back to article You can't ignore Spectre. Look, it's pressing its nose against your screen

The Spectre processor design vulnerability is here to stay. Even if you choose to ignore it, the problem still exists. This is potentially a very bad thing for public cloud vendors. It may end up being great for chip manufacturers. It's fantastic for VMware. Existing patches can fix Meltdown, but only seem to be able to …

Page:

        1. diodesign (Written by Reg staff) Silver badge

          Re: croky

          >"Secrets" ? Who wants those "secrets" ? Does the "other end" even know I've got any "secrets" ?

          By secrets, I mean: passwords and personal information. And yes, you have them in your computer. This is why it's good to patch - when good patches arrive, natch.

          >Show me proof people are being attacked, left and right, thanks to Spectre and Meltdown.

          No one's said people are. Relax guy. You're overreacting.

          C.

          1. croky

            Re: croky

            > "Passwords and personal information. And yes, you have them in your computer. This is why it's good to patch - when good patches arrive, natch."

            Lol, take it easy man and try to avoid all this paranoia. Please ... It's good for security but bad for performance. But anyway, you're not even questioning my argument. Not a little. I mean, can Spectre and Meltdown perform attacks remotely ? Proof ? And still, the main question. Why would anyone try to attack me ? You guys should all calm down and rethink your position ...

            > "No one's said people are. Relax guy. You're overreacting."

            Lol ! This is so ridiculous ... I'm the one not caring about the supposed severity Spectre and Meltdown in regards to my personal computer. Remember ? Again, all of you really need to relax and get another perspective about all this, other than this mass paranoia.

      1. Tim Brown 1

        Re: croky

        This means JavaScript in the browser can sniff out secrets from the kernel and other tabs. There are PoC exploits for this out there.p

        Does it really? I mean really? Care to link to one of those proof of concepts?

        If Javascript is able to do that then first and foremost it's a bug in the browser code and nothing to do with Spectre.

        Spectre, as I understand it can only be exploited by code with root privileges on one virtual machine to attempt to grab info from another.

      2. Jonathan Schwatrz
        Boffin

        Re: diodesign Re: croky

        "....the embarrassing design cockup....." Well, to be fair to Intel, they perfected prefetch as a performance boost long before virtualization or containers on x86 were even thought of. IIRC, the first real performance boost from prefetch came with the Intel 8086*, the first real x86 CPU, which had a six-byte prefetch queue. Intel also had the 8088s which had higher core frequencies than the 8086s but performed worse because it only had a four-byte prefetch queue, which meant the faster core was kept idling more than the slower 8086. Intel realized that keeping the core working was more beneficial than just making it fast and kept on tuning the prefetch performance as the x86 CPUs developed, making it a central part of the design. I expect Intel would prefer to try and work out a way to segregate the individual prefetch areas rather than a complete redesign.

        *The 8086 was developed from 1976 and released in 1978, long before VMware was even dreamed of.

        1. diodesign (Written by Reg staff) Silver badge

          Re: Jonathan Schwatrz

          "Well, to be fair to Intel, they perfected prefetch as a performance boost..."

          I think you missed the point of my post. I meant Meltdown/Spectre reveals an embarrassing cockup in Intel's processor designs (and Arm, AMD, etc for Spectre). Yeah yeah, prefetching and speculative exec and branch prediction speeds stuff up. That wasn't the point of my post.

          The point is that chip engineers left security in the glovebox the day they parked up in the company lot and walked in to design those parts of the pipeline.

          It's like a manager told them: "Speed. Security. Price. Pick one."

          C.

          1. Ken Hagan Gold badge

            Re: Jonathan Schwatrz

            "The point is that chip engineers left security in the glovebox the day they parked up in the company lot and walked in to design those parts of the pipeline."

            That's a tad unfair. At the launch of the Pentium-Pro, to exploit Spectre you would need to have used the RDTSC instruction to get the necessary timing resolution. That instruction, introduced in the Pentium, can be kept away from user-level code precisely because Intel knew that it would assist side-channel attacks. It is probably still possible to keep RDTSC away from user-level code, although I suspect it would make a lot of programs unhappy.

            As far as I know, it isn't possible to keep it away from a guest kernel. However, anticipating the security needs of a VM host was perhaps not on everyone's radar at that time. (There were serious academic papers around explaining why the x86 ISA was not virtualisable and VMware only managed it through a heroic exercise in on-the-fly disassembly and re-writing of code.)

