Nice of Intel to shrug of the risks, watch for the stock dumping and the fake news to hit other chip manufacturers just before it all comes out as another scandal !
Intel shrugs off ‘new’ side-channel attacks on branch prediction units and SGX
Intel’s shrugged off two new allegations of design flaws that enable side-channel attacks. One of the new allegations was discussed at Black Hat Asia in Singapore last week, where University of Graz PhD Students Moritz Lipp and Michael Schwarz delivered a talk titled “When good turns to evil: using Intel SGX to stealthily …
COMMENTS
-
Wednesday 28th March 2018 22:43 GMT Jaap Aap
"SGX has long been known to have certain sensitivities."
Ok, but if your application doesn't run in one of those 'enclaves', is that as secure as a totally-broken-sgx? I'm curious, not complaining intel has a point or whatever.
They could sell this stuff as turbo boost 4.0. Do you want your processor secure or fast?
-
Thursday 29th March 2018 01:29 GMT Anonymous Coward
Intel has serious product issues
It's too soon to know the real ramifications of this latest Intel CPU defect disclosure. Intel has it's hands full with trying to mitigate the already disclosed design defects in their entire CPU production for the past several decades. The AMD alleged defect ruse that a few entities concocted to manipulate stock prices may have originated from a very well known source not from CTS Labs who blasted the media with some fake news.
-
Thursday 29th March 2018 03:31 GMT bombastic bob
Re: Intel has serious product issues
with a bit of sympathy for engineers at Intel, I think much of this may have just "not been thought of".
Now that the genie is out of the bottle, they should just confess it and fix it.
As for branch prediction stuff, how come THAT isn't saved/restored with task state or thread state switching? OK performance hit, but still... not THAT bad compared to the security, and maybe a "fast bit" to turn it on/off in the OS?
-
Thursday 29th March 2018 10:12 GMT Jon 37
Re: Intel has serious product issues
> Now that the genie is out of the bottle, they should just confess it and fix it.
That way they lose the class action, are ordered to pay punitive damages, some lawyer spins this as gross negligence, and they go bankrupt. That would not be a smart move.
-
-
Thursday 29th March 2018 05:54 GMT amanfromMars 1
When there's a chance, fully expect the absolute certainty
chances of future exploits only increase – as does the chance the next big disclosure will come from a bad actor uninterested in either an academic announcement or the kind of controlled release used for Meltdown and Spectre.
Howdy Simon S,
Moving the Great IntelAIgent Game further on and ratcheting IT up into Enchanted XSSXXXX Levels of Stellar Work, Universal REST and COSMIC Play, has one dismissing bad actors and realising Rad and/or Mad and/or Infinitely SMARTR Programmers are the RAW Source and AIDrivers of Future Novel 0Day Eventing ........ for Vital Rare Earth Commodity Traders to Price to Markets for a Return on Initial Incurred Preferred Provisional and Deferred Investment Costs Donated by Capital Venturers and Enterprise Angels/Super State and Non Super State Leading Actors. It is surely the Capitalist Way .... to have a Price for Everything and Care not a Jot for the Worth of Anything
Get a Gaggle of those Rad and/or Mad and/or Infinitely SMARTR Programmers just doing their Sublime InterNetworking Thing as if Together and Unified in a Singular Direction, and Heaven Knows what they would Conspire to Transpire. You might be thinking something really bad for some folk, whilst others may be imagining something more fantastically good. When it is most probably both, will everything be natural and alien too.
-
Thursday 29th March 2018 08:28 GMT naive
Can it not be mitigated by OS design ?
Not being an expert in CPU and OS design, it seems as if these recent CPU issues originate from the fact that system resources are shared between the kernel, running under high privileged Supervisor mode, and user land processes.
The latter can exploit this for dumpster diving, using these tricks to gain access to memory areas containing sensitive information.
If the kernel would allocate the cores it needs for exclusive use by itself, so never any user land process can access a core or memory page reserved for the kernel, would that not mitigate a large part of these branch prediction issues ?. Later on, Intel could even support this by modifying the MMU, so it supports this feature, so non-kernel processes can never access these pages.
