Welcome to the Utopia Forums! Register a new account
The current time is Tue Apr 24 22:12:25 2018

Utopia Talk / Politics / Intel lolz of the decade
State Department
Member
Sun Jan 07 20:59:18
What Meltdown and Spectre do

A brief recap of the problem: modern processors perform speculative execution. To maximize performance, they try to execute instructions even before it is certain that those instructions need to be executed. For example, the processors will guess at which way a branch will be taken and execute instructions on the basis of that guess. If the guess is correct, great; the processor got some work done without having to wait to see if the branch was taken or not. If the guess is wrong, no big deal; the results are discarded and the processor resumes executing the correct side of the branch.

While this speculative execution does not alter program behavior at all, the Spectre and Meltdown research demonstrates that it perturbs the processor's state in detectable ways. This perturbation can be detected by carefully measuring how long it takes to perform certain operations. Using these timings, it's possible for one process to infer properties of data belonging to another process—or even the operating system kernel or virtual machine hypervisor.

This information leakage can be used directly; for example, a malicious JavaScript in a browser could steal passwords stored in the browser. It can also be used in tandem with other security flaws to increase their impact. Information leakage tends to undermine protections such as ASLR (address space layout randomization), so these flaws may enable effective exploitation of buffer overflows.

Meltdown, applicable to virtually every Intel chip made for many years, along with certain high-performance ARM designs, is the easier to exploit and enables any user program to read vast tracts of kernel data. The good news, such as it is, is that Meltdown also appears easier to robustly guard against. The flaw depends on the way that operating systems share memory between user programs and the kernel, and the solution—albeit a solution that carries some performance penalty—is to put an end to that sharing.

Spectre, applicable to chips from Intel, AMD, and ARM, and probably every other processor on the market that offers speculative execution, too, is more subtle. It encompasses a trick testing array bounds to read memory within a single process, which can be used to attack the integrity of virtual machines and sandboxes, and cross-process attacks using the processor's branch predictors (the hardware that guesses which side of a branch is taken and hence controls the speculative execution). Systemic fixes for some aspects of Spectre appear to have been developed, but protecting against the whole range of fixes will require modification (or at least recompilation) of at-risk programs.

http://ars...oft-others-are-doing-about-it/
swordtail
Anarchist Prime
Mon Jan 08 10:08:48
"It Doesn’t Look Good": Intel CEO In Jeopardy For Selling Stock After Learning Of "Staggering" Flaw

http://www...after-learning-staggering-flaw
Daemon
Member
Mon Jan 08 10:46:50
Don't worry, everything is working perfectly!

http://www...alysis-and-intel-products.html

Is this a bug in Intel hardware or processor design?

No. This is not a bug or a flaw in Intel products. These new exploits leverage data about the proper operation of processing techniques common to modern computing platforms, potentially compromising security even though a system is operating exactly as it is designed to. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
CrownRoyal
Member
Mon Jan 08 11:40:59
this is a complete disaster
Nimatzo
iChihuaha
Mon Jan 08 18:34:56
We have no real competitor to Intel for high end desktop cpus. So we are stuck with their bs.
hood
Member
Mon Jan 08 18:39:48
You clearly haven't been following Ryzen.
pillz
Member
Mon Jan 08 19:57:19
AMD has been a solid competitor for the last 8 years I've followed computers... Not as much in the ultra-highend segment however.

It seems like they could fix this by salting process speeds, if thats a thing thats possible?

Also, we're at a point where there is no way for computers to be entirely secure.

They can now grab information from the sound of your monitor, the heat of your CPU, by calculating how long it takes for processes to finish...

its time for quantum computing.
show deleted posts

Your Name:
Your Password:
Your Message:
Bookmark and Share