back to article Foreshadow returns to the foreground: Secrets-spilling speculative-execution Intel flaw lives on, say boffins

Some of the boffins who in 2018 disclosed the data-leaking speculative-execution flaws known as Spectre and Meltdown today contend that attempts to extinguish the Foreshadow variant have missed the mark. In a paper slated to be distributed through ArXiv today, Martin Schwarzl, Thomas Schuster, and Daniel Gruss with Graz …

  1. RM Myers Silver badge

    Question

    Has anyone actually heard about any successful exploit in the wild of Spectre or Meltdown? Every exploit I can remember reading has been in a research setting, not a production environment. Given the number of simpler vulnerabilities to exploit, including human error, I wonder how many people are really trying to use side channel attacks.

    1. amanfromMars 1 Silver badge

      Re: Question

      Has anyone actually heard about any successful exploit in the wild of Spectre or Meltdown? Every exploit I can remember reading has been in a research setting, not a production environment. Given the number of simpler vulnerabilities to exploit, including human error, I wonder how many people are really trying to use side channel attacks. .... RM Myers

      You may get a foretaste of one in the contents of a current live thread up and running down and dirty on El Reg today, amigo .....Masters of the Russian Margarita :-)

    2. diodesign (Written by Reg staff) Silver badge

      Exploitation

      It's too much hassle to exploit in real-world scenarios given the slow rate of exfiltration and that the code to abuse spec-ex is non-trivial (bar Meltdown, perhaps), and that there was an immense amount of engineering work poured into closing the side channels (or attempting to).

      Thus, if you're an exploit developer, you'll probably go back to attacking bugs in the Windows kernel or tricking people into running email attachments as administrator - it's far easier.

      That isn't to say it's been a complete waste of time. If Meltdown, and the Spectre variants that can be exploited via a browser or virtual machine, hadn't been addressed, I think there would have been shenanigans by now.

      I think, perhaps, it's a case of this: if nothing was done, someone would find a way to leak stuff from browsers or virtual machines at least; and if mitigations are in place, no exploitation happens, and people wonder what all the fuss was about.

      One thing it's done is highlight the semiconductor world's rush to put speed over security, and also the holes in Intel's SGX.

      C.

      1. Anonymous Coward
        Anonymous Coward

        Re: Exploitation

        "One thing it's done is highlight the semiconductor world's rush to put speed over security, and also the holes in Intel's SGX."

        So for Intel, an exploit that only financially suites governments corporations entities with massive resources was an accidental rush job? To be fair, you did "comma-and" the SGX part so...

        Honest thinking sees honest mistakes.

        P.S. it gets hot wearing this hat.

    3. Peter2 Silver badge

      Re: Question

      Has anyone actually heard about any successful exploit in the wild of Spectre or Meltdown? Every exploit I can remember reading has been in a research setting, not a production environment. Given the number of simpler vulnerabilities to exploit, including human error, I wonder how many people are really trying to use side channel attacks.

      To be frank, my initial feeling is still unchanged a few years later. These attacks are simply not a threat to your typical on premesis servers. By the time somebody has the level of access to run them, they can do far worse.

      They are however deathly serious to people like Amazon, Microsoft et al who give huge numbers of people access to run code on their hardware with nothing but software to stop them pinching details from somebody else.

      If cloud vendors had been attacked with this, would you trust them to tell you? Doing so would risk the cloud suffering a monsoon and raining much of the cloud back into on prem servers.

      1. Christian Berger

        Re: Question

        Servers are not the problem here. Servers can be secured physically and they typically only run "trusted" code. (=code that you deliberately installed)

        The main issue here is with browsers. Browsers continue to have a missfeature that allows people to send code with their documents. The figleaf is that "sandboxes" will prevent that from getting dangerous. Ignoring for a moment that the mere act of computation on a client can be an attack, this is yet another example for sandboxes failing in more or less unexpected ways.

        We must stop using sandboxes as an excuse to do highly dangerous things. A sandbox can be an additional barrier against exploitation, however it is not a cure all that allows you to execute random malware.

        1. Peter2 Silver badge

          Re: Question

          That was my point. An on premesis server is not seriously threatened because by the time you can run this code on it, you can do far worse to the server.

          Amazon S3/Azure instances however exist for the sole purpose of having untrusted code run on them hence why the clouds are threatened by this and our on premesis servers aren't.

  2. Conundrum1885
    Alien

    Re. SPECTRE

    Actually I think I had this happen on three of my laptops.

    Symptoms: often the machines would subtly corrupt data on both internal and external drives

    despite the RAM being tested, to the point that the drives permanently failed.

    The main commonality is they all used Intel chipsets and CPUs, from Core 2 to i3.

    One of them actually ate its BIOS to the point it was unbootable as well, which is very strange.

    I did actually mitigate it by installing W7 64 bit rather than 32.

    Probably also worth mentioning that the issue also corrupted data in the SPD chips on both screen

    and RAM, maybe related to the HDD failures.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021