Spectre and Meltdown. Accidental backdoor reveal?

a reply to: roadgravel
this, i was going to mention the IME but it goes over my head. I wonder if this flaw was the previous back door built into the product but has been superseded by an improved back door so that is why it is being revealed now.

The architecture of non-paged pool comes from NT, and NT came from VAX VMS (in context of data structures). VMS never leaked on a VAX, but not so for Alpha and then NT on Intel.... The dubious bug was born in this era.

In short,

originally posted by: TheAiIsLying
a reply to: JanAmosComenius

I agree with you on that one. It's not even really laziness on the part of developers but the demand from consumers that cpu's will always be backward compatible. How many years did the BIOS show that there was 640k of memory available?

Good point there, but wouldn't put the following past them:
Backdoor compatible. Probably an inside deal yet to be revealed.

Thoughts?

It's hard to imagine otherwise, isn't it? And also hard to imagine there aren't a whole host of intentional flaws built in all over our hardware and software -- some courtesy of governments, others courtesy of corporations, and still more courtesy of sly engineers who love to obfuscate their code or implement their own esoteric knowledge of vulnerabilities with a mind to profiting in the future.

Knowledge -- including knowledge of hardware and software vulnerabilities -- is power. So why create power by creating flaws in in technology?

a reply to: Namdru

Makes you want to be a borg eh?

Is it possible that the guys that accidently unearthed these bugs stumbled upon a backdoor that the alphabet agencies demanded that chip makers put in?

Eh, too much misinfo in this thread so i'll put on my serious hat on.

The bug is serious. One variation is almost exclusive to Intel and ARM (its prediction get exploited) but doesnt effect AMD while another hits all three. Meltdown and Spectre are there names.

No, its not intentionally inserted by CIA or whoever, its an exploit considering it hits different os in combo with hardware and it was googles research team that ran across it.

Microsoft, Linux, Apple all have patches ready to roll out, Win10, Linux flavors, and Apple folks will be patched yesterday and those that dont have it yet will get patched now. The info bargo was lifted, the heavy hitters knew about it for at least 6 months, they had time for the big reveal.

the bugs take advantage of modern cpu design, branch prediction, which is when the cpu fetches the next predixtable set of instructions to speed up processing. Old cpus dont have that, there are a lot of neat tricks used to speed up processors and with these new tricks comes new opportunities for attack, these folks uncovered a new attack vector and now its in the wild, its really going to get crazy.

Now for the performance. Windows slides by with a minimal hit, gamers and pros are good on that platdform. Linux gets hit hard, anywhere from 25-30% percent depending on the work. Apple, dunno yet.

Typos aside, i hope that helps, i try my best not to get to serious on ATS nowadays.

There is no patch/fix for Spectre just Meltdown

Not too technical but spot on description of meltdown/specter flaws + actual action taken and planned by chip and OS developers could be found on arstechnica.com .

While I can imagine meltdown flaw to be intentionally "omitted" as precursor for alphabet exploit, specter category of flaws are really not intentional. It is simply bad design.

There are people out there who can reverse engineer these patches by decompiling them. I'd suggest waiting until they have some time to do that. Watch for suspicious deaths.

What would clue me in is if these were force-pushed on us, such that you can't not install them. If it's voluntary then it's less likely that they are backdoors, IMO.

Good post, OP.

Lessons to be learned: Don't type anything on any machine your are logged into or that can be somehow traced back to you as the source that you wouldn't want the NSA or your momma to see. That includes machine that are not online but at some point connect to the outside world via bluetooth, proximity sensor devices, Wifi, LAN, everything.

originally posted by: tkwasny
Lessons to be learned: Don't type anything on any machine your are logged into or that can be somehow traced back to you as the source that you wouldn't want the NSA or your momma to see. That includes machine that are not online but at some point connect to the outside world via bluetooth, proximity sensor devices, Wifi, LAN, everything.

There is a very, very good reason why if you are going to enter a SCIF you cannot be in possession of anything. Every intel agency from every major country knows what's what including it's me that typed this just now.

Dang , who would have thunk ? Folks on ATS committing the same flaw as the processors
speculating from side channels
1) All can be patched OS level , Linux is well on the way . MS to follow ( I have read as soon as Monday , January 8th as a start)
2) AMD does not use full speculative side channels as Intel does.It is a slightly different type. Neither does ARM (not sure of the extent, though)
3) Early reports state there may be a 17-18% drop in performance with some applications , not all. And , again , that is speculative. AMD may not be affected by the performance hits .
4) GPUs as AMD and Nvidia are researching the vulnerabilities , yet stating that GPUs may not be affected.

A lot of information can be obtained by a search for CVE-2017-5753, CVE-2017-5715, CVE-2017-5754

a reply to: cenpuppie

Nice synopsys.
I think that the exploit is exposed by leaking NPP (Priv local Kernel data) caused by CPU instructions you referenced.
Do not know exactly, but that would make that priv data open to any process, wherever it it gets located. If it leaked over the CPU instruction cache... there would certainly be a bugcheck or perhaps even a machinecheck, but that does not appear to happen.

