back to article Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits

When details of the Meltdown and Spectre CPU security vulnerabilities emerged last month, the researchers involved hinted that further exploits may be developed beyond the early proof-of-concept examples. It didn't take long. In a research paper – "MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting …

Page:

    1. Anonymous Coward
      Anonymous Coward

      Re: Fix A: Transputers

      Your average computer runs HUNDREDS of processes at any one time. And MANY of them need the full resources of the system, so try cramming hundreds of Core i-class CPU cores on a single die.

  1. Frank Gerlach #2

    Fix B: Don't share Cloud CPUs

    Sharing "cloud" CPUs is obvouisly a risky thing. Rent one CPU to one customer at a time.

  2. Frank Gerlach #2

    Fix C: Disable JavaScript

    Disable JS for random sites and enable only when required for work purpose, banking, mail etc.

    1. Charles 9 Silver badge

      Re: Fix C: Disable JavaScript

      But isn't that exactly how they get you in drive-by attacks, poisoning "trusted" sites?

  3. Lion

    Trust

    'Intel, the chipmaker most affected by these flaws, incidentally just announced an extension of its bug bounty program – just through the end of 2018 – covering side-channel vulnerabilities, with awards of up to $250,000.'...

    That is an indication that they are aware that the current firmware fixes are deficient. It also tells me that their subsequent products will continue to be vulnerable if they do not redesign the chips. Intel have only released firmware fixes for Sky Lake and Kaby Lake systems and their remaining product line (all of it) is still being evaluated. A stopgap perhaps.

    I certainly get the impression that everyone is being manipulated by Intel. Did they release their updates merely to console their strategic partners who have been left holding the bag? Also, Intel boldly announced that their product line will be free of meltown and spectre vulnerabilities by the end of 2018. That appears more hubris than fact.

    If Intel is not being ethical in their response, they should be punished for it. Some big Cloud Providers have already suffered performance hits from Intel fixes and that could get even worse if more are required. Damage, large or small from potential exploits, will be the litmus test. The enterprise leases and the consumer buys their computing products, so there is a lot at stake. Trust is paramount.

    BTW, Intel made 'The 2018 World’s Most Ethical Companies' chart, released by Ethisphere. To determine if a company is worth including on the list, Ethisphere calculates what is called an Ethics Quotient, which is an objective score that assesses each firm’s performance in five different categories, as it follows: ethics and compliance program (35 percent), corporate citizenship and responsibility (20 percent), culture of ethics (20 percent), governance (15 percent), and leadership, innovation and reputation (10 percent). Intel is in good company as Microsoft made the list as well.

    1. Frank Gerlach #2

      Well

      Intel already has Itanium. So they might already have a "fix" in production. Tried and tested...

      (yes, I know, HP/Multiflow did the heavy lifting and then sold/gave it to Intel for breadcrumbs)

  4. Anonymous Coward
    Anonymous Coward

    Options

    Some cloud hosts already offer "bare metal" - just like plain old dedicated servers, with the quick setup and hourly rates of virtual servers. Expensive, though.

    Atom or ARM hosting should be cheaper. However, renting N cores on a 16- to 512-core machine might not be sufficient isolation.

    Earlier-generation Atom CPUs may be immune to Spectre/Meltdown; Intel used a 486-ish architecture to reduce battery consumption. Performance is "only" about 50% lower than a comparable speculative-execution CPU. I'd bet performance is actually higher relative to hardware and electricity costs - for massively parallel workloads.

    Unfortunately the current Atoms are vulnerable. One would imagine Intel is looking to revive the old architecture if they can be reasonably certain other vulnerabilities won't be found in it. Could they make a 4-ghz 64-core Atom for the price of an i5?

  5. Tom 7 Silver badge

    Right that does it

    Anyone know how to put a TItan on a raspberrypi?

    1. Anonymous Coward
      Anonymous Coward

      Re: Right that does it

      @"Anyone know how to put a TItan on a raspberrypi?" yes you just need to reverse the polarity

  6. Michael Wojcik Silver badge

    Yes, that's what a Spectre attack is

    variants of Meltdown and Spectre exploit code that can be used to conduct side-channel timing attacks

    All variants of Spectre are side-channel attacks. That's what Spectre is: a class of side-channel attacks using speculative execution.