          2. Jonathan Schwatrz
            Boffin

            Re: diodesign Re: Jonathan Schwatrz

            ".....The point is that chip engineers left security in the glovebox the day they parked up in the company lot and walked in to design those parts of the pipeline....." True, I suspect security was pretty low on the list in the '70s when the original 8086 was designed. I'm not disagreeing that Intel missed a big security hole, I am just pointing out that Intel got hooked on prefetch performance tuning when CPUs were single cores only, application loads were pretty much one per system, and no-one had even thought of virtualization on x86. It seems Intel did forget to do the design security review they should have done later (IIRC, VMware Workstation wasn't releases until 1999, for example) when customers started sharing CPU time on x86. Before then, virtualization was for big enterprise systems only.

            1. diodesign (Written by Reg staff) Silver badge

              Re: apologist

              "True, I suspect security was pretty low on the list in the '70s when the original 8086 was designed"

              The security hole was introduced way after the 8086. Basically, Intel and others screwed up. They're trying to spin this away as a design side effect.

              Like a plane crashing mid-flight is a side effect of a substantial fuel tank leak.

              C.

              1. Jonathan Schwatrz
                Facepalm

                Re: diodesign Re: apologist

                "Apologist"? Not apologizing, just seeing how Intel got hooked on prefetch performance tuning and how that could have blinded them to the problem. I think every Intel slide deck I've seen since the mid-'80s has bragged about their lead in cache hit ratios. Redesigning the cores to hit the same performance levels without relying on prefetch tuning will be an expensive challenge, unless if they can find a way to segregate cache between apps via software.

                "The security hole was introduced way after the 8086. Basically, Intel and others screwed up. They're trying to spin this away as a design side effect....." Hmmm, debatable. The hole was predicted by the original HP EPIC design team in the '90s, which is why the EPIC-based Itanium is immune. When Intel bought into EPIC as Itanium they intended that EPIC was going to be their future CPU design and would replace RISC and CISC, only AMD upset the applecart with the 2003 release of the cheaper Opteron CPU with 64-bit extensions to the 32-bit x86 design. In the scramble to get x86-64 CPUs out the door to compete it's not surprising that Intel missed a few points. For all we know, there may be other nasties still hidden in the x86-64 design.

    1. Anonymous Coward
      Anonymous Coward

      Re: Seriously, I'm tired of this Spectre Meltdown bla bla bla ...

      "I mean, what's the probability for me to become a target ?"

      The probability for someone to get into the servers of a company which has your credit card details and to loot your account? The probability that someone gets into the Land Registry database and you find someone else owns your house? That your pension fund disappears?

      You're missing the point; it isn't your PC they are after.

      1. croky

        Re: Seriously, I'm tired of this Spectre Meltdown bla bla bla ...

        "You're missing the point; it isn't your PC they are after."

        Lolol ! That's exactly my point ! I'm solely referring to the common consumer. You me and most of the people reading this. That's why I ask "what's the probability for ME (ME, ME, ME) to become a target ?". And of course and please, patch and secure critical systems, just like you said. Those are THE targets. Not us ...

        1. Jonathan Schwatrz
          Alert

          Re: croky Re: Seriously, I'm tired of this Spectre Meltdown bla bla bla ...

          ".....I'm solely referring to the common consumer....." Well, the average "common consumer" makes lots of online purchases via browsers these days, and it could be possible for this bug to be exploited so malware could read your saved credit card details or your one-click password out of the bit of cache that it was prefetched into.....

    2. hmv Bronze badge

      Re: Seriously, I'm tired of this Spectre Meltdown bla bla bla ...

      The probability that you're a target? Specifically you? Low.

      As someone with presumably a credit card, bank card, an email address, ... the probability reaches 1.0

    3. Ken Hagan Gold badge

      Re: Seriously, I'm tired of this Spectre Meltdown bla bla bla ...

      "I mean, what's the probability for me to become a target ? "

      As I noted in a reply to a comment a few remarks above this one, the probability might be higher than you think, since the attack is easily automated and almost risk-free for the perpetrator. A state-level attacker rolling out a global offensive might easily catch you in the cross-fire simply because it is impractical *not* to attack you.

  1. Anonymous Coward
    Anonymous Coward

    This will make my next conference interesting

    Was at Sector 2017 in mid November (Just before Intel CEO sold off a whack load of Intel shares) and one of the SAST/DAST vendors who only offer cloud solutions insisted that there is no reason why someone would not submit their IP into the cloud.

