Announcement

Collapse
No announcement yet.

New Spectre Variants Discovered By Exploiting Micro-op Caches

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • New Spectre Variants Discovered By Exploiting Micro-op Caches

    Phoronix: New Spectre Variants Discovered By Exploiting Micro-op Caches

    University of Virginia and University of California San Diego researchers have discovered multiple new variants of Spectre attacks that are not protected by existing Spectre mitigations and could yield both Intel and AMD CPUs leaking data via micro-op caches...

    https://www.phoronix.com/scan.php?pa...Cache-Exploits

  • #2
    hmm... spectre is back
    it is not going to slow down neither spare anything
    deadlines!!!! i really despise it now.

    Comment


    • #3
      Well this sucks, but not a surprise when you think about it...especially in the era of "power stats can be used for exploits". Your cache caused an exploit...you don't say.

      Why is it when something is exploited it goes into a whitepaper? Why are whites always the exploiters?

      Comment


      • #4
        Originally posted by gigi View Post
        hmm... spectre is back
        Spectre and Meltdown where always going to come back given that neither Intel or AMD (or anyone else in the realm of performance computing) can engineer themselves out of the problem without take a massive hit to performance. I think that it will be some time before the compute industry at large has any answer(s) to those family of bugs without the sacrifice on the alter of speed.
        By the look of it, I suspect that it will take a set of new architecture to do that.
        Originally posted by skeevy420 View Post
        Why are whites always the exploiters?
        Their is something to be said about the lack of diversity within the computer industry in general but that is neither here nor there on this matter.
        Last edited by Duve; 01 May 2021, 10:30 AM.

        Comment


        • #5
          My take away: You might just as well run with mitigations=off and enjoy the better performance, there is no security in any current x86 architectures at all.

          Comment


          • #6
            Originally posted by Duve View Post
            Their is something to be said about the lack of diversity within the computer industry in general but that is neither here nor there on this matter.
            I agree. I just hope people get a laugh and move on over reading too much into it.

            Comment


            • #7
              Originally posted by ms178 View Post
              My take away: You might just as well run with mitigations=off and enjoy the better performance, there is no security in any current x86 architectures at all.
              Pretty much how I feel. I assume that half the software and firmware on my system is vulnerable already. Those mitigations don't fix sudo being exploited or buggy firmware in my GPU.

              I still run with full mitigations. Going from Westmere to Zen 2....my new system is still faster than my old system with mitigations in place and my old system was fast enough to make me happy.

              Comment


              • #8
                Originally posted by ms178 View Post
                My take away: You might just as well run with mitigations=off and enjoy the better performance, there is no security in any current x86 architectures at all.
                It's a bad illogical takeaway, but luckily the only computing devices that you probaly use are your PC/laptop and smartphone, so you don't quite understand the gravity of the situation. Hosting and cloud providers are keenly aware of everything on that front, cause otherwise their entire infrastructure will be compromised.

                Originally posted by skeevy420 View Post

                Pretty much how I feel. I assume that half the software and firmware on my system is vulnerable already. Those mitigations don't fix sudo being exploited or buggy firmware in my GPU.

                I still run with full mitigations. Going from Westmere to Zen 2....my new system is still faster than my old system with mitigations in place and my old system was fast enough to make me happy.
                Spectre protections are now built-in during compile time so you cannot disable them even with mitigations=off, you'll need to recompile pretty much everything to get back the performance. Lastly certain Spectre mitigations are in firmware and cannot be disabled as well. It's unlikely we'll ever get back to the time when people didn't know about them.
                Last edited by birdie; 01 May 2021, 07:27 AM.

                Comment


                • #9
                  Originally posted by skeevy420 View Post

                  Pretty much how I feel. I assume that half the software and firmware on my system is vulnerable already. Those mitigations don't fix sudo being exploited or buggy firmware in my GPU.

                  I still run with full mitigations. Going from Westmere to Zen 2....my new system is still faster than my old system with mitigations in place and my old system was fast enough to make me happy.
                  Speaking of disasters, the heating just broke in our house, warm water just trickled through the old pipe of questionable quality (40 years old, Made in the GDR). Lovely.

                  Comment


                  • #10
                    Originally posted by birdie View Post

                    It's a bad illogical takeaway, but luckily the only computing devices that you probaly use are your PC/laptop and smartphone, so you don't quite understand the gravity of the situation.



                    Spectre protections are now built-in during compile time so you cannot disable them even with mitigations=off, you'll need to recompile pretty much everything to get back the performance. Lastly certain Spectre mitigations are in firmware and cannot be disabled as well. It's unlikely we'll ever get back to the time when people didn't know about them.
                    Well, what does it bring you if you barricade the door but leave all of the windows open? But you are right, I am not running a server farm, it is just my private gaming rig. I also re-build my Kernel turning off the "avoid indirect branches" option. I know that it is dangerous, but I don't want to pay any performance penalties and hope that the industry gets their act together and designs more secure products without sacrificing performance.

                    Comment

                    Working...
                    X