Announcement

Collapse
No announcement yet.

Intel CPUs Reportedly Vulnerable To New "SPOILER" Speculative Attack

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by deant View Post

    Did you just call intel CPUs cheaps? I somehow cant agree if so.
    Yes I did. Because they are cheap. That's why they are popular and have been historically. They are based on a shared resource architecture of resource management. That's the commodity hardware concept: throwing many cheap (by cheap I mean relatively inexpensive, high(er) failure rate, shared resource hardware) systems at a problem to achieve a "good enough" result. This is why Intel is the power house that it is now. Its microprocessors and associated hardware were vastly cheaper than the alternatives by creating a shared resource processor and architecture that was "good enough" to replace the vastly more expensive "big iron" of the day from SGI, DEC, IBM, that used expensive hardware. That technical debt is now coming due as "good enough" is turning into a potential security nightmare from a national and economic infrastructure perspective thanks to the debt being carried forward in the name of expediency and profit margins.

    "Cheap" is a relative distinction here. It's meant in the historical context, rather than the modern enthusiast's wallet.
    Last edited by stormcrow; 05 March 2019, 02:59 PM.

    Comment


    • #32
      Everyone is hating on Intel CPUs when in reality almost all modern CPUs are effected by these flaws in microarchitecture design.
      Spectre (all variants but Meltdown and Spoiler): AMD, Intel, Arm
      Meltdown: Intel, Arm
      SPOILER: Intel (at least for now).
      The only one that's Intel specific is SPOILER which is new and has a possibility of being found on others as well. The bugs are with modern micro-architecture design, not soley with Intel's designs, though they seem to be slightly more venerable than the rest. Intel is also the primarly used CPU in datacenters, so it is the one companies are paying to be researched the most for security flaws. AMD (and ARM) most likely have just as many flaws, but aren't as widely used so not as many have been found. In fact, most spectre vunerabilities were first found on Intel, and then tested for on other companies architectures. It's like how MacOS and Linux aren't any more immune to viruses than Windows, but Windows is more widely used and thus most research into security flaws for OSes is for Windows.

      Comment


      • #33
        Originally posted by Vistaus View Post
        Am I the only who doesn't notice any slowdowns with the mitigations enabled?
        Sounds like you aren't doing anything intensive with your machine. The performance impact is real, and it's significant. We don't need to speculate (no pun intended) as Michael has benchmarked this a number of times now, so do a search to see the results. The performance impact is also dependent on the type of work. For some applications, it's only a few percents. For others, it's 20%+.
        Last edited by torsionbar28; 05 March 2019, 04:15 PM.

        Comment


        • #34
          Originally posted by Spooktra View Post
          what I don't believe is that without them any harm in a real world setting can actually take place and I defy anyone to show me an example where any of these "exploits" caused any real world harm.
          Sounds like you don't fully understand the problem then. This has nothing to do with your little home peecee. Think big public clouds where the memory in a single physical server may be hosting VM's for tens or hundreds of different customers. Then consider the very active state-sponsored cyber terrorism units in China, N Korea, Russia, and Iran. A very real vulnerability plus a very real threat equals serious real world trouble. Traditional rowhammer attacks take time - a week or more to be successful. This new Spoiler claims to speed that up by 256x i.e. under an hour. The fact that the exploit requires only standard user access and not root, moves the needle even further, from 'possible' to 'probable'. Because of how rowhammer attacks work, those targeted will never even know it happened. This is scary stuff.
          Last edited by torsionbar28; 05 March 2019, 04:24 PM.

          Comment


          • #35
            I'd really love to see benchmarks comparing the performance impact on various workloads between CPUs. You know, before and after shots for various AMD/Intel/ARM generations. I think it'd help people to see what comparative performance will be like on mitigated systems and give new insight on vendor differences. It's hard to keep up, though, as new speculative execution exploits are coming out every month. But as they pile on, maybe we'll see performance parity.

            Originally posted by Intel
            software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest.
            That's harder than it sounds, Intel. Especially considering that the memory layout in a lot of development languages isn't directly controllable. And that many servers run enough disparate software that it would be a massive PITA to audit and redesign all of them.

            Maybe just focus on not cutting corners instead? Or at least not charging a premium when you do...

            Comment


            • #36
              Originally posted by torsionbar28 View Post
              Then consider the very active state-sponsored cyber terrorism units in China, N Korea, Russia, and Iran.
              It seems you're ignoring the fact US company introduced insecure, full of vulnerabilities CPU's to our homes, countries, hospitals, airports etc. It's more probable some US state-sponsored cyber terrorism unit from USA or israel will use it against us. This US/israel propaganda starts to get boring. Better check who blew up your twin towers and US Liberty and then we can talk about Iran and Russia.

              Comment


              • #37
                as long as my MIPS64 Sgi Octane is safe all is well: https://www.youtube.com/watch?v=AU_RV8uoTIo

                Comment


                • #38
                  Originally posted by andyprough View Post
                  My main concern is, I don't trust any academics who spell "exploits" as "ex-ploits". What is an "ex-ploit"? Is that like a former sploit? Similar to an ex-girlfriend?
                  You fool! The original paper does not write "ex-ploits" anywhere, well except where there is a linebreak, i.e. exploits was hyphenated. So if you see "ex-ploit", then that is due to the fool who copy-pasted text from elsewhere onto Phoronix without checking the result.

                  Comment


                  • #39
                    Originally posted by uxmkt View Post
                    You fool! The original paper does not write "ex-ploits" anywhere, well except where there is a linebreak, i.e. exploits was hyphenated. So if you see "ex-ploit", then that is due to the fool who copy-pasted text from elsewhere onto Phoronix without checking the result.
                    I like your style. You know a serious question when you see it.

                    Comment


                    • #40
                      @Michael: Lübeck (Wo das Marzipan herkommt...;-) )
                      https://en.wikipedia.org/wiki/Lübeck

                      Comment

                      Working...
                      X