It is dangerous out there New Years Meltdown and Spectre edition

Cliff_ForsterCliff_Forster Icrontian
edited January 2018 in Hardware

The TLDR here, if you have any sensitive information with a cloud service provider, re think that. Often these things come to light after something bad has already happened. Hackers are working overtime to exploit vulnerabilities in these services because they are a data gold mine. If there is a common hardware vulnerability all services are a potential huge target. Just save your vacation pictures and legally purchased music up there. Everything else that you need a back up of, put it on an encrypted disk in a fire safe old school. Don't trust these services with sensitive personal data.

https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/

Comments

  • LincLinc Owner Detroit Icrontian

    I don't think that's the tl;dr at all.

    As I read it, both these attacks require having software running on the processor. That means public cloud service providers are impacted, but not private cloud. For instance, I have trouble imagining how someone leverages this against Google; they aren't letting random people run software on virtualized boxes that neighbor your Gmail account.

    I don't pretend I understand stuff like kernal memory leaks on a deep basis, but I do understand you first need to be running on the same kernal to exploit it.

    MiracleManSTushon
  • RyderRyder Kalamazoo, Mi Icrontian
    edited January 2018

    Deep technical explanation: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html

    I read a very nice simple explanation this morning, but I can't find it right now.

    This isn't the article I read, but seems "neutral" - https://meltdownattack.com/

  • EMTEMT Seattle, WA Icrontian
    edited January 2018

    It works like the password timing attack, where the attacker measures how long a password checker takes to reject a wrong password. If the checker is naively built to error out at the first wrong letter, the amount of time it takes unintentionally reveals which letter of the password is wrong.

    Meltdown/Spectre is also about testing a performance optimization (Did the processor cache this piece of RAM or that one?) to leak otherwise inaccessible data (kernel memory/hypervisor memory). It cleverly abuses the processor's speculative execution, getting the processor to do caching based on protected data, before the processor realizes the data shouldn't have been accessed and unwinds its internal undo stack. The "undo" doesn't undo caching because caching is just a performance optimization - oops.

    Good explanation I read (thread):

  • AlexDeGruvenAlexDeGruven Wut? Meechigan Icrontian

    I'm hearing a lot of chatter about Intel specifically, and wondering how AMD seems to be less/not vulnerable. @Thrax? I know you're not in that division, but I imagine you've got more access to details than regular scrubs.

    Also: This event has made my web browsing so much more entertaining since I have cloud to butt installed.

  • ThraxThrax 🐌 Austin, TX Icrontian
    edited January 2018

    https://www.amd.com/en/corporate/speculative-execution

    Meltdown is the nastiest of the 3, and AMD is immune ("Variant 3" in link). Everyone is susceptible to Spectre Variant 1, but OS patches can resolve with negligible impsct. We believe we are immune to Spectre Variant 2, but cannot say with absolute certainty.

    RyanMMAlexDeGruven
  • My understanding because of the memory leak and the relative simplicity of the technique to exploit Intel's predictive execution architecture you can exploit the hardware remotely. One paper says Intel cloud servers running Xen are particularly vulnerable. Services dependent on virtualization containers to share a single kernel are also highly exploitable.

    The world has changed. Security used to be like this, users always vulnerable, software sometimes vulnerable, hardware rarely vulnerable.... hardware has moved up on the list and the fix is costly. Intel will more or less have to patch to disable the speculative execution feature. While a home user might not notice anything particularly worrisome on their personal workload, when you consider the scale of enterprise, the hardware recourses required for our modern world an effective 15% performance hit according to some predictions will be felt throughout the industry. Some server centers are going to be displeased when they have to scale up sooner than expected.

    Not as interesting technically, but... Intel CEO Brian Krzanich sold as much stock as he could while remaining CEO. That's not fishy at all...

    https://arstechnica.com/information-technology/2018/01/intel-ceos-sale-of-stock-just-before-security-bug-reveal-raises-questions/

  • TushonTushon I'm scared, Coach Alexandria, VA Icrontian

    @Cliff_Forster said:
    Not as interesting technically, but... Intel CEO Brian Krzanich sold as much stock as he could while remaining CEO. That's not fishy at all...

    https://arstechnica.com/information-technology/2018/01/intel-ceos-sale-of-stock-just-before-security-bug-reveal-raises-questions/

    Normally, I'd say this might be one of those unfortunate events of timing of good diversification strategy, but the volume was >10x on this "automatic sell" than previous rounds:
    http://www.nasdaq.com/quotes/insiders/krzanich-brian-m-872413

    Ryder
  • @Tushon said:

    @Cliff_Forster said:
    Not as interesting technically, but... Intel CEO Brian Krzanich sold as much stock as he could while remaining CEO. That's not fishy at all...

    https://arstechnica.com/information-technology/2018/01/intel-ceos-sale-of-stock-just-before-security-bug-reveal-raises-questions/

    Normally, I'd say this might be one of those unfortunate events of timing of good diversification strategy, but the volume was >10x on this "automatic sell" than previous rounds:
    http://www.nasdaq.com/quotes/insiders/krzanich-brian-m-872413

    TLDR, I'd prefer to argue with Cliff, but I can't.

  • TushonTushon I'm scared, Coach Alexandria, VA Icrontian

    That's an opinion you could have.

    MiracleManSdrasnorCliff_Forster
Sign In or Register to comment.