|
linus is right: this has to be seen as a hardware bug because it's unreasonable to expect software to just accept it as a new limitation, not when the basic problem is that there are suddenly a million different ways to leak information out of the supervisor/hypervisor despite memory protections. now, hardware bugs happen, so in software you gotta do what you gotta do, but eventually the hardware bug is supposed to get fixed, and when the workaround is as terrible as this one you really want to be able to take advantage of that and getting rid of the workaround, which one reason why you always implement this kind of workaround under a switch. if it turns out that the future hardware hasn't really fixed it then whatever, just flip the switch back i get why intel doesn't want to say this is a hardware bug. intel does not want to pay to replace every chip they've made in the last twenty-five years. but if they're seriously imagining that they don't have anything to fix, well, it is absolutely the place of people like linus to tell them that they're being dumb as hell, and the only way linus knows how to do that is by throwing a tantrum and threatening to... i don't know what, exactly, it's not like he's going to stop maintaining the x86 port
|
#
?
Jan 4, 2018 05:26
|
|
|
|
| # ? May 15, 2024 22:17 |
|
|
why would Intel need to pay to replace all their chips in the first place though. Ain't like most companies running 2002's hottest P4s would have some sort of contract guaranteeing that level of support
|
|
#
?
Jan 4, 2018 05:49
|
|
|
quote:WHAT THIS LIMITED WARRANTY DOES NOT COVER: hm
|
|
#
?
Jan 4, 2018 05:58
|
|
|
mrmcd posted:As long as you don't execute based on pure speculation you should be fine. Nice mrmcd posted:which supposedly has additional hardening, at the cost of ~10-20% more ram usage! As if chrome needs another excuse to gobble RAM
|
|
#
?
Jan 4, 2018 06:10
|
|
|
rjmccall posted:linus is right: this has to be seen as a hardware bug because it's unreasonable to expect software to just accept it as a new limitation, not when the basic problem is that there are suddenly a million different ways to leak information out of the supervisor/hypervisor despite memory protections. now, hardware bugs happen, so in software you gotta do what you gotta do, but eventually the hardware bug is supposed to get fixed, and when the workaround is as terrible as this one you really want to be able to take advantage of that and getting rid of the workaround, which one reason why you always implement this kind of workaround under a switch. if it turns out that the future hardware hasn't really fixed it then whatever, just flip the switch back
|
|
#
?
Jan 4, 2018 06:29
|
|
|
everyone just needs to buy one of those $5000 power9 workstations
|
|
#
?
Jan 4, 2018 06:39
|
|
|
i'm just saying intel is extremely skittish about admitting bugs in their chips, for pretty obvious reasons
|
|
#
?
Jan 4, 2018 07:00
|
|
|
rjmccall posted:i'm just saying intel is extremely skittish about admitting bugs in their chips, for pretty obvious reasons Yeah, their handling of the FDIV bug was incredibly inept.
|
|
#
?
Jan 4, 2018 07:14
|
|
|
The_Franz posted:everyone just needs to buy one of those $5000 power9 workstations those workstation boards are vaporware. never existed. power is a real threat to intel when it comes to cloud providers though. they don’t have to threaten to eject intel, just threaten to shift the easy workloads over, reducing their total buys
|
|
#
?
Jan 4, 2018 07:16
|
|
|
Proteus Jones posted:Yeah, their handling of the FDIV bug was incredibly inept. looked slick as poo poo to me they avoided any significant consequences and remained the dominant vendor
|
|
#
?
Jan 4, 2018 07:17
|
|
|
anthonypants posted:2018 will be the year of aarch64
|
|
#
?
Jan 4, 2018 07:43
|
|
|
Notorious b.s.d. posted:those workstation boards are vaporware. never existed. i was being sarcastic, but is ppc actually immune to these attacks or is it just a matter of nobody having checked? i'm guessing the latter
|
|
#
?
Jan 4, 2018 08:12
|
|
|
rjmccall posted:i'm just saying intel is extremely skittish about admitting bugs in their chips, for pretty obvious reasons they never will because it isn’t a bug, they mention the behavior in the specifications. just because it was a bad design choice that in hindsight allows an enormous security vulnerability doesn’t make it a bug.
|
|
#
?
Jan 4, 2018 08:25
|
|
|
disallowing javascript and not running code you don't trust should button you up relatively well, right?
|
|
#
?
Jan 4, 2018 08:27
|
|
|
Farmer Crack-rear end posted:disallowing javascript and not running code you don't trust should button you up relatively well, right? it’s mostly a vulnerability for servers with multiple users or virtual machines, so sure. there’s basically nothing you can do except hope google or amazon or whoever is fixing their servers. also, if anyone trades stocks, I’d imagine in a few days when this story gets more traction will be a great time to get a deal on intel stock. it’ll get devalued because of this, but will rebound in a month or so when everyone forgets and intel experiences literally no change in profits.
|
|
#
?
