Topic Actions

Topic Search

Who is online

Users browsing this forum: No registered users and 1 guest

Meltdown/Spectre - Double whammy of CPU bugs

For anyone who might want to have a side conversation...you're welcome here!
Meltdown/Spectre - Double whammy of CPU bugs
Post by aairfccha   » Thu Jan 04, 2018 1:56 pm

aairfccha
Commander

Posts: 161
Joined: Tue Apr 08, 2014 3:03 pm

https://meltdownattack.com
https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Apparently there are two rather fundamental hardware bugs concerning speculative/out-of-order execution which break the memory separation between processes and between a process and the operating system respectively. :shock:

Meltdown seems the more exploitable, the more severe but restricted to Intel (and a few ARM? currently anyway) and can be addressed by patches in the OS - those are already in the pipeline for the big three. The drawback of the workaround is a reduction in performance depending on the program.

Spectre is apparently more difficult to exploit but more prevalent (Intel, AMD and ARM!) and more difficult to protect against.
Top
Re: Meltdown/Spectre - Double whammy of CPU bugs
Post by cthia   » Thu Jan 04, 2018 3:11 pm

cthia
Fleet Admiral

Posts: 8722
Joined: Thu Jan 23, 2014 12:10 pm

aairfccha wrote:https://meltdownattack.com
https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Apparently there are two rather fundamental hardware bugs concerning speculative/out-of-order execution which break the memory separation between processes and between a process and the operating system respectively. :shock:

Meltdown seems the more exploitable, the more severe but restricted to Intel (and a few ARM? currently anyway) and can be addressed by patches in the OS - those are already in the pipeline for the big three. The drawback of the workaround is a reduction in performance depending on the program.

Spectre is apparently more difficult to exploit but more prevalent (Intel, AMD and ARM!) and more difficult to protect against.

Some ARM processors certainly are vulnerable as well.

There was a concern over out-of-order execution being a security risk back in the 90's. That is one reason it was so slow to be adopted. The fear has become a reality.

Linux aficionados have patched and recompiled already. I think some companies were delaying release of gadgets, smartphones and tablets, until the arrival of patches.

Son, your mother says I have to hang you. Personally I don't think this is a capital offense. But if I don't hang you, she's gonna hang me and frankly, I'm not the one in trouble. —cthia's father. Incident in ? Axiom of Common Sense
Top
Re: Meltdown/Spectre - Double whammy of CPU bugs
Post by Joat42   » Fri Jan 05, 2018 9:47 pm

Joat42
Commodore

Posts: 829
Joined: Tue Apr 16, 2013 6:01 am
Location: Sweden

Expect any task that is context-switch heavy to take a big performance hit. All those virtual servers in the cloud just became a bit more expensive to run which will eat into margins for some providers and the cost will be unloaded on the customers.

Following CPU's from Intel is affected by SPECTRE & MELTDOWN:
Intel wrote:Intel® Core™ i3 processor (45nm and 32nm)
Intel® Core™ i5 processor (45nm and 32nm)
Intel® Core™ i7 processor (45nm and 32nm)
Intel® Core™ M processor family (45nm and 32nm)
2nd generation Intel® Core™ processors
3rd generation Intel® Core™ processors
4th generation Intel® Core™ processors
5th generation Intel® Core™ processors
6th generation Intel® Core™ processors
7th generation Intel® Core™ processors
8th generation Intel® Core™ processors
Intel® Core™ X-series Processor Family for Intel® X99 platforms
Intel® Core™ X-series Processor Family for Intel® X299 platforms
Intel® Xeon® processor 3400 series
Intel® Xeon® processor 3600 series
Intel® Xeon® processor 5500 series
Intel® Xeon® processor 5600 series
Intel® Xeon® processor 6500 series
Intel® Xeon® processor 7500 series
Intel® Xeon® Processor E3 Family
Intel® Xeon® Processor E3 v2 Family
Intel® Xeon® Processor E3 v3 Family
Intel® Xeon® Processor E3 v4 Family
Intel® Xeon® Processor E3 v5 Family
Intel® Xeon® Processor E3 v6 Family
Intel® Xeon® Processor E5 Family
Intel® Xeon® Processor E5 v2 Family
Intel® Xeon® Processor E5 v3 Family
Intel® Xeon® Processor E5 v4 Family
Intel® Xeon® Processor E7 Family
Intel® Xeon® Processor E7 v2 Family
Intel® Xeon® Processor E7 v3 Family
Intel® Xeon® Processor E7 v4 Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon Phi™ Processor 3200, 5200, 7200 Series
Intel® Atom™ Processor C Series
Intel® Atom™ Processor E Series
Intel® Atom™ Processor A Series
Intel® Atom™ Processor x3 Series
Intel® Atom™ Processor Z Series
Intel® Celeron® Processor J Series
Intel® Celeron® Processor N Series
Intel® Pentium® Processor J Series
Intel® Pentium® Processor N Series

---
Jack of all trades and destructive tinkerer.
Top
Re: Meltdown/Spectre - Double whammy of CPU bugs
Post by cthia   » Sun Jan 07, 2018 7:44 am

cthia
Fleet Admiral

Posts: 8722
Joined: Thu Jan 23, 2014 12:10 pm

A Monitor Darkly

I attended a conference several years ago. It featured the marvelous coming age of computer interconnectivity and what that would mean for the average end user. Smart Homes were the focus -- where everything interconnects.

I voiced my concern about security. This was several years ago. I was told that security would not be an issue, or "very low vulnerability." Very low I asked?

At any rate, my concerns have come to pass, again, with A Monitor Darkly.

That is two for two.

1. Kaspersky.
2. Smart devices.

Son, your mother says I have to hang you. Personally I don't think this is a capital offense. But if I don't hang you, she's gonna hang me and frankly, I'm not the one in trouble. —cthia's father. Incident in ? Axiom of Common Sense
Top
Re: Meltdown/Spectre - Double whammy of CPU bugs
Post by Imaginos1892   » Sun Jan 07, 2018 5:27 pm

Imaginos1892
Commodore

Posts: 861
Joined: Sat Mar 24, 2012 2:24 pm
Location: San Diego, California, USA

Oh, yeah, that was such a great idea — make it so anybody can break into your computer, turn your lights and appliances on and off, monkey with your thermostat…nothing wrong there, just drink the kool-aid and be happy…
———————————
Nobody expects the Spanish Inquisition!!
Top

Return to Free-Range Topics...