Meltdown & Spectre

Things related to those chippy things, motherboards, graphics cards, DVD writers etc goes in here.

Moderator: Hargan

Post Reply
User avatar
Valerion
Alpha Wolf
Posts: 2750
Joined: Fri Apr 11, 2008 8:50 pm
Gender: Male
Sexual preference: Gay
Species: Werewolf
Region: Gauteng
Location: ::1
Contact:
Valerion’s avatar
Snooze

Meltdown & Spectre

#1

Post by Valerion » Thu Jan 04, 2018 11:45 am

Two of the most serious vulnerabilities ever have been identified. Meltdown is currently exploitable on all Intel x86_64 CPUs, while Spectre is theoretical and hard to do, but affects Intel, AMD and ARM chips. And perhaps some other RISC-based ones as well.

Less technical details: https://spectreattack.com/
Project Zero: https://googleprojectzero.blogspot.co.z ... -side.html
Wired: https://www.wired.com/story/critical-in ... computers/

This is a hardware issue, that can be fixed in the OS, but at a cost. Due to the nature of it there will be a performance penalty of between 5% and 30%, depending on the exact workload the CPU handles.

And I recommend updating as soon as the patches for this drops. Linux kernel devs, Microsoft and Apple are working on fixes.

User avatar
ArtyLoop
Posts: 76
Joined: Wed Dec 20, 2017 7:37 pm
Gender: Male
Sexual preference: Straight
Species: Grey Wolf
Region: Western Cape
Location: Burgundy Estate

Re: Meltdown & Spectre

#2

Post by ArtyLoop » Thu Jan 04, 2018 12:52 pm

At this stage, it is apparent this only affects the x86 architecture. The ARM architecture is too different and the instruction set is totally different, as is the whole programmer's model.
We are aware of this issue at the office, we received the advisory, and so far, it appears to be impossible to implement on the ARM platforms we have under our control.

User avatar
Valerion
Alpha Wolf
Posts: 2750
Joined: Fri Apr 11, 2008 8:50 pm
Gender: Male
Sexual preference: Gay
Species: Werewolf
Region: Gauteng
Location: ::1
Contact:
Valerion’s avatar
Snooze

Re: Meltdown & Spectre

#3

Post by Valerion » Thu Jan 04, 2018 1:09 pm

Lucky you.

ARM have published a short list of vulnerable CPUs, but it is a really short list. Not "Every 64-bit CPU from at least 2011 and possibly 1995" short, like Intel ...
https://developer.arm.com/support/security-update

I see the ARM Linux Git repo contains all the fixes now, so at least if you run Linux and the absolutely latest kernel in git you should be protected on all platforms. I am confident the Linux vendors will include these in kernel updates soon, and MS will likely drop it this Patch Tuesday. Apple will fix it when Apple releases the latest update, probably soonish.

User avatar
ArtyLoop
Posts: 76
Joined: Wed Dec 20, 2017 7:37 pm
Gender: Male
Sexual preference: Straight
Species: Grey Wolf
Region: Western Cape
Location: Burgundy Estate

Re: Meltdown & Spectre

#4

Post by ArtyLoop » Thu Jan 04, 2018 1:49 pm

Whatever we find out here I will share with you on the forum. For the moment it seems the patches are what we need to roll out on our Linux boxen, and workstations. Will advise when we start with this.

User avatar
Valerion
Alpha Wolf
Posts: 2750
Joined: Fri Apr 11, 2008 8:50 pm
Gender: Male
Sexual preference: Gay
Species: Werewolf
Region: Gauteng
Location: ::1
Contact:
Valerion’s avatar
Snooze

Re: Meltdown & Spectre

#5

Post by Valerion » Thu Jan 04, 2018 3:28 pm

Seems Windows desktop performance won't be much affected. Servers on the other paw ...


User avatar
ArtyLoop
Posts: 76
Joined: Wed Dec 20, 2017 7:37 pm
Gender: Male
Sexual preference: Straight
Species: Grey Wolf
Region: Western Cape
Location: Burgundy Estate

Re: Meltdown & Spectre

#6

Post by ArtyLoop » Thu Jan 04, 2018 3:53 pm

To be clear:
Spectre: The name for a class of vulns that exploit out-of-order execution on modern microprocessors
Meltdown: A Spectre class exploit specific to the x86 architecture

More names will probably appear as the exploits become proven for other architectures.
So to clarify, the Spectre class vulnerabilities, although mostly theoretical, affect nearly every type of processor architecture and sadly this includes ARM. As of my knowledge the only architecture that might not be affected is the humble SuperH RISC (SEGA consoles and office machines) but that's merely my opinion.
Spectre has the potential thus to even affect residential routers that run Linux, Raspberry Pi, etc, etc.. even network switches.
We will watch it for now, but as I mentioned we received the advisory and my boss and I are on this.

User avatar
Rakuen Growlithe
Fire Puppy
Posts: 5456
Joined: Tue Apr 01, 2008 2:24 pm
Gender: Male
Sexual preference: Bi
Species: Growlithe (pokemon)
Region: Other
Location: Vienna
Contact:
Rakuen’s avatar
Loading…

Re: Meltdown & Spectre

#7

Post by Rakuen Growlithe » Fri Jan 05, 2018 5:54 pm

There are even more exploits being found in 2018! The password protection for Xerox Alto disks has been completely bypassed and there are major flaws with the hash algorithm. If you're storing data on password-protected Xerox Alto disks then you need to find a more secure method of storage.
http://www.righto.com/2018/01/xerox-alt ... -disk.html

User avatar
Rakuen Growlithe
Fire Puppy
Posts: 5456
Joined: Tue Apr 01, 2008 2:24 pm
Gender: Male
Sexual preference: Bi
Species: Growlithe (pokemon)
Region: Other
Location: Vienna
Contact:
Rakuen’s avatar
Loading…

Re: Meltdown & Spectre

#8

Post by Rakuen Growlithe » Sat Jan 13, 2018 9:31 am

I feel worse and worse about getting an Intel processor when I could've got AMD...
http://m.dw.com/en/new-security-flaw-de ... a-42122823

Post Reply