Announcement

Collapse
No announcement yet.

Some serious security bug in INTEL CPUs?? Since Westmere possibly

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #21
    Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

    Originally posted by stj View Post
    so, what does the future hold?
    Amiga,
    or Unix on PPC / MIPS?
    Pretty poor.
    Anything fast uses speculative execution... I guess you could go back to a Pentium 2! But even that has basic branch prediction, which might still be vulnerable.
    Please do not PM me with questions! Questions via PM will not be answered. Post on the forums instead!
    For service manual, schematic, boardview (board view), datasheet, cad - use our search.

    Comment


      #22
      Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

      Originally posted by tom66 View Post
      The performance bug is actually *really* interesting, and also fucking terrible because there's literally *no way* to patch it on any processor without completing changing how CPUs work.
      No, you can change how the software expects the CPU to work. I.e., keep protected structures in truly protected address spaces. Then, simply prohibit all speculation that crosses that protection boundary!

      Spectre seems to work by exploiting speculative execution, which processors have had for about 15 years. You can write code that will trick the branch prediction logic into executing a block of malicious code. The code will run speculatively - but the catch is, it's not possible for the CPU to prevent reads to protected areas of memory, like other processes or the OS kernel. The CPU sorts this out *after* the speculative execution has finished, and it can check which areas are OK and which are no go (it must do this check afterwards because it can't be sure of the memory map yet). Now, normally this is not a problem because the malicious code cannot "output" anything - it remains transparent as the results never get committed because the addresses are found to be prohibited. But, by inserting timing-dependent code into the speculative execution block, you can "leak" data out of the execution path. You could make it take 10 cycles to process a "1" and 2 cycles to process a "0", then time many hundreds of executions.
      There's nothing new, here. Its just being applied to mainstream processors whereas the technique had previously been applied only to things like cryptoprocessors (along with other attack vectors like monitoring power consumption on a cycle-by-cycle basis).

      The example Google provided can read out any memory at 11KB/s, which isn't fast, but it's more than fast enough to exploit a system within ~10 minutes. You only need to find the Windows/Linux kernel process table, then you know the addresses of each application and can go to town on reading passwords, security keys, etc.
      OTOH, if all of those entities are in a separate address space (using trampolines to ferry data across the protection boundary), then you have to trick the processor into entering "supervisor" mode (to activate the other page tables) repeatedly to move bits across.

      But, this is expensive. If you're obsessed with performance, you don't even consider these sorts of options.

      OTOH, if you are concerned with correctness and security and can buy performance, you don't consider any other!

      Comment


        #23
        Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

        the main thing i'm noticing is the gamer-fanboyz are screaming.
        they have realised how fucked they are now.

        they all went for the i7 stuff to squeeze every last cycle, while being rop-a-doped into using win10 to be able to install the latest direct-x version.

        now they know that the kernel-fix will be auto-updated into them even if they dont want it because the machine has nothing to compromise other than a few games!!!

        so they are going to get smashed with what i suspect could be a slowdown of over 50% and possibly a lot more.

        Comment


          #24
          Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

          Originally posted by stj View Post
          the main thing i'm noticing is the gamer-fanboyz are screaming.
          they have realised how fucked they are now.

          they all went for the i7 stuff to squeeze every last cycle, while being rop-a-doped into using win10 to be able to install the latest direct-x version.

          now they know that the kernel-fix will be auto-updated into them even if they dont want it because the machine has nothing to compromise other than a few games!!!
          I don't understand (I don't run 10). Can't they pick and choose individual updates -- assuming there will be some that they need for future game purchases? I.e., install the updates that they need for the games without the updates needed for "general security issues" -- and just keep the machine off-line to ensure it remains "protected" despite the missing updates?

          Comment


            #25
            Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

            no, afaik you can hold-off till a time of your choosing within a fixed period.
            keeping offline defies the point of a gaming rig.

            Comment


              #26
              Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

              Originally posted by stj View Post
              no, afaik you can hold-off till a time of your choosing within a fixed period.
              But, can you still opt NOT to take the update? Or, take only selected parts of it?

              keeping offline defies the point of a gaming rig.
              But you can be on-line and still block access to ports that have vulnerabilities or that represent potential attack vectors. I.e., you don't need to enable file sharing, IIS, etc. to be able to play a game, on-line.

