Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits When details of the Meltdown and Spectre CPU security vulnerabilities emerged last month, the researchers involved hinted that further exploits may be developed beyond the early proof-of-concept examples. It didn't take long. In a research paper – "MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting …
The vast majority of coders struggle to get application software working in multiple threads at all, the rest of us make do with abandoning any sort of codepath or timing predictability, and yet these clowns manage to make it so predictable they can use if for a timing attack? Enough. I cannot take any more clever. I have reached my peak, I am tapped out. No more I say.
Just goes to show what a focused, smart mind can accomplish when tasked with a singular goal.
But honestly, I can't help but feel a bit sad that the same effort wouldn't be better expended on something of more value to society. And to be clear, I am NOT knocking the researchers. I just lament at the number of hours and brain cells that are going to be spent for YEARS on these two issues, with the result being little more than what we already thought we had.
And so it begins .... the next 'Cat & Mouse' Game !!!
Intel et al, will eventually develop new CPU Designs that are supposed to eliminate these sorts of 'Side Channel' problems.
Our 'usual suspects' will once again prove that anything that is built can be 'mis-used' in 'interesting' ways and 'new' vulnerabilities will be found !!!
Meanwhile, what do all the millions of people do with the 'old' CPU's that are flawed and from the look of it will remain flawed.
I cannot afford to replace all the PC's / Laptops / Tablets /Phones etc and at the moment even if I could what do I replace them with ???!!!
Software based fixes can be undone, I would not be surprised if someone is trying to engineer 'fixes' to the fixes that have been released !!! [Other than Intel :) :) ]
(Worth the effort as there are so many machines out there to 'run amok' on !!! )
(I know that the fixes are microcode updates BUT have often wondered why someone has not written code that performs microcode changes from Windows itself. It is the ultimate 'Hack' and if done it would be invisible to most users.)
Careful saying it cannot be done :) :)
There are lots of 'Tools' (for want of another name) available that seem to perform things that were once called 'impossible from Windows' !!!
i.e. tools that can change the BIOS from Windows as an example.
Even if it requires a complete re-boot, windows crashes/reboots so often or Win10 requests reboots for updates, so such changes would be performed then.
"...Our 'usual suspects' will once again prove that anything that is built can be 'mis-used' in 'interesting' ways and 'new' vulnerabilities will be found !!!.."
As E.E. 'Doc' Smith put it in the Lensmen books:
"Anything that science can devise, science can analyse and synthesise"
@AC and "But honestly, I can't help but feel a bit sad that the same effort wouldn't be better expended on something of more value to society"
There can be no greater benefit to society than banishing ignorance.
Poopooing their accomplishments in revealing the truth is the same as standing in the corner with your fingers in your ears squealing "I am not listening" over and again like a child unwilling to face reality.
The researchers might have brought you knowledge you didnt want but then again they didn't make the problem they just told you that it existed.
You mean that investigating what is dangerous to society itself is not valuable? If went unnoticed, such issues could one day trigger very big damages - computers are no longer big machines running in isolated complexes, or funny things nerds play with in their bedrooms.
Almost anything important is today run by using computers - and it will just increase. Ensuring computers and their software are safe enough is not different from ensuring cars, planes, appliances, houses, drugs, food, etc are safe.
The syndrome here is very similar to that with GM food (and other substances).
Some of the engineers object that the full consequences are unknowable, and the badness of those consequences seems to have no limit.
The bosses reply that they have to think about next quarter's profits and stock price, so do it anyway or be fired.
In the conflict between a potential serious risk to the whole human race and someone's personal wealth in the short term, always back the latter.
Hmm except with GM foods when people object on the basis that transgenes might act like viruses then they have left contact with verifiable reality. I saw and still see an awful lot of stuff along those lines.
I have made in my time a small mountain of transgenic mice and the world has failed to deform in grey goo and the transgenes didn't jump across the mouse room to other mice and wild type littermates were even entirely possible and if you put transgenic containing embryos into a wild type recipient mother mouse she does not become transgenic. It is easy to tell.
The level of knowledge and understanding of transgenesis and molecular genetics is inversely proportional to the lurid and virulent objections to them.
Observing the GM debates made me fear for the future of humanity.
That is not to absolve Monsanto from blame. The first GM products were designed to sell more weedkiller, hardly the best advert for the technology. This queered the pitch for transgenics from then on. Future generations will look back and wonder at the luddite stupidity.