Jan 4, 2018 08:37
|
|
|
anthonypants posted:i mean, you could read the post on the previous page that explained that the ceo would have made their decision to sell their stock in april of last year, or you could continue to listen to el reg and reddit and hackernews with the rest of the internet, because why would the people on those websites lie to you? http://www.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1 quote:But Krzanich only put that plan in place on October 30, according to the filing. His decision to set up that plan was "unrelated" to information about the security vulnerability, the representative said. https://www.sec.gov/Archives/edgar/data/50863/000112760217033679/xslF345X03/form4.xml 
|
|
#
?
Jan 4, 2018 08:45
|
|
|
Subjunctive posted:the terms of a 10b5-1 filing don’t permit that; doing so voids the protection against presumed insider trading. it’s like the first thing they tell you when you file one https://papers.ssrn.com/sol3/papers.cfm?abstract_id=941238 states that Blue Chip Stamps led the SEC to believe that they don't have the authority to prevent a cancellation (even though the trades should not be cancellable for the safe harbour to apply) https://papers.ssrn.com/sol3/papers.cfm?abstract_id=541502&rec=1&srcabs=941238&alg=1&pos=1 believes that there's a pattern to be found in selective cancellation
|
|
#
?
Jan 4, 2018 08:55
|
|
|
in actual security news and not "i know what insider trading is, shut up with your facts" https://twitter.com/GossiTheDog/status/948833769963900929
|
|
#
?
Jan 4, 2018 12:05
|
|
|
Wiggly Wayne DDS posted:in actual security news and not "i know what insider trading is, shut up with your facts" HAHAHAHAHAHAHA This is art.
|
|
#
?
Jan 4, 2018 12:07
|
|
|
Wiggly Wayne DDS posted:in actual security news and not "i know what insider trading is, shut up with your facts" All the more reason to not use AV.
|
|
#
?
Jan 4, 2018 12:51
|
|
|
hahahaha
|
|
#
?
Jan 4, 2018 13:30
|
|
|
ratbert90 posted:All the more reason to not use AV. You'll never get patched otherwise.
|
|
#
?
Jan 4, 2018 13:33
|
|
|
this morning even NPR was jumping on the bandwagon of the intel issue except they called it MELTDOWNNNNN which I hadn't heard anyone call it until now, i thought the correct term was FUCKWIT 
|
|
#
?
Jan 4, 2018 15:43
|
|
|
Wiggly Wayne DDS posted:in actual security news and not "i know what insider trading is, shut up with your facts" they should have just uninstalled the AV, patched, and then refused to install incompatible versions after but then people would bitch about Microsoft taking control of their computer!!
|
|
#
?
Jan 4, 2018 15:45
|
|
|
ate all the Oreos posted:this morning even NPR was jumping on the bandwagon of the intel issue fuckwit was the linux kernel team term for a solution i think? the wit being "with interrupt trampolines", the trampoline being a piece of code that changes to the right page table and jumps to the correct place (i don't recall the reasoning for the acronym beyond that) meltdown is indeed the term from the people who came up with that exploit (though perhaps they were the second team to do so?)
|
|
#
?
Jan 4, 2018 15:47
|
|
|
oh ok they also said "hack attack" like three or four times, real fast each time, which was fun
|
|
#
?
Jan 4, 2018 15:48
|
|
|
Wiggly Wayne DDS posted:in actual security news and not "i know what insider trading is, shut up with your facts" Mere days into 2018 and it's already amazing. Looking forward to Trump's tweet about how The Deep State is responsible for this.
|
|
#
?
Jan 4, 2018 15:57
|
|
|
https://twitter.com/paul_pearce/status/948777375281528832
|
|
#
?
Jan 4, 2018 16:29
|
|
|
The_Franz posted:i was being sarcastic, but is ppc actually immune to these attacks or is it just a matter of nobody having checked? the intel-specific issue is a side channel attack that will dump kernel memory at 500kb/s in their proof of concept. that poo poo is hella exploitable right now today. the “spectre” thing potentially affects every chip with a branch predictor, but they only got it to work on intel. it looks sufficiently hairy I would be a little surprised if anyone ever got it to do something useful. maybe someone with better assembly chops finds it scarier than I do?
|
|
#
?
Jan 4, 2018 16:39
|
|
|
James Baud posted:If you're executing arbitrary code to exploit the side channel, you're already 99% of the way to everything that matters in most of the world. lol look at this dipshit
|
|
#
?