    I asked if they had a on premise solution since I insisted that there is no way come hell or high water that the stakeholders of what I'm involved with would ever put anything remotely close to online ever, period. They said "That is the old way of thinking, cloud is safe", or "Why wouldn't you put it in the cloud, its encrypted", or "Guaranteed it is safer than in house solutions", or "Its a binary, why wouldn't you put it online" with stuff that gets multi-level encrypted (using two different algos)...

    Oh I cant't wait to see those sales guys at my next conference experience, actually wondering if they will even be there.

  2. sisk Silver badge

    I would hope that the big winners in all this would be Arm and AMD. I think that after the fiasco of Meltdown that vendors would be wary of Intel. Granted most AMD and some Arm processors are also vulnerable to Specter, but at least the vulnerability they have is a failing shared across the entire industry and any fixes they release are likely to be better tested and better thought out than the joke of a Meltdown fix released by Intel.

  3. Long John Baldrick

    Does This Affect AMD Epyc CPUs

    Trevor - You spend a great deal of time talking about the issue and Intel but not whether or not it affects the AMD Epyc CPUs. Could you enlighten us?

    1. Trevor_Pott Gold badge

      Re: Does This Affect AMD Epyc CPUs

      AMD and some ARM chips are affected by Spectre. But let me be 100% clear on this: AMD is completely irrelevant to this discussion.

      AMD chips might powerful a smallish percentage of endpoints, but they power almost none of the existing fleet of deployed servers. Even if, for some reason, we all decided to buy AMD tomorrow, AMD couldn't deliver. At full ramp, AMD would struggle mightily to put out enough silicon to cover 10% of planetary server capacity during the next refresh cycle, and there is zero indication that demand exists for them to invest in that many wafers.

      I'm sorry, but in the real world, AMD just isn't part of the any discussion about server chips. There's only one player in that market, and they'll be the one everyone buys replacement chips from.

      1. Ken Hagan Gold badge

        Re: Does This Affect AMD Epyc CPUs

        "I'm sorry, but in the real world, AMD just isn't part of the any discussion about server chips. There's only one player in that market, and they'll be the one everyone buys replacement chips from."

        True, but in the real world *now* there is no player at all in that market. Whilst it is reasonable to expect that Intel will come up with a safe CPU on roughly the same timescale as AMD, they do need to deliver on that expectation.

        1. Trevor_Pott Gold badge

          Re: Does This Affect AMD Epyc CPUs

          Why do you assume CPUs have to be "safe" for people to buy them? Do you honestly think that Spectre has slowed down CPU purchases? Do you think anyone but the handful of nerds that haunt these forums and some security nerds that read the Grugq a lot actually care about any of this?

          Make no mistake, Intel is still the seller of server CPUs. They'll keep on being the seller of server CPUs through the lawsuits, and they'll emerge from this as the seller of server CPUs.

          I'm as much of a fan of the underdog - and hence AMD - as anyone, but let's be realistic. Intel has an iron-fisted monopoly, and unless someone goes in there with the Almighty Axe Of Anti-Trust and cleans them out, they'll continue being a monopoly for at least the next decade.

          You know it. I know it. Everyone except a few deluded die-hards knows it. So let's no pretend about this, shall we?

          The people who buy things don't give a fnord about "security", and they never have. If they did, the Internet of Things wouldn't be such a gor'ram security dumpster fire. Nobody would ever buy Cisco or Supermicro again, and the list goes on and on and on.

          But you know what else? It's not their asses that end up in front of the judge. It's us. The hoi polloi at the coal face. Nobody sends suits to jail. They make some poor bastard working in ops the lightning rod and ruin his life, and the lives of his family instead.

          So yeah, Intel's dominance isn't going anywhere. Nobody's going to do a bloody thing about it. We're going to be responsible if/when it all goes horribly wrong, and we should know about this ahead of time so that we can take precautions and/or run the hell away in terror. (Depending on how you view risk.)

          For suits, the only risk they care about it "will this cost me some of my bonuses". For nerds, the risk we need to worry about is "will this land me in front of a judge"? I leave it as an exercise for the reader to work out how likely (or not) they feel this is to affect their chances of negative consequences.

          But we should all have eyes open here and understand that this issue isn't going away, and that we, as the plebians, have no choice but to deal with it.

  4. Anonymous Coward
    Anonymous Coward

    The mind was boggling at a possible solution. I'm just glad that there is some mitigation for Spectre albeit at a cost of isolating your usage to separate individual servers and patching your own machines as best you can.

