Foreshadow, yet another Intel vulnerability

[dfsdfgfkjsefoiqzemnd]

A team of researchers found yet another spectre-like vulnerability in modern Intel CPUs. 

So far the exploit has been confirmed for Skylake and later generations, but researchers have only looked at Intel so far.  Older CPUs and other brands may very well be vulnerable to variants of the same attack.

 

Quote

Intel's Software Guard Extensions feature, known as SGX, allows programs to establish so-called secure enclaves on Intel processors. These are regions of a chip that are cordoned off to run code that the computer's operating system can't access or change.
The secure enclave creates a safe haven for sensitive data, even if malware or another malady compromises the main computer.
But a group of researchers, hailing from five academic institutions around the world, found that although SGX can mostly repel Spectre and Meltdown attacks, a related attack can bypass its defenses. They call it Foreshadow.

"There were certain aspects that were surprising and certain aspects that weren't," says microarchitecture security researcher Yuval Yarom, a member of the team that will present its findings at the Usenix security conference in Baltimore on Wednesday."We thought speculative execution could get some information from SGX, but we weren’t sure how much. The amount of information we actually got out—that took us by surprise."

 

 

Quote

"When you look at what Spectre and Meltdown did not break, SGX was one of the few things left," says system security researcher Daniel Genkin, who contributed to the Foreshadow work. "SGX was mostly spared by Spectre, so it was the logical next step."

 

Intel was informed a while ago and is in the process of releasing microcode patches for what it calls the "L1 Terminal Fault". 

 

Source : https://www.wired.com/story/foreshadow-intel-secure-enclave-vulnerability/

 

 

 

2018 sure is shaping up to be the year of CPU vulnerabilities.  It's going to take a while before all this will be behind us.  In the meantime, be sure to patch your machines. 

 

 

[Emberstone]

All these CPU vulnerabilities sound like Buzzfeed named them. Spectre, meltdown, foreshadow, and my favorite (though this one is a stretch considering its circumstances): Ryzenfall.

 

Kind of makes it hard to take them seriously.

[Br3tt96]

2 minutes ago, Emberstone said:

All these CPU vulnerabilities sound like Buzzfeed named them. Spectre, meltdown, foreshadow, and my favorite (though this one is a stretch considering its circumstances): Ryzenfall.

 

Kind of makes it hard to take them seriously.

Ryzenfall is kinda cool. As far as names go. lol

[GoldenLag]

4 minutes ago, Br3tt96 said:

Ryzenfall is kinda cool. As far as names go. lol

Except Ryzen never fall. 

[Bananasplit_00]

Skylake and up? Then I don't care too much. 4th gen for the win!

[ivan134]

Who wants to buy a CPU

[mark_cameron]

When is the Casino Royale vulnerability going to be found?

 

Or maybe View to a Kill?

 

Or Thunderball ?

[ScratchCat]

2 hours ago, Emberstone said:

All these CPU vulnerabilities sound like Buzzfeed named them. Spectre, meltdown, foreshadow, and my favorite (though this one is a stretch considering its circumstances): Ryzenfall.

 

Kind of makes it hard to take them seriously.

You don't take the term Meltdown seriously? Please say you are not working at a Nuclear power plant, I really could do without Strontium in my cereal.

 

@Captain Chaos I have President Xi's number, shall I phone and ask him to change the Chinese calendar so 2018 is the Year Of The CPU Vulnerability?

[rcmaehl]

Hopefully this isn't Foreshadow-ing of things to come

[Emberstone]

13 minutes ago, ScratchCat said:

You don't take the term Meltdown seriously? Please say you are not working at a Nuclear power plant, I really could do without Strontium in my cereal.

 

[ScratchCat]

10 minutes ago, Emberstone said:

 

I meant that the word has connotations of very bad things, not that you actually are a nuclear engineer (joke was not received seemingly).

[JediFragger]

/goes off to buy a Core2Duo....

[Emberstone]

7 minutes ago, ScratchCat said:

I meant that the word has connotations of very bad things

I just think these names are far too spooky and doomsday'ish when they're just problems that, to my knowledge, have never been exploited outside of a lab.

[SpaceGhostC2C]

At this point I think no one cares about security anymore, they continue doing research just for the sake of naming things  

[Arika]

well yeah. when you keep hammering away at something you're going to find weaknesses and vulnerabilities.

 

nothing is as secure as people think.

[ARikozuM]

Why do these codenames sound like Tom Clancy was storyboarding? 

[Speed Weed]

38 minutes ago, SpaceGhostC2C said:

At this point I think no one cares about security anymore, they continue doing research just for the sake of naming things  

People will care when this corporation got data breach because they forgot to patch the vulnerability software or hardware that was released ages ago. So saying no one cares about security anymore is stupidity and foolish like going on vacation without locking your door and your garage. 

[captain_to_fire]

We'll end up with variant 10 vulnerabilities by the end of this year.

[bcredeur97]

inb4 we go back to pentium 4 era of performance just from security patches

XD

[Speed Weed]

2 minutes ago, captain_to_fire said:

We'll end up with variant 10 vulnerabilities by the end of this year.

How many performance will it impact? 

[SpaceGhostC2C]

1 minute ago, DaPhuc said:

People will care when this corporation got data breach because they forgot to patch the vulnerability software or hardware that was released ages ago. So saying no one cares about security anymore is stupidity and foolish like going on vacation without locking your door and your garage. 

It was a joke about researchers, not an assessment of the general public's interests.

 

I recommend stupidity and foolishness to be checked at the door when reading jokes.

[Speed Weed]

2 minutes ago, SpaceGhostC2C said:

It was a joke about researchers, not an assessment of the general public's interests.

 

I recommend stupidity and foolishness to be checked at the door when reading jokes.

Maybe I have no sense of humor because I don't see that statement was a joke. 

[Kamina]

Someone do a zero day exploit, please.

 

Shut down the players that be.

[captain_to_fire]

27 minutes ago, DaPhuc said:

How many performance will it impact? 

It depends if patching the said vulnerabilities will cause significant performance penalties like the one with Meltdown (variant 3). That's why software mitigations is another alternative if the microcode update can lead to serious performance hits.

Quote

...most leading browser providers deployed mitigations for Variant 1 in their managed runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a web browser. These mitigations are also applicable to Variant 4 and available for consumers to use today...

So those mitigations are in place to make it more difficult to exploit CPU vulnerabilities like Spectre and Meltdown

[Speed Weed]

47 minutes ago, captain_to_fire said:

It depends if patching the said vulnerabilities will cause significant performance penalties like the one with Meltdown (variant 3). That's why software mitigations is another alternative if the microcode update can lead to serious performance hits.

So those mitigations are in place to make it more difficult to exploit CPU vulnerabilities like Spectre and Meltdown

This is hardware architecture vulnerability, so alternative software patch only provide partial protection if the main black hole is still open.  Microcode is needed to patch the main black hole, but the cost is performance impact.