Jan 4, 2018 16:40
|
|
|
James Baud posted:If you're executing arbitrary code to exploit the side channel, you're already 99% of the way to everything that matters in most of the world. THE SECURITY MODELS BETWEEN DOS AND NT ARE INDISTINGUISHABLE
|
|
#
?
Jan 4, 2018 16:41
|
|
|
BangersInMyKnickers posted:lol look at this dipshit he’s not totally wrong. lotta bare metal applications with a single user account out there in the wild. (of course those guys were never gonna apply an os patch anyway!) not everything is a web app dude
|
|
#
?
Jan 4, 2018 16:42
|
|
|
FYI the ms patch seems to have some compatibility issues with certain AV products (seem to be rootkit detection hooks) and those may require an update to avoid blue screens. There are some checks builtin and the patch won't apply unless it has passed a sanity check for some version or component version of the AV software but I dunno how many vendors they coordinated with
|
|
#
?
Jan 4, 2018 16:43
|
|
|
Volmarias posted:Nice no problem we'll just turn memory deduplication on oh wait...
|
|
#
?
Jan 4, 2018 16:45
|
|
|
Things will get interesting in India: http://www.tribuneindia.com/news/nation/rs-500-10-minutes-and-you-have-access-to-billion-aadhaar-details/523361.htmlquote:It took just Rs 500, paid through Paytm, and 10 minutes in which an “agent” of the group running the racket created a “gateway” for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India), including name, address, postal code (PIN), photo, phone number and email. quote:This correspondent later again approached Anil Kumar to ask for software to print Aadhaar cards. He asked for Rs 300 through Paytm No. 8107888008 (in the name of ‘Raj’). Once paid, a person identifying himself as Sunil Kumar called from mobile number 7976243548, and installed software on this correspondent’s computer by accessing it remotely through “TeamViewer”. Once the job was done, he deleted the software drivers, even from the recycle bin. Also - regarding the Intel's stocks sale : http://uk.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1?r=US&IR=T quote:But while the public is just being informed about the security problem, tech companies have known about it for months. In fact, Google informed Intel of the vulnerability in June, an Intel representative told Business Insider in a statement.
|
|
#
?
Jan 4, 2018 16:46
|
|
|
Notorious b.s.d. posted:the intel-specific issue is a side channel attack that will dump kernel memory at 500kb/s in their proof of concept. that poo poo is hella exploitable right now today. i have no better chops, but the logic behind it seems straightforward enough that it seems like it could become very scary. basically it may be a matter of applying some better blackbox fuzzing techniques to figure out how to get the effects you want in the target process (i.e. on a testbed), and then having a recipe to steal a session cookie or so out of its memory in the real environment that is, the effort to try to figure out the branch predictor behavior "by hand" may have been the only real issue that kept the poc as modest as it is, but fuzzing techniques can prove very powerful there the seriousness may just seem less than it is because of how incredibly thorough meltdown pocs are already
|
|
#
?
Jan 4, 2018 16:48
|
|
|
the spectre thing is really, really slow even under ideal circumstances I don’t understand how it would ever be useful unless you already knew exactly the target addresses you needed explain it to me
|
|
#
?
Jan 4, 2018 16:56
|
|
|
Notorious b.s.d. posted:I don’t understand how it would ever be useful unless you already knew exactly the target addresses you needed these exploits function as smaller modules that can be combined into a larger whole, just like non-evil software libraries. if there aren't known ways to determine those target addresses there may be in the future. this is now a way to get their contents as well
|
|
#
?
Jan 4, 2018 17:18
|
|
|
Cybernetic Vermin posted:fuckwit was the linux kernel team term for a solution i think? the wit being "with interrupt trampolines", the trampoline being a piece of code that changes to the right page table and jumps to the correct place (i don't recall the reasoning for the acronym beyond that) https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1553070.html posted:Several people including Linus requested to change the KAISER name.
|
|
#
?
Jan 4, 2018 17:23
|
|
|
|
| # ? May 15, 2024 22:17 |
|
|
Notorious b.s.d. posted:the spectre thing is really, really slow even under ideal circumstances googles poc for the branch predictor (spectre) case reads 1500 bytes/sec with 10-30 minutes setup, and seeing how all you need is 8-32 bytes for some cookie/certificate you can spend a fair few bytes to figure out where some interesting 32 bytes are mostly i see no reason to expect that this is even the worst case (though they made the case simple for themselves), as noted google no doubt had to do a lot of tinkering by hand which could be replaced with grinding out a good instruction pattern on a testbed
|
|
#
?
Jan 4, 2018 17:23
|
|