    And Meltdown is a subclass of Spectre.

    While this new research is a solid contribution to the field, everyone already knew that coherence protocols were a target. They're mentioned in the original papers, along with a bunch of the other well-known timing side channels.

    1. Triumphantape

      Re: Yes, that's what a Spectre attack is

      Interesting, so this has been a known vulnerability for some time. I suspect that's all anyone needs to start a class action lawsuit, and following that when the stock drops, invest in Intel for the subsequent rise in value once they address the hardware issues.

      1. Anonymous Coward
        Anonymous Coward

        Re: when the stock drops

        "when the stock drops, invest in Intel for the subsequent rise in value once they address the hardware issues."

        Intel's CEO certainly seems to have followed the first part of that process:

        "Brian Krzanich, chief executive officer of Intel, sold millions of dollars' worth of Intel stock—all he could part with under corporate bylaws—after Intel learned of Meltdown and Spectre, two related families of security flaws in Intel processors." from e.g.

        https://arstechnica.com/information-technology/2018/01/intel-ceos-sale-of-stock-just-before-security-bug-reveal-raises-questions/

        The shares were sold (and the reason for sale was speculated on) in 2017 e.g.

        https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx

        Nice work if you can get it.

      2. Claptrap314 Silver badge

        Re: Yes, that's what a Spectre attack is

        It has been a suspected vulnerability for a long time. There is a huge difference in the two. And "for a long time", I mean "nearly 20 years". And by "suspected", I mean "taught in every serious CS major".

        Now, follow me here. Suppose you are an ambitious graduate student. You know that the worlds #1 supplier of CPUs has as their flagship product a processor which has characteristics that the theory categorically states is vulnerable to this sort of attack. What do you do?

        The fact that this vulnerability was not identified (that we know of) until last year when 90% of the graduate students and professors of CS for the last twenty years had every reason to believe that it was out there and more than a little motivation to go after it should tell you something about just how hard it is to track down this class of bug without a roadmap.

        And go ahead an throw in select teams at IBM, AMD, and, yes, Intel who would be looking for these if for no other reason that to not be caught flat-footed if someone from one of the OTHER companies made an announcement. Much smaller group, but they would have much better tools at their disposal.

  7. Triumphantape

    So I can assume that anything under High Sierra is still vulnerable? How do these exploits affect Virtual Machines?

    1. amanfromMars 1 Silver badge

      Assume Nothing, BetaTest Everything

      So I can assume that anything under High Sierra is still vulnerable? How do these exploits affect Virtual Machines? ... Triumphantape

      They provide them with outstanding tools and almighty weapons, Triumpantape. Nothing more, nothing less.

  8. Frank Gerlach #2

    Fix D: EPIC / Itanium

    As far as I understand it, Itanium does not use speculative execution. Maybe the huge investment into this type of CPUs was more useful than we thought up to now ?

    Any expert opinions on this technological option ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Fix D: EPIC / Itanium

      Yep, I said that a long way up there. IA64, VLIW, do the optimisation at compile-time, not run-time. Problem solved.

      Not so fast, Mr. Bond. Getting the compiler working and producing efficient code proved hard. And you still need to drain the pipeline on occasion.

      See Multiflow for the first attempt at commercialising the arch,

  9. Anonymous Coward
    Anonymous Coward

    Re. Fix D: EPIC Fail / Itanic

    NooooooooOOOOOOO!!!!!

    On the other hand, maybe all those "useless" AMD dual core dinosaurs I have can be tested and sold, with boards at a premium as "SPECTRE/Meltdown/Multiplicity proof" with Rowhammer/ASLR proofing being designed into the BIOS/uEFI.

    Interesting aside, back in the day my ancient SN-25 had this "problem" with some games failing badly until the multicore issue was patched on *every* *single* *feckin* *game* using some clever code.

    Interestingly it turned out that the code introduced other problems like BF1942 crashing later on in the game due to a possible feedback loop causing a race condition (DDR2 rowhammer?!) which also got fixed.

  10. Anonymous Coward
    Anonymous Coward

    CPU Memory

    "Because accessing CPU memory is comparatively slow"

    What's that?

