Announcement

Collapse
No announcement yet.

An Initial Look At Spectre V4 "Speculative Store Bypass" With AMD On Linux

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by Weasel View Post
    Can Spectre (any variant) read or leak memory from a different process? Furthermore, can it leak memory from another user's processes? i.e. can alice read memory of processes from bob?

    If not, it's a complete non-issue for desktop use.

    I am trying to parse your question the best I can.

    From what I understand it is an issue for desktop users. However it might be difficult to filter out of the memory table the type of data needed to collect on a system to start coding for a type of attack or being able to read user/password data or data in general. You get a team of people on something like this and they will make it happen, especially if their idea of the ultimate video game is breaking and exploiting sloppy lazy programming/engineering.

    With all the scripts/services websites use these days. Lots of websites have all kinds of stuff they are running. If I don't like the looks of their scripts/services they are using, those services/scripts I halt in my browser and depending on the site I start toggling in noscript, which can make or break a page in a browser. If I see a website running like 8 scripts/services I start to get a little pissed, some can and do inject malicious code depending on what it is. I am an amateur security hobbyist/analyst. I finally came to realize the web is not secure at all, especially since I have been peeling back the veil a bit and listening to certain security people whom of which are professionals, or people I gauge, that know much more than me.

    Even https has a back door built in.

    I recommend blacklisting your processors security co-processor kernel modules to reduce some of its ability. I recommend closing your web browser when you are not using it. I recommend not leaving your computer idling connected to the net 24/7 all the time. I recommend using Open DNS. I recommend discarding your routers WAN ping. I recommend using a good script discovery plugin for your browser. Every Tom, Dick and Harry does not have the right to run what ever they want in your web browser. I recommend discarding the notion that firefox or chrome or any web browser is alright. Have you analyzed all the code built into web browsers? Of course I am very paranoid and have a right to be, the web has people on it who want to run their stuff on your computer by any means necessary, even against your own will.

    So what do you do? Not use the web? I recommend taking a very cautious approach to how you think of and use the internet. Also "IOT" the internet of things has emerged and is growing. Most things are being built to spy on you and collect data. While most might be harmless, I inner rebel against all of it, and increase my own security the best I can, if my credit card information is stolen or anything of the like, at least I know it's not from my end.

    I recommend not taking anyones word for it, there is nothing worse than a false sense of security. Do your own research, Steve Gibson is a great person to listen to on these matters and a great place to start. He is on youtube and has a podcast.

    Last edited by creative; 05-28-2018, 01:48 PM.

    Comment


    • #22
      Originally posted by creative View Post


      I am trying to parse your question the best I can.

      From what I understand it is an issue for desktop users. However it might be difficult to filter out of the memory table the type of data needed to collect on a system to start coding for a type of attack or being able to read user/password data or data in general. You get a team of people on something like this and they will make it happen, especially if their idea of the ultimate video game is breaking and exploiting sloppy lazy programming/engineering.

      With all the scripts/services websites use these days. Lots of websites have all kinds of stuff they are running. If I don't like the looks of their scripts/services they are using, those services/scripts I halt in my browser and depending on the site I start toggling in noscript, which can make or break a page in a browser. If I see a website running like 8 scripts/services I start to get a little pissed, some can and do inject malicious code depending on what it is. I am an amateur security hobbyist/analyst. I finally came to realize the web is not secure at all, especially since I have been peeling back the veil a bit and listening to certain security people whom of which are professionals, or people I gauge, that know much more than me.

      Even https has a back door built in.

      I recommend blacklisting your processors security co-processor kernel modules to reduce some of its ability. I recommend closing your web browser when you are not using it. I recommend not leaving your computer idling connected to the net 24/7 all the time. I recommend using Open DNS. I recommend discarding your routers WAN ping. I recommend using a good script discovery plugin for your browser. Every Tom, Dick and Harry does not have the right to run what ever they want in your web browser. I recommend discarding the notion that firefox or chrome or any web browser is alright. Have you analyzed all the code built into web browsers? Of course I am very paranoid and have a right to be, the web has people on it who want to run their stuff on your computer by any means necessary, even against your own will.

