Announcement

Collapse
No announcement yet.

Researchers Make More Discoveries Around L1TF/Foreshadow - It's Not Good

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Researchers Make More Discoveries Around L1TF/Foreshadow - It's Not Good

    Phoronix: Researchers Make More Discoveries Around L1TF/Foreshadow - It's Not Good

    Security researchers from Graz University of Technology and CISPA Helmholtz are out with their latest findings on CPU speculative execution vulnerabilities, namely taking another look at L1TF/Foreshadow. Their findings are bad news not only for Intel but potentially other CPU vendors as well...

    http://www.phoronix.com/scan.php?pag...Foreshadow-Bad

  • #2
    It's Not Good
    So how many other people's first thought when seeing that was some combination of "Crap, what now " & "That's not very surprising "

    and ARM/IBM/AMD CPUs may also be affected by Foreshadow.
    Crap, what (do I buy) now

    Comment


    • #3
      Correct me if I'm wrong, but the wording in the article sounds like this is a fundamental design problem in the way prefetch is handled in operating system kernels rather than hardware vulnerabilities. Or is it a design flaw in software exacerbated by hardware prefetching problems? I'm not clear on what's going on.

      Comment


      • #4
        Right now you buy AMD CPUs, because they’re currently a better value. With either brand of CPU, you pass mitigations=off to the kernel and forget about it, because you’re not a cloud provider, and it’s impossible to leverage these through a web browser.

        Comment


        • #5
          Originally posted by bearoso View Post
          Right now you buy AMD CPUs, because they’re currently a better value. With either brand of CPU, you pass mitigations=off to the kernel and forget about it, because you’re not a cloud provider, and it’s impossible to leverage these through a web browser.
          Even if I use NoScript in Firefox, right? Sure, it does break websites and I sometimes run into sites where their web page won't load (shows a white blank page with nothing in it) until I whitelist their domain in NoScript. As someone who is security- and privacy-conscious, I hate how websites do that, especially when viewing a blog page. I do whitelist websites that I frequently visit, though. I also have Pi-Hole for filtering out ads as well. And yes, I'm a Premium member of Phoronix, so no ads. At least I'm doing what I can to help and support the owner of Phoronix.com.

          Comment


          • #6
            Originally posted by bearoso View Post
            and it’s impossible to leverage these through a web browser.
            i wouldn't make such bombastic claims because sure, simple JS(not sure if js.asm make it possible tho) is not enough to exploit this but a binary payload with some escalation exploit can actually make it work and the kicker is you won't notice it and be able to detect it after that(with some of the attacks that run below the kernel).

            Linux should be way more resistant but on Windows i'm not so sure since is very easy to escalate from the browser or trick the user into it and most of the implementation for this exploits are incredibly small and can easily pass as a resource of some kind(hacker are usually smart and won't name it L1TF.exe)

            Comment


            • #7
              Originally posted by stormcrow View Post
              Correct me if I'm wrong, but the wording in the article sounds like this is a fundamental design problem in the way prefetch is handled in operating system kernels rather than hardware vulnerabilities. Or is it a design flaw in software exacerbated by hardware prefetching problems? I'm not clear on what's going on.
              Prefetch is done by the processor, not by software. The PREFETCH instructions are also implementation-dependent and may have zero effect.

              What this paper really shows is the reverse:
              "In particular, neither the prefetch instruction nor other user-space instructions actually prefetch kernel addresses into the cache."
              "The effect exploited in all of these papers is, in fact, caused by speculative dereferencing of user-space registers in the kernel."

              Comment


              • #8
                Typo:

                Originally posted by phoronix View Post
                full mitigation to these microarchitural attacks

                Comment


                • #9
                  Originally posted by jrch2k8 View Post
                  i wouldn't make such bombastic claims because sure, simple JS(not sure if js.asm make it possible tho) is not enough to exploit this but a binary payload with some escalation exploit can actually make it work...

                  At this point why you need such a exploit if your social Engineering just worked?

                  Comment


                  • #10
                    Originally posted by RomuloP View Post
                    At this point why you need such a exploit if your social Engineering just worked?
                    Because social Engineering is like a 22mm shot, you can do some damage but with very limited penetration where many of the exploits based on this CPU failures are literal nukes, once the exploit runs it can do literally in every sense of the word anything you want, even invade the own CPU microcode, BIOS(es), controllers and literally the exploit have more priority in the execution rings that the Kernel and Hypervisors do, which means you become invisible to them.(hence explain the panic and Intel be willing to destroy their CPU perf in exchange of some protection since big money business are juicy targets with big pockets)

                    Of course not all failures allow this level of penetration but lots of the partially "mitigated" ones do

                    Comment

                    Working...
                    X