The US has been eating GM food for several decades now and the bodies continue to abjectly fail to pile up and the goo is neither present nor grey. Ebola comes out of the forests with bushmeat and is entirely natural, the vaccine against it may well have relied on recombinant and transgenic techniques.
Any ideas of natural = Good and technological = Bad are easily knocked down with such examples.
BTW lateral gene transfer which is what we call it when Nature swaps genes around without so much as a by-your-leave is so common you can literally fall over it. I did in the lab one day, I found a gene from chickens which was only otherwise present in humans and malaria mosquitoes. Not mice, not chimps, not fruit flies, not quail.
The poster child for it though are sea squirts, the tunicates. Their leathery tunic which they wrap themselves in is made of cellulose, plant fibre. A chordate animal is making cellulose. Genome sequencing revealed they pinched the entire multi gene cellulose synthesis pathway from a seaweed. They are genetically modified in spades and have been infesting the seas without control for millions of years without Nature falling into grey goo.
Calm down.
@Muscleguy and GM is totally a good thing
Genentic modification of other organism for the benefit of mankind is not in itself a bad thing however being allowed to patent the modification and just dropping the "designs" into everyone's environment pretending things are under control when the complexity inherant make any safety assessment impossible are.
Like the Scientist who made a press statement that british beef was "safe" (without qualification), scientists are not free from corruption and everyone knows that corporate bodies will do anything for even a tiny increase in profits.
Add the two and you get a series of GM nightmares that the corporates and their paid supporters are trying to pretend could never happen, they do not know or care they just want the money and to hell with the rest of the world.
Also given that gene mutatation is how we get difference and is random then how can anyone know if any sequence has not occured randomly before so how can they to ascribe novelty.
"The US has been eating GM food for several decades now and the bodies continue to abjectly fail to pile up and the goo is neither present nor grey" The US is also not known for being the most healthy country with the most nutritious food and so your evidence that GM is "Safe" is unconvincing especially after such a short period and against the media and legal bias bought by the GM companies.
GM is potentially too dangerous to be allowed to be in the hands of bodies who put profit above all else until we have the proven science to predict and avoid in advance the possible disasters this tech allows
@Muscleguy and GM is totally a good thing
Genentic modification of other organism for the benefit of mankind is not in itself a bad thing however being allowed to patent the modification and being allowed to drop the "designs" into everyone's environment alonog with saying there are no problems when the complexity inherant make any safety assessment impossible.
Like the Scientist who made a press statement that british beef was "safe" (without qualification), scientists are not free from corruption and everyone knows that corporate bodies will do anything for even a time increase in profits.
Add the two and you get a series of GM nightmares that the corporates are trying to pretend could never happen, they do not know or care they just want the money and to hell with the rest of the world.
Also given that gene mutatation is how we get difference then how can anyone know if an sequence has not occured randomly before and hence impossible to ascribe novelty.
"The US has been eating GM food for several decades now and the bodies continue to abjectly fail to pile up and the goo is neither present nor grey" The US is also not known for being the most healthy country with the most nutritious food and so your evidence that GM is "Safe" is unconvincing especially after such a short period and against the media and legal bias bought by the GM companies.
GM is potentially too dangerous to be allowed to be in the hands of bodies who put profit above all else until we have the proven science to predict and avoid in advance the possible disasters this tech allows.
If you were a real scientist then you would know that absolutely nothing is safe without qualification so I am presuming that you are just messing with things you do not understand and telling people that since you havent wiped out millions yet that there are no problems.
"The US has been eating GM food for several decades now and the bodies continue to abjectly fail to pile up"
It's not as if the US cancer incidence rates suddenly shot up since the early 1990's and coinciding with this nasty Corporatist greed-shit being introduced into the human food supply chain is it?
In other words, not all science is progressive, you should try being a bit more objective.
Here's some GMO food for thought for you - if the eastern religions are right, you might come back as GMO lab mouse :-)
A Biologist writes: this is the Red Queen scenario. If you recall the Red Queen has to run fast just to stay still. This name has been given to the hypothesis explaining why sexual reproduction is so very widespread even if some species (rotifers, daphnia, aphids) get by apparently fine without it.
Living animals have to fend off so many parasites from the retroviruses which are just slightly encapsulated RNA strings up to multicellular parasites and sexual gene shuffling allows at least some offspring to simply survive in the face of the onslaught.