              If Windows isn't capable of doing this, then an external router/firewall should provide the service without relying on a MS fix.

              Comment


                #27
                Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

                Originally posted by Curious.George View Post
                But, can you still opt NOT to take the update? Or, take only selected parts of it?
                Not with Windows 10, you can postpone updates (but not indefinitely) but unless you are never connected to the internet they will install automatically once the maximum postpone period runs out. (With the exception of the "Enterprise" version which still gives full control over updates)

                Comment


                  #28
                  Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

                  and if you block all the m$ ports or i.p.'s externally, the o.s. wont work.
                  if you try to block them on the machine it just tunnels right under your firewall software on a lower ring!

                  Comment


                    #29
                    Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

                    argg... i suppose this totally screws over my winxp c2d and c2q systems... fuck intel and their meltdown and spectre vulnerabilities. ah well... intel inside idiot outside, i guess...

                    Comment


                      #30
                      Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

                      i think it effects everything newer than a 486DX4 actually!!

                      Comment


                        #31
                        Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

                        Possibly everything since P6. P4 and P5 do not have out-of-order execution! Plus couple Atom generations.

                        Anyway, AMD states none of the three scenarios work on their CPUs as they implement it different way. Also ARM64 has two extra register bits to identify the ring of each process address - so the CPU always knows where it's coming from and what "rights" it has.

                        So anyways, the "big best one which-never-could-be-wrong" screwed heavily again. Like for the fourth time last few years
                        Less jewellery, more gold into electrotech industry! Half of the computer problems is caused by bad contacts

                        Exclusive caps, meters and more!
                        Hardware Insights - power supply reviews and more!

                        Comment


                          #32
                          Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

                          Originally posted by Curious.George View Post
                          I don't understand (I don't run 10). Can't they pick and choose individual updates -- assuming there will be some that they need for future game purchases? I.e., install the updates that they need for the games without the updates needed for "general security issues" -- and just keep the machine off-line to ensure it remains "protected" despite the missing updates?
                          Win7 and Win8.1 users can't either.
                          Microsoft stopped releasing individual updates some months ago.
                          Now it's a cumulative update released each month that contains all previous updates.

                          Microsoft released the patch today for clients and servers, but it requires firmware updates too...
                          Clients: https://support.microsoft.com/en-us/...erabilities-in
                          Servers: https://support.microsoft.com/en-us/...tive-execution
                          Further info: https://portal.msrc.microsoft.com/en...sory/ADV180002
                          Last edited by Per Hansson; 01-05-2018, 05:44 AM.
                          "The one who says it cannot be done should never interrupt the one who is doing it."

                          Comment


                            #33
                            Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

                            Originally posted by stj View Post
                            so, what does the future hold?
                            Amiga,
                            or Unix on PPC / MIPS?
                            +1 for Amigas, lets dust off the M6800's!

                            Comment


                              #34
                              Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

                              i have a 68060 in one!!!

                              Comment


                                #35
                                Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

                                Originally posted by dmill89 View Post
                                Not with Windows 10, you can postpone updates (but not indefinitely) but unless you are never connected to the internet they will install automatically once the maximum postpone period runs out. (With the exception of the "Enterprise" version which still gives full control over updates)
                                So, an airgapped machine won't suddenly "refuse to operate" because it hasn't been able to get it's updates?

                                Then, with an external firewall, can't you still be online and just block all MS traffic? I.e., let a machine talk to MS for updates while you have a packet sniffer running ON ANOTHER MACHINE (I never trust an OS to police itself). Then, armed with a list of IPs and ports that were used in the update, configure firewall to explicitly block them and put the machine you'd like to use behind that firewall knowing that it will never be able to make the required connections to the update service?

