|
amd processors are slow
|
#
?
Jan 3, 2018 22:08
|
|
|
|
| # ? May 14, 2024 20:58 |
|
|
bulldozer arch
|
|
#
?
Jan 3, 2018 22:08
|
|
|
feh
|
|
#
?
Jan 3, 2018 22:09
|
|
|
Lightbulb Out posted:amd processors are slow
|
|
#
?
Jan 3, 2018 22:12
|
|
|
Subjunctive posted:the SEC form 4 says that the transaction was under a 10b5-1 pre-determined trading plan that was already filed. IIRC they have to be filed 6 months before they take effect, so going from the form 4 he specified the sale back in April. (likely to coincide with his option package vesting.) while i'm sure the intel CEOs would never do this, the loophole of always filing a 10b5-1, and then cancelling the scheduled trade whenever your insider information indicates you'll profit by doing so, must surely qualify as a security (and exchange) fuckup
|
|
#
?
Jan 3, 2018 22:39
|
|
|
Wiggly Wayne DDS posted:The Ultimate Apollo Guidance Computer Talk by Michael Steil and Christian Hessmann (61:42) couple pages late but this talk is real good
|
|
#
?
Jan 3, 2018 22:40
|
|
|
https://twitter.com/rhhackett/status/948666025066811392
|
|
#
?
Jan 3, 2018 22:47
|
|
|
https://twitter.com/pr0spector88/status/763715530381557761
|
|
#
?
Jan 3, 2018 22:53
|
|
|
oh also i dont know if anyone remembers this from blackhat https://www.youtube.com/watch?v=KrksBdWcZgQ edit: nm it only hit 1 proc 30 TO 50 FERAL HOG fucked around with this message at 23:16 on Jan 3, 2018 |
|
#
?
Jan 3, 2018 23:02
|
|
|
https://spectreattack.com/favicon.ico https://meltdownattack.com/favicon.ico You're seeing the logos here first, folks.
|
|
#
?
Jan 3, 2018 23:15
|
|
|
Bluh
|
|
#
?
Jan 3, 2018 23:16
|
|
|
So tired of these branded bugs. I don't even care anymore.
|
|
#
?
Jan 3, 2018 23:16
|
|
|
i like how this affects even pentiums from 1995 that had the fdiv bug
|
|
#
?
Jan 3, 2018 23:18
|
|
|
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
|
|
#
?
Jan 3, 2018 23:33
|
|
|
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
|
|
#
?
Jan 3, 2018 23:35
|
|
|
https://forums.aws.amazon.com/thread.jspa?threadID=269858
|
|
#
?
Jan 3, 2018 23:45
|
|
|
5
|
|
#
?
Jan 3, 2018 23:51
|
|
|
|
|
#
?
Jan 4, 2018 00:00
|
|
|
|
|
#
?
Jan 4, 2018 00:05
|
|
|
10 years later amd makes a comeback
|
|
#
?
Jan 4, 2018 00:05
|
|
|
https://twitter.com/KateLibc/status/948692333607862273
|
|
#
?
Jan 4, 2018 00:07
|
|
|
google says amd is vulnerable as well, and also arm: https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html?m=1quote:These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running them. rip all modern cpus, i guess e: project zero blog confirms: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html e2: looks like amd is less vulnerable at least? Arcsech fucked around with this message at 00:11 on Jan 4, 2018 |
|
#
?
Jan 4, 2018 00:08
|
|
|
side channel timing attacks are loving cool
|
|
#
?
Jan 4, 2018 00:09
|
|
|
so for spectre to work you have to feed the cpu a bunch of carefully crafted commands to train the branch prediction to react a certain way and then exploit the way the branch predictor is trained to feed a different carefully crafted command to have it speculatively access memory it shouldn't be able to access. thats some wizard poo poo
|
|
#
?
Jan 4, 2018 00:24
|
|
|
I guess if you nuked the branch predictor state across security boundaries that would mitigate it? Perhaps make it exportable and importable and let the os kernel switch it out along with the rest of the thread state. So there's probably a reasonable way to design an architecture that still gets the benefits of speculative execution without having it leak information.
|
|
#
?
Jan 4, 2018 00:29
|
|
|
Linguica posted:so for spectre to work you have to feed the cpu a bunch of carefully crafted commands to train the branch prediction to react a certain way and then exploit the way the branch predictor is trained to feed a different carefully crafted command to have it speculatively access memory it shouldn't be able to access. thats some wizard poo poo Yeah. Reading between the lines a bit, I get a sense of "we didn't bother to reverse engineer AMDs prediction engine because it was hard to do once and seriously who buys AMD. Maybe you'd like to take a crack at it though?" So the re: Is AMD vuln to cross VM kernel memory leaks is "Maybe... Stay tuned!"
|
|
#
?
Jan 4, 2018 00:31
|
|
|
mrmcd posted:Yeah. Reading between the lines a bit, I get a sense of "we didn't bother to reverse engineer AMDs prediction engine because it was hard to do once and seriously who buys AMD. Maybe you'd like to take a crack at it though?"
|
|
#
?