      So what do you do? Not use the web? I recommend taking a very cautious approach to how you think of and use the internet. Also "IOT" the internet of things has emerged and is growing. Most things are being built to spy on you and collect data. While most might be harmless, I inner rebel against all of it, and increase my own security the best I can, if my credit card information is stolen or anything of the like, at least I know it's not from my end.

      I recommend not taking anyones word for it, there is nothing worse than a false sense of security. Do your own research, Steve Gibson is a great person to listen to on these matters and a great place to start. He is on youtube and has a podcast.

      Also Richard Stallman is great to listen to, he is so crazy and righteous in a very good way.
      Thanks for the reply, but it's not what I was asking. Your advice is good, however, but I already do it (IMO browsing the web without script-blocking functionality or add-ons is suicide).

      I mean, let's assume we have a desktop PC with 2 users. One is you, the other is Joe. Now you're careful to not give Joe any rights to your files (not even to read them). He doesn't even have the rights to use sudo, and the root account is disabled (has no password) so he can't use su either (and he can't physically reboot the computer etc). Theoretically, your system is foolproof in this case from Joe no matter what app he runs (theoretically means no exploits or bugs). Nothing that Joe can do will be able to spy on you or cause damage.

      The question is: can Joe use Spectre exploits in this case to read memory from processes of your user or kernel or whatever? Because that's a cause for concern.

      Most people these days don't understand the concept of separating rights via users, because they come from Windows where you run everything as admin. They want to run everything as one user, which is a mistake. Unix is designed around multi-user environment, use it for your own security.

      I know Meltdown can do it, because it can read kernel memory. But can Spectre do it? And which variants? I know for sure Variant 4 can't, but idk about the others.

      Otherwise -- no matter what kind of malicious code Joe can run, it won't be able to spy or cause damage, unless it exploits vulnerabilities. That's why I'm asking about Spectre...


      And obviously, it's not that patching them is particularly hard. But they cause performance regressions and that's a real problem if you're already protected anyway because you use sound Unix practice.

      Comment


      • #23
        Weasel,

        A good question to ask yourself is, "How well do you know Joe?, Is Joe smart? Is Joe aware of such exploits?" Another good axiom is, "Always to be careful with what people you keep company with.". For the most part I think you have answered your own question.

        The rest is up to you.

        Comment


        • #24
          Fast forward to an hour and twenty minutes.

          It effects just about every processor technology.

          Security Now 664: SpectreNG Revealed

          https://www.youtube.com/watch?v=skyUXVnkHFU
          Last edited by creative; 05-27-2018, 02:09 PM.

          Comment


          • #25
            Originally posted by Weasel View Post
            Can Spectre (any variant) read or leak memory from a different process?
            Of course.

            Furthermore, can it leak memory from another user's processes?
            Of course.

            i.e. can alice read memory of processes from bob?...
            Of course.

            Read the papers!
            https://meltdownattack.com/meltdown.pdf
            https://spectreattack.com/spectre.pdf

            Comment


            • #26
              Originally posted by drSeehas View Post
              I don't see how their example C attack is "of course" when it only reads from the same addressing space (same process)? Maybe I'm missing something, but it doesn't help when nobody ever gives an example of Spectre which can read memory from *another process* or even *a different user's process*. Javascript attack is the exact same, it only reads the browser's memory (i.e. same process). This isn't even a "same user" thing it's even less important.

              I'm not saying you're wrong but... I'd like to see one example attack on a different process? Even if the other process is purposefully crafted for Spectre, I don't mind.

              Comment


              • #27
                Sorry, it not only needs to read the papers, it needs also to understand the papers ...

                Comment


                • #28
                  Which you clearly don't, since you can't point out where such an effect is shown as a proof of concept.

                  Comment

                  Working...
                  X