, no effective static analysis or compiler instrumentation is available to generically detect or mitigate Spectre 1.1." As for Spectre 1.2, researchers say this bug can be exploited to write to CPU memory sectors that are normally protected by read-only flags. "As a result [of malicious Spectre 1.2 writes], sandboxing that depends on hardware enforcement of read-only memory is rendered ineffective," researchers say. To exploit, similarly to most previous Meltdown and Spectre bugs, both vulnerabilities require the presence of malicious code on a user's PC, code responsible for running the attack. This somewhat limits the bug's severity, but doesn't excuse sysadmins who fail to apply patches when they'll become available. As of now no software mitigations are available but Intel is working with their partners on how to mitigate attacks taking advantage of the exploit at the software level. Microsoft for instance has recently released an advisory that they too are looking into this as well as ARM. If there's any consolation, the security researcher applied for Intel's bug bounty program via HackerOne and got paid $100,000. I don't really get as to why AMD is not listed when all of their CPUs including Ryzen are vulnerable to Spectre 1&2 and the newly published ones uses a similar attack technique. Maybe for the security conscious person like an IT guy in a company, the only thing that they can do at the moment is use an up to date endpoint security program and implement built-in mitigations like Force ASLR in Windows 10 which is turned off by default. I'm guessing the reason why Force ASLR is turned off by default is that not all programs are compiled to take advantage of ASLR and might result to incompatibilities. as @leadeater once said, naming CPU vulnerabilities are confusing There is more that meets the eye I see the soul that is inside Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 Well what do people expect when companies are given a strict time to patch things lol. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 Author 2 minutes ago, RorzNZ said: Well what do people expect when companies are given a strict time to patch things lol. Not to click random shit on the internet and be careful when opening email attachments? There is more that meets the eye I see the soul that is inside Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 5 minutes ago, captain_to_fire said: Not to click random shit on the internet and be careful when opening email attachments? Not enough. Commonly downloaded programs can and have been compromised with malware. Current LTT F@H Rank: 90 Score: 2,503,680,659 Stats Yes, I have 9 monitors. My main PC (Hybrid Windows 10/Arch Linux): OS: Arch Linux w/ XFCE DE (VFIO-Patched Kernel) as host OS, windows 10 as guest CPU: Ryzen 9 3900X w/PBO on (6c 12t for host, 6c 12t for guest) Cooler: Noctua NH-D15 Mobo: Asus X470-F Gaming RAM: 32GB G-Skill Ripjaws V @ 3200MHz (12GB for host, 20GB for guest) GPU: Guest: EVGA RTX 3070 FTW3 ULTRA Host: 2x Radeon HD 8470 PSU: EVGA G2 650W SSDs: Guest: Samsung 850 evo 120 GB, Samsung 860 evo 1TB Host: Samsung 970 evo 500GB NVME HDD: Guest: WD Caviar Blue 1 TB Case: Fractal Design Define R5 Black w/ Tempered Glass Side Panel Upgrade Other: White LED strip to illuminate the interior. Extra fractal intake fan for positive pressure. unRAID server (Plex, Windows 10 VM, NAS, Duplicati, game servers): OS: unRAID 6.11.2 CPU: Ryzen R7 2700x @ Stock Cooler: Noctua NH-U9S Mobo: Asus Prime X470-Pro RAM: 16GB G-Skill Ripjaws V + 16GB Hyperx Fury Black @ stock GPU: EVGA GTX 1080 FTW2 PSU: EVGA G3 850W SSD: Samsung 970 evo NVME 250GB, Samsung 860 evo SATA 1TB HDDs: 4x HGST Dekstar NAS 4TB @ 7200RPM (3 data, 1 parity) Case: Sillverstone GD08B Other: Added 3x Noctua NF-F12 intake, 2x Noctua NF-A8 exhaust, Inatek 5 port USB 3.0 expansion card with usb 3.0 front panel header Details: 12GB ram, GTX 1080, USB card passed through to windows 10 VM. VM's OS drive is the SATA SSD. Rest of resources are for Plex, Duplicati, Spaghettidetective, Nextcloud, and game servers. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 I'm getting bored of all these exploits. ◒ ◒ Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 I remember a few of these cpu vulnerabilities also affect Ryzen. Does that mean AMD's FX is the safest because no one bother targeting it? CPU: i7-2600K 4751MHz 1.44V (software) --> 1.47V at the back of the socket Motherboard: Asrock Z77 Extreme4 (BCLK: 103.3MHz) CPU Cooler: Noctua NH-D15 RAM: Adata XPG 2x8GB DDR3 (XMP: 2133MHz 10-11-11-30 CR2, custom: 2203MHz 10-11-10-26 CR1 tRFC:230 tREFI:14000) GPU: Asus GTX 1070 Dual (Super Jetstream vbios, +70(2025-2088MHz)/+400(8.8Gbps)) SSD: Samsung 840 Pro 256GB (main boot drive), Transcend SSD370 128GB PSU: Seasonic X-660 80+ Gold Case: Antec P110 Silent, 5 intakes 1 exhaust Monitor: AOC G2460PF 1080p 144Hz (150Hz max w/ DP, 121Hz max w/ HDMI) TN panel Keyboard: Logitech G610 Orion (Cherry MX Blue) with SteelSeries Apex M260 keycaps Mouse: BenQ Zowie FK1 Model: HP Omen 17 17-an110ca CPU: i7-8750H (0.125V core & cache, 50mV SA undervolt) GPU: GTX 1060 6GB Mobile (+80/+450, 1650MHz~1750MHz 0.78V~0.85V) RAM: 8+8GB DDR4-2400 18-17-17-39 2T Storage: HP EX920 1TB PCIe x4 M.2 SSD + Crucial MX500 1TB 2.5" SATA SSD, 128GB Toshiba PCIe x2 M.2 SSD (KBG30ZMV128G) gone cooking externally, 1TB Seagate 7200RPM 2.5" HDD (ST1000LM049-2GH172) left outside Monitor: 1080p 126Hz IPS G-sync Desktop benching: Cinebench R15 Single thread:168 Multi-thread: 833 SuperPi (v1.5 from Techpowerup, PI value output) 16K: 0.100s 1M: 8.255s 32M: 7m 45.93s Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 Author 2 minutes ago, sazrocks said: Not enough. Commonly downloaded programs can and have been compromised with malware. Then keep the PC up to date even though Windows Updates are annoying af and run an up to date antivirus and not click random shit on the internet. There is more that meets the eye I see the soul that is inside Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 Time to air-gap everything. This internet thing is maybe more trouble than it's worth Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 5 minutes ago, captain_to_fire said: not click random shit on the internet. Did you read my post? "Commonly download programs" are not Quote random shit on the internet. 9 minutes ago, captain_to_fire said: Then keep the PC up to date Did you read your bleeping computer source? Quote Researchers didn't release information on CPUs impacted by Spectre 1.2. No patches are available for either bugs at the moment, but an Intel spokesperson told Bleeping Computer that its guide on handling Meltdown and Spectre flaws contains information on how developers can inspect and modify their source code to mitigate the vulnerability at the app/software level. Current LTT F@H Rank: 90 Score: 2,503,680,659 Stats Yes, I have 9 monitors. My main PC (Hybrid Windows 10/Arch Linux): OS: Arch Linux w/ XFCE DE (VFIO-Patched Kernel) as host OS, windows 10 as guest CPU: Ryzen 9 3900X w/PBO on (6c 12t for host, 6c 12t for guest) Cooler: Noctua NH-D15 Mobo: Asus X470-F Gaming RAM: 32GB G-Skill Ripjaws V @ 3200MHz (12GB for host, 20GB for guest) GPU: Guest: EVGA RTX 3070 FTW3 ULTRA Host: 2x Radeon HD 8470 PSU: EVGA G2 650W SSDs: Guest: Samsung 850 evo 120 GB, Samsung 860 evo 1TB Host: Samsung 970 evo 500GB NVME HDD: Guest: WD Caviar Blue 1 TB Case: Fractal Design Define R5 Black w/ Tempered Glass Side Panel Upgrade Other: White LED strip to illuminate the interior. Extra fractal intake fan for positive pressure. unRAID server (Plex, Windows 10 VM, NAS, Duplicati, game servers): OS: unRAID 6.11.2 CPU: Ryzen R7 2700x @ Stock Cooler: Noctua NH-U9S Mobo: Asus Prime X470-Pro RAM: 16GB G-Skill Ripjaws V + 16GB Hyperx Fury Black @ stock GPU: EVGA GTX 1080 FTW2 PSU: EVGA G3 850W SSD: Samsung 970 evo NVME 250GB, Samsung 860 evo SATA 1TB HDDs: 4x HGST Dekstar NAS 4TB @ 7200RPM (3 data, 1 parity) Case: Sillverstone GD08B Other: Added 3x Noctua NF-F12 intake, 2x Noctua NF-A8 exhaust, Inatek 5 port USB 3.0 expansion card with usb 3.0 front panel header Details: 12GB ram, GTX 1080, USB card passed through to windows 10 VM. VM's OS drive is the SATA SSD. Rest of resources are for Plex, Duplicati, Spaghettidetective, Nextcloud, and game servers. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 Author 33 minutes ago, Christophe Corazza said: Time to air-gap everything. This internet thing is maybe more trouble than it's worth Said by almost every parent There is more that meets the eye I see the soul that is inside Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 Author 1 minute ago, sazrocks said: Did you read your bleeping computer source? I did. I indicated it in the OP. I was just showing the most common way of making one's computer safe. Just because there's no software patch at the moment doesn't mean there won't be one in the coming weeks. So I don't really know what you're riling about. There is more that meets the eye I see the soul that is inside Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 11 minutes ago, Christophe Corazza said: Time to air-gap everything. This internet thing is maybe more trouble than it's worth Raspberri Pis to rule the internet? My eyes see the past… My camera lens sees the present… Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 2 minutes ago, captain_to_fire said: I did. I indicated it in the OP. I was just showing the most common way of making one's computer safe. Just because there's no software patch at the moment doesn't mean there won't be one in the coming weeks. So I don't really know what you're riling about. We seem to be having a miscommunication. I'll just drop it. Current LTT F@H Rank: 90 Score: 2,503,680,659 Stats Yes, I have 9 monitors. My main PC (Hybrid Windows 10/Arch Linux): OS: Arch Linux w/ XFCE DE (VFIO-Patched Kernel) as host OS, windows 10 as guest CPU: Ryzen 9 3900X w/PBO on (6c 12t for host, 6c 12t for guest) Cooler: Noctua NH-D15 Mobo: Asus X470-F Gaming RAM: 32GB G-Skill Ripjaws V @ 3200MHz (12GB for host, 20GB for guest) GPU: Guest: EVGA RTX 3070 FTW3 ULTRA Host: 2x Radeon HD 8470 PSU: EVGA G2 650W SSDs: Guest: Samsung 850 evo 120 GB, Samsung 860 evo 1TB Host: Samsung 970 evo 500GB NVME HDD: Guest: WD Caviar Blue 1 TB Case: Fractal Design Define R5 Black w/ Tempered Glass Side Panel Upgrade Other: White LED strip to illuminate the interior. Extra fractal intake fan for positive pressure. unRAID server (Plex, Windows 10 VM, NAS, Duplicati, game servers): OS: unRAID 6.11.2 CPU: Ryzen R7 2700x @ Stock Cooler: Noctua NH-U9S Mobo: Asus Prime X470-Pro RAM: 16GB G-Skill Ripjaws V + 16GB Hyperx Fury Black @ stock GPU: EVGA GTX 1080 FTW2 PSU: EVGA G3 850W SSD: Samsung 970 evo NVME 250GB, Samsung 860 evo SATA 1TB HDDs: 4x HGST Dekstar NAS 4TB @ 7200RPM (3 data, 1 parity) Case: Sillverstone GD08B Other: Added 3x Noctua NF-F12 intake, 2x Noctua NF-A8 exhaust, Inatek 5 port USB 3.0 expansion card with usb 3.0 front panel header Details: 12GB ram, GTX 1080, USB card passed through to windows 10 VM. VM's OS drive is the SATA SSD. Rest of resources are for Plex, Duplicati, Spaghettidetective, Nextcloud, and game servers. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 26 minutes ago, Jurrunio said: I remember a few of these cpu vulnerabilities also affect Ryzen. Does that mean AMD's FX is the safest because no one bother targeting it? Intel ship the most $ worth of CPUs by a very wide margin, so they will naturally attract the most attention. The fact is SPARC, MIPS, ARM and even POWER have been reported as having SPECTRE vulns - so it's not just poor likkle old Intel. To my reckoning there are an awful lot of VMs out there sharing Intel boxes on networks with strangers, so it seems reasonable that Intel cops the majority of the flak to me... Big fail is a natural by-product of big success. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 4 hours ago, Arika S said: I'm getting bored of all these exploits. I vote we start a new internet where our pcs don't have these exploits. Grammar and spelling is not indicative of intelligence/knowledge. Not having the same opinion does not always mean lack of understanding. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 10 minutes ago, mr moose said: I vote we start a new internet where our pcs don't have these exploits. Hmm? That's an excellent point, why has no one though of it before. Pfff, security experts can't even figure out such a basic solution as this . Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 1 minute ago, leadeater said: Hmm? That's an excellent point, why has no one though of it before. Pfff, security experts can't even figure out such a basic solution as this . Blockchain quantum internet? /s Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 Still hoping for Nvidia to drop out of nowhere the news on entering the CPU market. Maybe their architecture would have no security vulnerabilities. Because while this was scary at first, especially if you owned Intel, at this point does anyone even gives a f*ck? I mean, it's not like you can just stop using Intel or AMD CPU's. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 3 minutes ago, Deus Voltage said: Blockchain quantum internet? /s I was thinking we just ban people from talking about it. if no one knows it's an exploit we go back to June last year when it wasn't a problem. Grammar and spelling is not indicative of intelligence/knowledge. Not having the same opinion does not always mean lack of understanding. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 1 minute ago, Deus Voltage said: Blockchain quantum internet? /s We just need to distribute it to thousands and thousands of fridges, RIP Anton. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 I really want a new laptop, but fucking spectre and meltdown is annoying the back of my head like: don't get cucked, look at your core duo laptop, 32 bit only. Ryzen 5 3600 stock | 2x16GB C13 3200MHz (AFR) | GTX 760 (Sold the VII)| ASUS Prime X570-P | 6TB WD Gold (128MB Cache, 2017) Samsung 850 EVO 240 GB 138 is a good number. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 1 minute ago, NMS said: Still hoping for Nvidia to drop out of nowhere the news on entering the CPU market. Maybe their architecture would have no security vulnerabilities. Because while this was scary at first, especially if you owned Intel, at this point does anyone even gives a f*ck? I mean, it's not like you can just stop using Intel or AMD CPU's. I can imagine there are a handful of personality types that are not sleeping well with this news, they'd be the same ones that ruin every thread with conspiracy theories about bill gates poisoning the children etc. Grammar and spelling is not indicative of intelligence/knowledge. Not having the same opinion does not always mean lack of understanding. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 2 minutes ago, mr moose said: I was thinking we just ban people from talking about it. if no one knows it's an exploit we go back to June last year when it wasn't a problem. Let's make the "Tech Ministry of Truth" while we're at it. All found exploits are propaganda by the enemy 3 minutes ago, leadeater said: We just need to distribute it to thousands and thousands of fridges, RIP Anton. Think of all the money we can make, maybe we'll be the first trillionaires Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 2 minutes ago, Deus Voltage said: Let's make the "Tech Ministry of Truth" while we're at it. All found exploits are propaganda by the enemy That's already happening on this internet, it doesn't appear to be working to well because it seems we still have security issues. Well just run a script that deletes all pages that contains the words exploit, security, flaw, vulnerability, patch and update. that should take care of most of it. I personally look forward to never having to hear about update issues again. Grammar and spelling is not indicative of intelligence/knowledge. Not having the same opinion does not always mean lack of understanding. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 12, 2018 4 hours ago, Zodiark1593 said: Raspberri Pis to rule the internet? Actually yes. Those and cheap android phones. The A53 doesn't use speculative execution and so is invulnerable to spectre and its derivatives. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now