There are so many bad actors out there in the computer ecology from script kiddies to state actors that an immune system is needed. These researchers and those who search in pursuit of bounties are sadly necessary.
It's a different problem. Timing attacks work by analysing the time an operation takes depending on the input. Since most people have either an x86 or ARM CPU, a lot of information on expected time is already available, you just have to collect information from sample inputs to find an input that takes a different amount of time. So while developers have to write code that works correctly as often as possible, an attacker only needs to get it right once and will have a lot of opportunities.
Except that "out of order" cpus do not inherently have a predictable instruction execution time, even in a single thread environment, and Intel's threads are "virtual" ie not dedicated - which is where these bugs originate - which means if the CPU is hard at work on multiple threads, unless you have control over what all of them are doing, timings are being actively randomised,<p>
I am not saying "don't panic" I am saying "you only need to panic a small amount, and quite slowly" - there is time for a cup of tea first.<p>
OTOH, since Intel did this deliberately, you might want to go to another supplier next time.
Maybe not to ordinary users. Isolating the source of many bugs requires cycle-accurate simulations. Lots of fun has been had convincing successive design teams of this fact.
Moreover, there are instruction sequences that will put the entire microprocessor and caches into known states. (Up to cycle-accurate predictions.) It's not trivial to develop such a sequence, but I have done this. Again, it's a lot easier to do this if you have the cycle-accurate sim to verify your work, but in the case that I'm talking about, it would be over a year before the sim was finally made cycle accurate.
Vulnerability & bug hunting at the processor level is just flat different than other types of programming. A non-trivial number of programmers fail to grasp this, and end up going elsewhere. Don't assume that what you have been told, or what you have learned, applies directly here.
"Except that "out of order" cpus do not inherently have a predictable instruction execution time, even in a single thread environment, and Intel's threads are "virtual" ie not dedicated - which is where these bugs originate - which means if the CPU is hard at work on multiple threads, unless you have control over what all of them are doing, timings are being actively randomised,<p>"
Wow. Hard to keep up with what all is wrong here. Microprocessors are not magic. If you get them into a known state, and feed them a given set of inputs at given points in time, they will give you the same results. Every time.
I did microprocessor validation for a decade just as OOE became a thing at AMD & IBM. We had cycle-accurate simulations of all of these processors (eventually). This includes, for instance, the STI Cell microprocessor which had two clock domains (one for the ppc core and one for the spus).
Yes, if threads are sharing execution units, you have to know what is being executed on both threads to predict timing. But again, from a given initial state and a fixed set of inputs, the final state is deterministic.
"Microprocessors are not magic. If you get them into a known state, and feed them a given set of inputs at given points in time, they will give you the same results. Every time."
?
Microprocessor systems are not always perfectly designed or implemented, and even if they were, they may not be 100% predictable especially once you move outside the core itself and into chip level and system level components and behaviours, e.g. caches, DMA capability, etc.
E.g. where do things like soft errors in caches fit into the picture of perfectly predictable timing? They don't, not for people (such as safety criticial systems people), who take their behavioural and timing analysis seriously. Obviously that makes life inconvenient for Der Manglement in these cases 'cos it means that they're not able to justify using widely used chips and technologies which rely on cache, OOE, etc. Not without having to handwave quite a lot anyway..
A soft error on something that was in cache (resulting in a forced cache miss) is routine expected behaviour, it's inevitable that they will happen, they just can't be predicted in terms of when they will happen. When it does happen, the visible timing of the system may be different than it would without the soft error. That timing difference may then propogate in an unmodellable way, rendering any system-level timing predictions largely irrelevant.
A bit like the butterfly/chaos effect, except not as pretty.
DMA transactions may have similar effects on timing predictability.
Here's one prepared earlier for the FAA, from their "Handbook for the Selection and Evaluation of Microprocessors for Airborne Systems " at
https://www.faa.gov/aircraft/air_cert/design_approvals/air_software/media/AR_11_2.pdf
"Nondeterminism arises because the availability of a shared resource becomes largely dependent on the run-time behavior of other processes sharing the same resource. In many cases, the run-time behavior of programs is data-dependent and cannot be predicted offline."
