Announcement

Collapse
No announcement yet.

Researchers Make More Discoveries Around L1TF/Foreshadow - It's Not Good

Collapse
X
Collapse
 
  • Page of 5
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 template Next
  • #11
    Good case for full open source stack, from BIOS to every app running.

    This way, one can control both sides of the fence and soften the blow of security demands.
    If I can trust the browser more, breach will be less likely.
    Also, if one has cooperative control over what is scheduled to execute when, one can stage security barriers around anything network based ( especially browsers) to be tighter than average.

    • Likes 9

    Comment

    • #12
      Originally posted by Brane215 View Post
      Good case for full open source stack, from BIOS to every app running.

      This way, one can control both sides of the fence and soften the blow of security demands.
      If I can trust the browser more, breach will be less likely.
      Also, if one has cooperative control over what is scheduled to execute when, one can stage security barriers around anything network based ( especially browsers) to be tighter than average.
      I'm kinda out of date with how banks and finance works this days but some old friends tell me that this level of control is why they stick with IBM Power in many of the real critical stuff since they can verify everything(or almost everything)
      • Likes 3

      Comment

      • #13
        Originally posted by jrch2k8 View Post

        I'm kinda out of date with how banks and finance works this days but some old friends tell me that this level of control is why they stick with IBM Power in many of the real critical stuff since they can verify everything(or almost everything)
        IBM Z Series
        • Likes 1

        Comment

        • #14
          Originally posted by jrch2k8 View Post

          I'm kinda out of date with how banks and finance works this days but some old friends tell me that this level of control is why they stick with IBM Power in many of the real critical stuff since they can verify everything(or almost everything)
          will this increase the demand on Raptor Talos etc. machines? Then they might get lower prices for us hobbyists
          • Likes 1

          Comment

          • #15
            Originally posted by bearoso View Post
            it’s impossible to leverage these through a web browser.
            [citation needed]
            • Likes 5

            Comment

            • #16
              Originally posted by CochainComplex View Post

              will this increase the demand on Raptor Talos etc. machines? Then they might get lower prices for us hobbyists
              I'm not sure they are just doing an Apple and slapping an insane markup on mediocre hardware, they genuinely seem to have higher costs because of smaller production runs
              • Likes 1

              Comment

              • #17
                Originally posted by bearoso View Post
                Right now you buy AMD CPUs, because they’re currently a better value. With either brand of CPU, you pass mitigations=off to the kernel and forget about it, because you’re not a cloud provider, and it’s impossible to leverage these through a web browser.
                have you read the conclusion of this paper? ....I guess no.

                page 16.

                We demonstrated that this effect can also be exploited via JavaScript in browsers, enabling us to leak the physical addresses of JavaScript variables
                .
                • Likes 7

                Comment

                • #18
                  Originally posted by starshipeleven View Post

                  I'm not sure they are just doing an Apple and slapping an insane markup on mediocre hardware, they genuinely seem to have higher costs because of smaller production runs
                  This might have been a misunderstanding.
                  That is exactly my point. I know that they are "expensive" because of the small size of the company.
                  But if they would have a larger company because of increased demand, we might get the benefit of massproduction.
                  I really like Raptor and I don't think they are overchargeing customers.
                  They know that they would have more customers with lower prices but I guess that is simply not possible (at the moment).

                  I really would like to own one of their entry machines but for a toy to pleasure my hobbydesire it is just a bit too expensive.
                  Last edited by CochainComplex; 07 August 2020, 06:32 AM.
                  • Likes 3

                  Comment

                  • #19
                    Which are the CPUs affected by this vulnerability? Are there CPUs immune from it?
                    • Likes 1

                    Comment

                    • #20
                      Originally posted by Azrael5 View Post
                      Which are the CPUs affected by this vulnerability? Are there CPUs immune from it?
                      "We run the same experiment on a Raspberry Pi 3 (ARM CortexA53,Ubuntu 18.04, kernel 4.15.0), an in-order CPU with no branch prediction [4]. Thus, this CPU is not susceptible to any Spectre-type attacks. Running the same code for 1 hour, we do not observe any cache fetches. Therefore, as no leakage appears on an in-order CPU without branch prediction, the effect must be related to Spectre. The hypothesis that the effect is hardware-specific to Intel CPUs is incorrect; any CPU susceptible to Spectre-BTB is vulnerable to speculative dereferencing in the kernel if the mitigations are not enabled."

                      • Likes 6

                      Comment

                      Previous 1 2 3 4 5 template Next
                      Working...
                      X