                                Comment


                                  #36
                                  Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                                  after all these years, I'm just not getting overly excited about this....maybe its just me not being paranoid.
                                  <--- Badcaps.net Founder

                                  Badcaps.net Services:

                                  Motherboard Repair Services

                                  ----------------------------------------------
                                  Badcaps.net Forum Members Folding Team
                                  http://folding.stanford.edu/
                                  Team : 49813
                                  Join in!!
                                  Team Stats

                                  Comment


                                    #37
                                    Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                                    Originally posted by Topcat View Post
                                    after all these years, I'm just not getting overly excited about this....maybe its just me not being paranoid.
                                    Probably because it's just you assessing your personal risk and being comfortable with it. E.g., I won't even bother installing any patch as most of my machines aren't "exposed" for the exploit to take hold.

                                    OTOH, if you were a corporation that had product based on those devices in the market, you'd be worrying about your financial and legal exposure. Imagine someone using this exploit to hack all the PC-based cash registers that are in use and being the company that manufactured them!

                                    Or, if you had 3000 seats running on that hardware in your business and suddenly had to worry about all of them being potentially compromised. Or, all being potential attack vectors to other systems in your organization.

                                    Comment


                                      #38
                                      Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

                                      Originally posted by stj View Post
                                      the main thing i'm noticing is the gamer-fanboyz are screaming.
                                      they have realised how fucked they are now.

                                      they all went for the i7 stuff to squeeze every last cycle, while being rop-a-doped into using win10 to be able to install the latest direct-x version.

                                      now they know that the kernel-fix will be auto-updated into them even if they dont want it because the machine has nothing to compromise other than a few games!!!

                                      so they are going to get smashed with what i suspect could be a slowdown of over 50% and possibly a lot more.
                                      The performance reduction in games is below 1%.
                                      https://www.techspot.com/article/155...mance-windows/

                                      Enterprise workloads, especially database workloads are what does see some reduction in performance.
                                      (Up to 35% in worst case for realistic non-synthetic loads).
                                      https://www.phoronix.com/scan.php?pa...5-x86pti&num=2

                                      The patch itself can be disabled also on Windows client systems using the registry keys linked in my previous post for servers.

                                      I have just tried it on my Thinkpad W540p running Windows 8.1 x64 before patching:


                                      After Patch KB4056898:


                                      After Patch KB4056898 & Lenovo BIOS update:


                                      It's important to note that to get the January 2018 update to show up your antivirus program must have confirmed that it's compatible by adding a key to the registry.
                                      Otherwise the update will not show up because an incompatible antivirus program will cause the system to BSOD when these changes are implemented!
                                      Do note that "Windows Defender" included with Windows 7 does currently NOT set this key as it's not a true antivirus program.
                                      So you have to do it manually if you want the update to show up in Windows 7! (Or install MSE).
                                      https://support.microsoft.com/en-us/...dates-released
                                      Attached Files
                                      Last edited by Per Hansson; 01-05-2018, 12:41 PM.
                                      "The one who says it cannot be done should never interrupt the one who is doing it."

                                      Comment


                                        #39
                                        Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

                                        Originally posted by Per Hansson View Post
                                        The performance reduction in games is below 1%.
                                        https://www.techspot.com/article/155...mance-windows/

                                        Enterprise workloads, especially database workloads are what does see some reduction in performance.
                                        (Up to 30% in worst case for non-synthetic loads).
                                        https://www.phoronix.com/scan.php?pa...5-x86pti&num=2
                                        I'd imagine the difference relates to the number of system calls the different types of applications invoke vs. the amount of "work" they do between calls.

                                        An RDBMS spends a lot of effort hitting on the network stack and in the disk subsystem -- all system calls.

                                        I'd imagine games spend most of their time in the video subsystem (and aren't there hooks that effectively let this happen by going around the OS instead of through it? All in the name of "performance")

                                        [The same sort of optimization doesn't exist for hanging around in the disk subsystem]

                                        Comment


                                          #40
                                          Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                                          That is exactly correct.
                                          Just as shown in the test at Techspot I saw a small (but measureable) performance reduction in 4K disk performance:
                                          Asrock X99 Extreme4/3.1 with Haswell-EP 5820K CPU and Samsung SM961 NVMe drive running Windows 7 x64

                                          Before patch KB4056894:


                                          After patch KB4056894:
                                          Attached Files
                                          "The one who says it cannot be done should never interrupt the one who is doing it."

                                          Comment

                                          Working...
                                          X