“Meltdown” and “Spectre”: Every modern processor has unfixable security flaws.

[falkenjeff]

Just an FYI.

https://arstechnica.com/gadgets/201...odern-processor-has-unfixable-security-flaws/

https://meltdownattack.com

Meltdown Wikipedia

Spectre Wikipedia

Less technical news article: http://www.bbc.com/news/technology-42553818

Also lol: Experts have said that the fix could slow down the performance of computers by up to 30% but Intel played this down, saying that "for the average user, performance impacts should not be significant and will be mitigated over time"

 

[falkenjeff]

@Sodaboy you probably know more about this than most of us do. Insight?

 

[reason]

UGLY, I just hope the Intel shills are not wrong on this...
Quite crazy stuff.

 

[Liberalce]

youll be seeing a lot of cpu exploits since hardware security issues have been brought up recently. theres so many undocumented cpu instructions that theres bound to be a ridiculous amount of exploits

 

[conenubi701]

Meltdown is a bigger security hole than Spectre but either way they're still exploits. So far it seems like Intel is the hardest hit manufacturer so far since the Spectre exploit on AMD can be avoided by by not toggling eBPF JIT on (it's off by default) and Intel is vulnerable to both Meltdown and Spectre.

https://googleprojectzero.blogspot.de/2018/01/reading-privileged-memory-with-side.html

In possibly related news, Intel's CEO sold a lot of Intel stock about a month ago. Maybe he knew something? https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx

Intel's stock dropped 3% today and AMD's stock rose 5%, reactionary market as usual, but something to keep an eye on over the next week.

 

[Powder Keg]

This fucked with my streaming. I get a GPU bottleneck when I try to stream at 60FPS, but 30 is fine. My PC is brand new and really high end, so it's frustrating. Truth be told I don't stream a ton of games that need 60FPS anyway, so hopefully this is fixed relatively soon. It's evident that they rushed out the update to get the security fixes in.

 

[canoshiz]

This is quite an interesting development. I wonder what'll become of the processors we're using in the future.

 

[falkenjeff]

since the Spectre exploit on AMD can be avoided by by not toggling eBPF JIT on (it's off by default)

You're sure about this? What I read made it seem like "mOdErN cPuS nEeD tHiS tO fUnCtIoN!1!111!!"

Also the way it's described... Makes me wonder why it hadn't been discovered years ago. Are CPUs super black box and closed off so no one knows how they work? Because even an undergrad could exploit this years ago if they knew what to look for. ("Reading memory that you're not supposed to have access to" is like intro to hacking 101)

 

[anime]

It's not that simple skylar

 

[falkenjeff]

It's not that simple skylar

If you know a processor is dumping random stuff into memory, then yes it is.

The only logical conclusion is that people didn't know about this behavior or something (ie: black box).

But I guess in hindsight everything looks easy once it has already been done.

 

[Liberalce]

it's not that easy to figure out with what instructions you can use to exploit something meaningful

 

[ToasterMage]

Because even an undergrad could exploit this years ago if they knew what to look for. ("Reading memory that you're not supposed to have access to" is like intro to hacking 101)

What you learn in your basic comparch class has very little to do with how cpus actually work nowadays.
its 99% black magic.