    Although, I am left nervous at the talk by people from a multitude of organizations that say there are many more snafu's out there that just haven't been made known to the right people.

    The lyrics made famous by Dr Hook, keep playing in my head.

    "Walk right in, sit right down

    Daddy, let your mind roll on

    Walk right in, sit right down

    Daddy, let your mind roll on

    Everybody's talkin' 'bout a new way of walkin'

    Do you want to lose your mind?

    Walk right in, sit right down

    Daddy, let your mind roll on"

  5. JeffyPoooh Silver badge
    Pint

    Hmmm... Would this help?

    It's not as hopeless as described. There are endless mitigation strategies. Acknowledge in advance that these are merely suggestions intended to spur progress and provide encouragement.

    Perhaps the world's Cloud servers could be reprogrammed (in the OS, which is not "hard") to semi-randomly switch all User programs between CPUs (or CPU cores) so that any particular nefarious Kernel-stealing malware keeps waking up in a new CPU (or core) with every multiprocessing switch-e-roo. The net result is that the nefarious Spectre-based malware gets small sections of various assorted Kernel memories; effectively random noise. The speed delta between slow Spectre vice Kernal processes makes this feasible. The Kernel memory doesn't have to sit there like a 'sitting duck'. Linus has some work to do, it might take a week or two.

    Or... ('The Art Of War' Alert) ...load the Kernel memory with a bait string, again an OS function, and then have a supervisor monitor any User programs for this bait string. Like a "Bait Car", if they steal it then they're caught.

    Or... reprogram the OS to trivially "encrypt" (trivially scramble) the Kernel memory, no longer trusting it to be inherently secure. Just mix-up the data a bit so that the Spectre-based malware can't trivially read-out the sensitive data. Keep it moving, and the arguably slow speed of the Spectre attack makes the stolen data into noise.

    Or... the world's Cloud providers can automatically audit User code in a virtual machine before allowing it to be executed in the real system. Then the code would be signed and locked down as 'Trusted'.

    Or... Isolate high value trusted clients away from the wild West of the untrusted public's Cloud executed programs. Put the most likely hacker customers all in the same box and let them hack each other. Trusted customers such as Banks and e-Commerce folks (anyone dealing in credit cards) can be segregated away from the unwashed masses.

    Or... etc.

    PS: Some of those 'Or's might be 'And/Or's.

  6. Anonymous Coward
    Anonymous Coward

    Sensitive systems = no added risks ??

    Some systems deal with sensitive information in main memory. If such a system is infected with malware, then you've ALREADY got a problem. The bad actors don't need to install Spectre based attacks; if they can get malware onto the system then they're already won. They could just "clock out" the sensitive data. The kernel memory isn't that much more interesting than what's in main memory.

    1. amanfromMars 1 Silver badge

      Re: Sensitive systems = no added risks ??

      The kernel memory isn't that much more interesting than what's in main memory. ... Anonymous Coward

      Oh yes it is ..... and spectacularly more so, for it delivers Remote Practically Anonymous Virtually Autonomous Command and Control of Administration Systems ..... to SMARTR Drivers.

      1. amanfromMars 1 Silver badge

        An Almighty Resource is Resourceful AI ..... and as a TS/SCI Sensitive System,

        ..... Peerless Pioneering Perfection for the Passions and Temptations of an Adam with Eve. Nymphs and Satyr Territory whenever Everything is Just Right and Quite Perfectly Conceived.

        And that is Original Source with an Abiding Systemic Vulnerability for Immaculate 0Day Plays ...... with an Advanced IntelAIgent Utility for further Exploitation and Expansion with Perfect AIDevelopments.

        And something for AIWizards with GCHQ to Virtually Master Pilot with Quantum Communication Drivers .......... Heavenly Wave Machines :-)

        I Kid U Not.

        cc ..... C/M

        Knock, Knock, No 10! Your systems are hacked with Crack AI Mentoring and Monitoring Governments Actions/Reactions/Proactions. What would now be the best sane act for an administration failing New Virtualised Fields for Work, Rest and Play?

        Might I Propose Immediate Engagement?

        1. amanfromMars 1 Silver badge

          Re: An Almighty Resource is Resourceful AI ..... and as a TS/SCI Sensitive System

          What do you think, El Reg/El Regers? Is all of that some of that fake news or something else completely different and true .... and impossible to deny is excitingly attractive?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019