Jan 4, 2018 00:32
|
|
|
Linguica posted:so for spectre to work you have to feed the cpu a bunch of carefully crafted commands to train the branch prediction to react a certain way and then exploit the way the branch predictor is trained to feed a different carefully crafted command to have it speculatively access memory it shouldn't be able to access. thats some wizard poo poo in retrospect it's obvious that it's a side channel but it required some true wizardry to uncover. this is gonna be a legendary paper this is basically the end-game for HW being designed w/o SW security input Jabor posted:I guess if you nuked the branch predictor state across security boundaries that would mitigate it? Perhaps make it exportable and importable and let the os kernel switch it out along with the rest of the thread state. Read the papers on specter: data-dependent side channels are literally everywhere in modern processors. a single bit can be used to eke out an entire key (see valsorda's talk at this years ccc). Even fractions of a bit of data could be used to discover the entire key or secret. Malcolm XML fucked around with this message at 00:39 on Jan 4, 2018 |
|
#
?
Jan 4, 2018 00:33
|
|
|
Heavy_D posted:while i'm sure the intel CEOs would never do this, the loophole of always filing a 10b5-1, and then cancelling the scheduled trade whenever your insider information indicates you'll profit by doing so, must surely qualify as a security (and exchange) fuckup the terms of a 10b5-1 filing don’t permit that; doing so voids the protection against presumed insider trading. it’s like the first thing they tell you when you file one where have you seen this loophole used?
|
|
#
?
Jan 4, 2018 00:35
|
|
|
anthonypants posted:reading the actual lines a bit i get a sense of "A PoC that demonstrates the basic principles behind variant 1 in userspace on the tested Intel Haswell Xeon CPU, the AMD FX CPU, the AMD PRO CPU and an ARM Cortex A57." Yeah but that variant was only reading memory in the same process, but shows the basic principal of leaking otherwise inaccessible memory via spec execution. The really bad steal the host kernel memory stuff (variants 2 and 3) only works (so far) on Intel.
|
|
#
?
Jan 4, 2018 00:36
|
|
|
rafikki posted:Why do you want to move towards IT Security? What sort of skills do you currently have, and what sounds interesting? IT Security is a broad field so you're going to have to give us some more details. I've never done auditing as an actual job position, but it sounds awful to me at least. I'm sure some people enjoy that sort of thing. Sorry, was a bit vague about my post, as I'm a newbie to this stuff. I have been in the IT industry for 15+ years and one thing that still shocks me is the lax IT security that most places have, including my current employer. I guess I am leaning towards network security, but also some auditor skills will be useful to work out risks with existing or new systems within a workplace. For example I have having a tough time understanding this latest Intel bug, as programming is a very weak skill I have, so if there's a resource or website that can dumb stuff like that down to me, and also help me learn about exploits like this, it would be helpful.
|
|
#
?
Jan 4, 2018 00:37
|
|
|
I’m still confused by how they actually get the bytes out of the incorrect speculative branch that accessed the forbidden cache line
|
|
#
?
Jan 4, 2018 00:39
|
|
|
hobbesmaster posted:I’m still confused by how they actually get the bytes out of the incorrect speculative branch that accessed the forbidden memory i think they observe the effects of the instructions that follow the incorrect branch. Section 6 in the spectre paper describes possible avenues to leak info
|
|
#
?
Jan 4, 2018 00:40
|
|
|
hobbesmaster posted:I’m still confused by how they actually get the bytes out of the incorrect speculative branch that accessed the forbidden cache line Read section 1. You basically make the CPU speculatively read something your code shouldn't be able to, and then infer data based on what survives in the cache. The execution is rolled back and the attacker code never sees the registers, but the L1 cache isn't. Also, quote:Other microarchitectures So AMD might look like assholes in a few months.
|
|
#
?
Jan 4, 2018 00:47
|
|
|
hobbesmaster posted:I’m still confused by how  and i love it
|
|
#
?
Jan 4, 2018 00:47
|
|
|
mrmcd posted:but the L1 cache isn't. the key part I missed
|
|
#
?
Jan 4, 2018 00:49
|
|
|
mrmcd posted:Read section 1. You basically make the CPU speculatively read something your code shouldn't be able to, and then infer data based on what survives in the cache. The execution is rolled back and the attacker code never sees the registers, but the L1 cache isn't. KAISER/PTI seems to be purely for Meltdown, which is specifically what AMD is claiming they aren't vulnerable to. Spectre appears to require compiler modifications and manually updating a bunch of hand-written assembly, which wasn't public until now and AMD hasn't commented on.
|
|
#
?
Jan 4, 2018 00:55
|
|
|
if you want to understand it there's a bunch of good explanations on side-channel attacks from 34c3, including branch prediction
|
|
#
?
Jan 4, 2018 01:05
|
|
|
Failed speculative executions need to be indistinguishable from them not happening at all Else sadness
|
|
#
?
Jan 4, 2018 01:05
|
|
|
|
| # ? May 14, 2024 20:58 |
|
|
apseudonym posted:https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html this is crazy lmao
|
|
#
?
Jan 4, 2018 01:09
|
|