Additionally, it would most likely have to wind up in User address space, but not sure of that either.

What's the difference?


What's known:

These are local attacks: Both Meltdown and Spectre are local attacks that require executing malicious code on a target machine. This means that these attacks are not (directly) drive-by style remote code execution attacks – think Nimda or Code Red – and that systems cannot be attacked merely by being connected to a network.

Conceptually, these are closer to privilege escalation attacks, a class of attacks that help you get deeper into a system you already have access to. With that said however, researchers have shown that they can perform Spectre-based attacks using JavaScript, so it is possible for a web browser to pull a malicious JavaScript file and then attack itself in that fashion.

These are read-only (information disclosure) attacks: Along with not directly being remotely exploitable, even if Meltdown and Spectre attacks are executed on a local system, the nature of the exploit is that these are read-only attacks. That is, they can only read information from a system. They cannot directly force code execution in the OS kernel, in other virtual machines, or other programs.

These sort of information disclosure attacks can still be devastating depending on what information is leaked – and there is always the risk of using that information to then chain it into a code execution attack – which is why they’re still concerning. But the real risk is in hostile parties using these attacks to steal information, not to control a system.

Source

originally posted by: Maverick7
There are people out there who can reverse engineer these patches by decompiling them. I'd suggest waiting until they have some time to do that. Watch for suspicious deaths.

What would clue me in is if these were force-pushed on us, such that you can't not install them. If it's voluntary then it's less likely that they are backdoors, IMO.

Good post, OP.

Linux is open source ... everything is documented and accessible in respective (Linux, Android, ... ) kernel trees. Or are you talking about Windows patches?

Meltdown and Spectre: Intel’s Seismic IT Disaster and A Look at Some Implication for Banks

~snip

The press has greatly under-reported the two security holes, called Meltdown and Spectre, that can without exaggeration be characterized as affecting just about every computing device in use today (with very rare exceptions, like the Apple Watch). And because the media has so badly dropped the ball, your humble blogger will start with a high-level introductory piece, in the hopes that the IT and security experts in our readership will chime in, ideally in comments, with more information and ideas. Lambert has more posts planned, and they will be more technical in nature.

One of the most obvious points, that cannot be made often enough, is that these security holes exist at the most foundational hardware level, the processors. Initial reports were that they could be fixed only via Very Extreme Measures, like getting hardware without the dodgy Intel chips. That was quickly scaled back to “oh, patches are being launched.”

The wee problem is that with a flaw this fundamental and widespread, these patches aren’t just any patches. Given the severity of the flaws (and Spectre is more recalcitrant than Meltdown), the industry’s incentives are to say whatever it can throw at the problem is adequate whether they really address the problems or not. These fixes are also said to slow down performance by 5% to 30% per process

.......

One of the few upsides is that the increased processing time cost is a mini-transaction tax on high-frequency trading, which as we have discussed, is an entirely parasitic activity that should have been regulated or taxed out of existence long ago (among other things, it creates the worst possible market structure and drains market liquidity when it is most needed).

www.nakedcapitalism.com...

__________________________________________________________

This isn't as benign as the press wants you to believe.

originally posted by: bigfatfurrytexan
a reply to: KARARYU

30% loss in processing...when i read that my first 2 thoughts:

- thats gonna piss off gamers and people rendering 3d, maybe making their cpu obsolete for the technology being used

- sounds like someone is crowdsourcing processing power for some agregate tasks like a neural net

Sounds like the same sort of crap Apple has just admitted to.

Think about it, if the older gen stuff seems terribly slow to the shiny new models, people who can afford to will probably upgrade to the newer tech...saving battery life my arse!

a reply to: KARARYU

Interestingly, Intel really seems to be struggling with the shrink to 10nm. The release of Coffee Lake really shows a strange situation.

We have plenty of people out there with years old hardware that see little reason to upgrade, coupled with competitors like AMD actually gaining relevance again.

I wouldn't be surprised if they were trying to make lemonade out of the lemons that have been sitting on the shelf for.. a while.

If they don't think they can pull off the die shrink in a meaningful time frame, or that the performance will be not too impressive (rumors suggest..), they could really use a selling point to get folks to move off of dated (but still respectable) hardware. Things like SGX, USB 3.1, and NVMe can only sell so many units.

originally posted by: bigfatfurrytexan
a reply to: KARARYU

30% loss in processing...when i read that my first 2 thoughts:

- thats gonna piss off gamers and people rendering 3d, maybe making their cpu obsolete for the technology being used

Man don't say that, that's really depressing

Won't THE PATCHES THEMSELVES be SLAVEWARES in disguise that can thrive on the processing power of billions of machines simultaneously, once installed, aiming at, for instance, mining cryptocurrency or, compromising our already almost none online privacy?

Doubt it, since 99.5% of people don't have any idea about the types of patches they are installing. You wouldn't need to make a big production out of it - just produce an "important" patch. Also doubt it since they are talking about replacing actual CPUs. Maybe the new CPUs have some built into them.. : p