[snip]
"Out-of-order instruction execution or dynamic scheduling of instructions may cause timing anomalies. For instance, when there is a cache hit, an instruction takes longer to execute than when there is a cache miss, contrary to popular knowledge that cache hits take less time. For example, in a processor that employs out-of-order execution, a cache miss will allow subsequent instructions to begin execution. This out-of-order behavior may lead to a reduced execution time for a set of instructions. This makes the worst case execution time of tasks hard to predict."
Mostly this doesn't matter. Sometimes it does. Handwaving doesn't make it go away, proper design and analysis might make it less dangerous.
Don't feel so bad. Work at that level is quite different, and we use a trick--we generally write in assembly language and have access to cycle-accurate simulations. Very, VERY different from writing concurrency code in something higher level where you don't have simulators and no idea at all about what code is actually executing. We also get to experiment--a lot--to see what happens.
Intel by far is the only mainstream CPU to suffer the most serious CPU security command violations. Intel has tried to mislead consumers, enterprise and the Feds about their defective CPUs while the WinTel Cabal attempts to mitigate some of the security holes, by punishing all who use Windoze OSs. Microsucks should be prosecuted for their defective code on all levels including the crap code from Intel to deal with the defective CPUs. Allowing these criminals to just keep spewing defective goods on mankind is incomprehensible.
Intel are the most vulnerable and this "not just Intel" as an attempt to spread the blame doesn't convince anyone with a clue.
Whilst AMD and ARM may have individual products that have some issue with meltdown and spectre, pretty much everything x86 from intel has been dodgy for years.
I personally would guess that the other guys saw how intel were able to sell dodgy crap and thought "it sells so lets make our own version" but never forget intel did it first and IMHO intentionally to gain an edge on their competitors.
never forget intel did it first and IMHO intentionally to gain an edge on their competitors.
You don't remember 1996, do you?
Of course they fucking did! Everything was about going faster. We'd finally hit the Holy Grail of one instruction per cycle, and people still wanted more speed. So let's try sneaking in extra instructions onto idle silicon. It's genius! And if AMD had thought of it first, or ARM, Motorola, MIPS, Zilog or any of the others had thought of it, they'd have tried to do it first too. That's business - getting an edge on your competitors. And for what it's worth, out-of-order execution is an astonishingly clever way to do that.
In 1996 you could log into most FTP servers as "anonymous", and it didn't even check if the password you gave was an email address. In 1996 almost all comms across the internet was unencrypted. In 1996 every internet-connected device had a public IP address. In 1996 you could bounce whatever emails you wanted off whatever SMTP server you wanted. In 1996 the Internet was like the Garden of Eden it was so innocent. Nobody thought like this. Then it got filled with dick-pill adverts and went to crap.
Everybody trusted everybody else in computing (as a rule). It was like Shetland 30 years ago - everyone left their doors unlocked and their keys in their car. If somebody took it, they'd bring it back with a good reason why. Of course Intel made it faster, and of course they didn't think about a bafflingly complicated way to sneak a peek at unauthorised memory. We were using Windows 3.11 and Windows 95 in companies! Security? That just wasn't thought of back then...
https://en.wikipedia.org/wiki/Advanced_RISC_Computing
Pretty sure that quite a few of those products were before 1996, and quite a few did more than one instruction per cycle. Some of them even ran Windows NT, while it was permitted.
Intel's answer to RISC was going to be IA64, because a 64bit x86 couldn't be done.
Well, it looks quite likely that AMD64 will be around rather longer than IA64.
And, IIRC, IA64 was(is) a sort of VLIW arch.
VLIW pushes all the optimisations that have caused these issues out of the hardware and into the compiler,
Which is part of what did for IA64 - that problem turned out to be harder than anticipated. Shame, because if it had succeeded, we wouldn't be here.
And, as someone else said, Inmos and the transputer got it right (via a different route) too. I remember guys at Intel at the time of the 386 launch being very worried about it. But marketing beat technical excellence in the end, as per.
We're all doing the hate on Intel because their devices are the ones vulnerable to Meltdown particularly. AMD devices suffer from spectre only. Effectively Intel cheated on the benchmarks by skipping some of the security
https://www.amd.com/en/corporate/speculative-execution
So basically AMD is saying 'near zero' chance.
It's still not proved on their CPUs, so atm it looks like 'the industry' is trying to make it look like Intel is not alone on this one. Let's face it. The real problem here is Meltdown and that is Intel only, a major security flaw by design. They choose to fuck security for perfomance.
The spectre thread was linked with the meltdown just to muddy the waters, that is.