    1. Claptrap314 Silver badge

      Re: CPU Memory

      L1, L2, L3? Yep, even the L1 is slow by some important measures. That why you see things like ERATs out there. You really, really, don't want to wait on the L1 cache to serve up your page translations if you don't have to.

  11. Anonymous Coward
    WTF?

    So where do we go from here - Just wake up firstly

    I don't need a 64 bit processor,

    I remember the story that when Intel told Microsoft that it wanted to build a spiffy new non 86 processor that MS said they would not support it, Intel then crawled back into their corner. Shame Intel should have forged onward then as the competitive landscape was different.

    It is not going sideways or backward to use sixteen, sixteen bit processors - 16 x 16, and a processor master. We don't have to reinvent the cube and pretend we are aliens with another wonderful design.

    async or in sync we could then run 16, 32 or 64 bit code when needed.

    I keep thinking about the days of CD's when a retinue of manufacturers produced 8 bit DAC (Digital to Analog) converters Sony and Technics produced an S-bit 1 bit DAC that flew along more quickly processing 8 bits than the 8 bit DAC's.

    Then there was in a bench-marking program called Winbench that exampled many benchmarks, one was a 200mhz DEL Inspiron dual processor (Pentium) that screamed along at 2 bit Read & Write and Processes vastly superior to all others, but as the bench marking used larger bits 4,8.16.32......1024 & 2048 the results plummeted and approached the lowly results of the other models (including my own tiny 90mhz AMI).

    Then there's Windows as it went from 16 bit to 32 bit and had to resort to all kinds of silly tricks to provide some mitigation for slowness in handling all the extra zeros (0) and Apple had recently announced warnings about NOT being 64 bit code but old depreciated 32 bit.

    Why are we fooling ourselves, every time we invent something large the world goes small, (see wide screen monitors and TV's then we turn to watch screens on our arms), Mobile phones ran code with small processors.

    Now we find Intel has resorted to prediction (psychics) to increase the processor speed by 30%

    Well Intel, many PC manufacturers and re-sellers clock down your chips as they utilize slow memory, WTF are you trying to achieve against the tide.

    The internet is streamed in single bits, and we not going to parallel bit transmissions in like forever so,

    WAKE UP !!!

    1. Anonymous Coward
      Anonymous Coward

      Re: So where do we go from here - Just wake up firstly

      I started off replying rationally to this post then I thought - everybody knows it's nonsense but the author, and I suspect he's fact proof.

      Please, go away and read a book about computer design.

      1. Anonymous Coward
        Anonymous Coward

        Re: So where do we go from here - Just wake up firstly

        Thanks, I'll read the book of practical computer application, and the list of great tech that has been scrapped as corporations kill the quality to suck the $$$ from it.

    2. Anonymous Coward
      Anonymous Coward

      Re: So where do we go from here - Just wake up firstly

      Using large storage with small bit devices and operating systems:

      Just an addendum to say that

      In the same way as Printer and Scanner manufacturers got the jack of Microsoft bullying them into allowing the Kernel to run printer and scanner, and produced even more capable printer and scanner able to operate without PC or separate operating system, Hard Drive manufacturers could always build independent storage systems of about 64bit or so that would run large addresses for storage with large buffers and caches but receive them as they do via Sata or USB3. from operating systems of any bit size. we could just tell the drive to store the data (not how to store the data) and it would do so. We would use a simple config to divide it up.

      We are now using SSD and NAS it's not that far away.

      This would allow INTEL and AMD to create the SWIFT processor 16 x 16bit and make our devices fly.

  12. wownwow

    Not even talking about whatevePrime yet, for Intel chips other than just SEVERAL (not all) Skylake-based platforms, where is the mitigation for the Spectre Variant 2?

    180127-- Critical Windows Update (KB4078130) to DISABLE mitigation against Spectre, Variant 2.

    180207 -- Intel released production microcode updates for just SEVERAL (not all) Skylake-based platforms.

    ?????? -- Windows update for the Spectre Variant 2?

  13. secboffin

    Don't worry everyone, Artificial Intelligence will somehow solve this on it's own... Right? Right?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020