The price for this would be a slightly more overhead, and less efficiency with resource sharing.
-
Thursday 29th March 2018 10:38 GMT Anonymous Coward
Since a large propertion of bitcoin transactions..
.... are simply money laundering and a large part of the rest are for buying illegal goods off the dark web and tax avoidance purposes, I'm having a hard time mustering any sympathy if one bunch of criminals rips off another using this method.
This is what you get when naive idealists like Satoshi try to break "the system", not really understanding why the system got to where it is over the centuries. Whenever there's a revolution, the only people who win are the revolutionaries and criminals. Normal people carry on getting screwed over as before.
-
Thursday 29th March 2018 13:24 GMT amanfromMars 1
Right Teutonic, a Platonic AI, with a Wonderfully Pragmatic Boot and SP00Key Cyber Install
naive idealists like Satoshi try to break "the system" ... bolger
Naive idealists like Satoshi are not trying to break "the system". They Simply Facilitate Easy SWIFT Replacement of Systems Operations.
That is without doubt, methinks, Revolutionary .... with a Quantum Communications Leap which is not Evolutionary.
Would that be Almighty Help arriving with Alien ExtraTerrestrial ACTivIT BroadBandCasting
Absolutely Fabulous AIDevelopments
Here is some news of some of them at Play here .... http://www.wsglobe.com/bitcoin/dragonsden/
The news there prompted this reply for further onwards processing.......
Good question, replied one of Bitcoin Trader's founders. Simply put, we are just programmers and we only have close to £40,000 between us both so far from the system. If we manage to get funding from the Dragons, we can invest a larger sum of money and gain returns faster.
And so Prove the HyperRadioProACTive IT Modi Operandi et Vivendi Practically Almighty, Bitcoin Trader's founder?
I Second That .... therefore We Is. That's COSMIC Command in Control of Commandeering Controlling Commands .... Following, Trialing and Training with Assets in More Heavenly Orders ....... with an Immaculate Energy beyond Any Redemption. An Overwhelmingly Powerful Sterling Stirling Engine for Type Superb Virtual Machinery.
And with User Guides and Workshop Manuals Supplied from Spaces like Here, although Everyones Spaces are Virtually Realised and so can be Markedly Different and even Indifferent to Matters of Conspiring Orders, where some may be fatally tempted to career towards Caches of CHAOS [Clouds Hosting Advanced Operating Systems] for Top Secrets they are not Readied for. Some Secrets are Real Deadly.
-
Friday 30th March 2018 15:52 GMT Michael Wojcik
Neither specific to Intel, nor "flaws"
with a little lateral thinking, Intel’s products can be challenged in many ways
As can all superscalar processors. All of them. While details like SGX are Intel-specific, Spectre-class side channel attacks will apply to any machine that 1) runs a mix of code from different trust domains and 2) does not blind every single operation.
And, once again, these are not "design flaws". They are deliberate design decisions, trade-offs made to select performance over security. They''re what the market demanded. Had Intel prioritized security over performance, they'd have been out of business decades ago. Hell, they couldn't even sell the 432, at the same time that IBM was successfully selling a capability-based architecture in the System/38.1
Now suddenly the market is full of remorse, having discovered that systems and exploits have advanced to the point where side-channel attacks are practical against their beloved fast general-purpose systems running a toxic mix of sensitive and untrustworthy code. Well, them's the breaks, kids. Blaming Intel for delivering what people would buy is unfair.
Now, blaming Intel for Meltdown is another story (though again they aren't the only offenders). Letting spec-ex cross security boundaries was a dangerous shortcut, and the engineers should have recognized that and pushed back even though it would have throttled performance a bit. And we can criticize Intel's initial handling of the Meltdown/Spectre disclosures. But having Spectre-class vulnerabilities is something we - people who buy computers - brought on ourselves.
(Cue another set of downvotes from the readers who want an easy scapegoat.)
1And only a couple of years after the 432 was discontinued, IBM replaced the S/38 with the AS/400, which while not a true capability architecture had similar hardware-protected addressing. The '400 was, and continues to be, a cash cow, showing that there's a market for capability and protected-addressing systems.