"The spectre thread was linked with the meltdown just to muddy the waters, that is."
Like cyclamates and saccharine (in the USA anyway)... as in, how the sugar lobby made quality artificial sweeteners illegal, and only "let" us have the mediocre ones. [more on cyclamates wikipedia page]
basically, use bad press, "you too", and FUD to keep your competitor from being able to leverage the situation.
Yes, I don't know why Torvalds and Tanenbaum didn't use Amiga, Motorola or PowerPC to develop Linux and Minix... probably they too are part of the great WinTel conspiration - while of course was IBM to select Intel for its PC, and once there were millions around who would have forced users towards a different incompatible one??
Without billions of WinTel machines ready to run a different OS, there would have been no Linux as well. Who would have tried and worked on it if it could run only on little used CPUs?
That of course doesn't excuse Intel for its big blunders - being the main computing platform also means you have big responsibilities for security.
"by punishing all who use Windoze OSs"
nice paranoia-rant. and the punishment for 'Windoze' OSs is more self-inflicted these days.
I think it's simpler: Intel engineers didn't consider the possibility of side-channel attacks in their design. Oops.
"...panic: don't. No exploit code has been released."
3...
2...
1...
Ding!
Okay, now you can panic.
The axis of time is your friend. But it's not that much of a friend.
Panic-results integrate over time. So panic early, and panic often. A proactive approach to panic can avoid the dreaded Panic Clipping™.
Oh don't worry, some of us have been "deeply concerned" (actually, quivering wrecks but masking it well, chin up) for quite some time now.
This whole thing is going to pan out to be far worse than Y2K, for there will be real and far reaching consequences.
And some of us couldn't give a shit.
Perhaps not, but fixing all this will cost a lot of money, and that's passed on to the customer in one form or other.
One way or other, you will be helping pay for that, even if you don't use, own or care about computers.
Then again, if your bank goes down the shitter because someone has launched a really juicy attack based on these quite significant hardware flaws, I suspect you will start giving a shit then. At the very least making alternative banking arrangements will give you a belly ache of a day.
Perhaps not, but fixing all this will cost a lot of money, and that's passed on to the customer in one form or other. .... Anonymous Coward
And exploiting it, the systemic processor vulnerabilities and finger in the dyke fixes, will generate even more money and beautifully frantic energy .... and shift the balance of effective global power to, well, ...Autonomous Heroes rather than Anonymous Cowards, Anonymous Coward.
And such be only the Start of SCADA Systems' Worst Nightmare ..... a Runaway China Syndrome Meltdown with Processes Fed Super Enriched Fuel/Novel Intellectual Property beyond the Command and Control of Existing Levers of Distribution.
And don't believe a word of Don't panic, "No exploit code has been released." for you now know it is released and running wild and rampant and rogue renegade too. But you might like to realise that is not necessarily bad whenever exploits are intelligently designed to permit better actions in deeper processes with both secure and secretive programs.
For some, who may be more than just a Chosen Few, is that AIMajic to Exploit.
Then again, if your bank goes down the shitter because someone has launched a really juicy attack based on these quite significant hardware flaws, I suspect you will start giving a shit then. .... Anonymous Coward
Methinks really juicy attacks against banks based upon quite significant hardware flaws are in the public interest, given the fact that then might bankers give a shit about anything/everything other than themselves and profitable debt and deficit [money for and from nothing], and in so doing crush and crash those systems which are based/predicated on being too big to fail and therefore ripe for executive rape, abuse and misuse, both personal and corporate ....... which is where/what they are currently at, is it not?
And although not a significant hardware flaw, the likes of a Bitcoin virtual currency mine is something which successfully challenges fiat currencies earlier monopoly position in the field of transferable value reflecting a systems friendly supportive worth?
Given this is a forum for computing professionals you might want to return to your comics and let the grown ups deal with reality.
I'll let the grown ups like you get on with their sanctimony and patronising.
The reality is that I can't do anything about this or any of the multitude of other security vulnerabilities that exist on my computer equipment and in my life in general.
So I'm ****ed if I'm going to waste time and energy worrying about if I'm going to die in a car accident on my way home or this ridiculous hand-wringing over whether my computer my run a bit slower when I do certain things. So it's going to cost? We know, what are you going to do about it then? Bitch on a forum? That'll make it cheaper.
There's the reality.
Signed.
36 years professional in computing, done quite well thanks.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
