Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Meltdown and Spectre Becoming a Nightmare for Everyone
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2  
Reply to topic    Gentoo Forums Forum Index Off the Wall
View previous topic :: View next topic  
Author Message
erm67
Apprentice
Apprentice


Joined: 01 Nov 2005
Posts: 204
Location: somewhere in Renziland.

PostPosted: Sun Jan 21, 2018 7:11 pm    Post subject: Reply with quote

BonezTheGoon wrote:

Sorry man! I'm so glad I do almost NOTHING with Windows anymore!!!

:lol: prophetic
https://www.ghacks.net/2018/01/21/redhat-reverts-patches-to-mitigate-spectre-variant-2/
_________________
True ignorance is not the absence of knowledge, but the refusal to acquire it.
A posse ad esse non valet consequentia
Πάντα ῥεῖ
Back to top
View user's profile Send private message
Bigun
Advocate
Advocate


Joined: 21 Sep 2003
Posts: 2088

PostPosted: Tue Jan 23, 2018 12:28 pm    Post subject: Reply with quote

erm67 wrote:
BonezTheGoon wrote:

Sorry man! I'm so glad I do almost NOTHING with Windows anymore!!!

:lol: prophetic
https://www.ghacks.net/2018/01/21/redhat-reverts-patches-to-mitigate-spectre-variant-2/


Modified topic title.
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17166

PostPosted: Tue Jan 23, 2018 6:19 pm    Post subject: Reply with quote

erm67 wrote:
Sounds like FUD (aka secret documents shared with secret customers):


https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/

IME, KPTI, performance hit, botched patches. I guess that does lead to fear, uncertainty and doubt.
_________________
The whole system has to go. The modern criminal justice system is incompatible with Neuroscience. --Sapolsky
Back to top
View user's profile Send private message
erm67
Apprentice
Apprentice


Joined: 01 Nov 2005
Posts: 204
Location: somewhere in Renziland.

PostPosted: Wed Jan 24, 2018 5:33 pm    Post subject: Reply with quote

pjp wrote:
erm67 wrote:
Sounds like FUD (aka secret documents shared with secret customers):


https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/

IME, KPTI, performance hit, botched patches. I guess that does lead to fear, uncertainty and doubt.

Everybody reading the news was aware that some systems were not booting even with Ubuntu, Intel just informed some customers about the problem, and confirmed it to the press as well a few hours after the article about the secret Intel documents was published. The story about super secret intel docs shared only with top customers was FUD.
_________________
True ignorance is not the absence of knowledge, but the refusal to acquire it.
A posse ad esse non valet consequentia
Πάντα ῥεῖ
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17166

PostPosted: Wed Jan 24, 2018 7:36 pm    Post subject: Reply with quote

:lol:
_________________
The whole system has to go. The modern criminal justice system is incompatible with Neuroscience. --Sapolsky
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5279
Location: Removed by Neddy

PostPosted: Thu Jan 25, 2018 6:27 pm    Post subject: Reply with quote

erm67 wrote:
pjp wrote:
erm67 wrote:
Sounds like FUD (aka secret documents shared with secret customers):


https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/

IME, KPTI, performance hit, botched patches. I guess that does lead to fear, uncertainty and doubt.

Everybody reading the news was aware that some systems were not booting even with Ubuntu, Intel just informed some customers about the problem, and confirmed it to the press as well a few hours after the article about the secret Intel documents was published. The story about super secret intel docs shared only with top customers was FUD.


Orly. https://www.theregister.co.uk/2018/01/25/intel_spectre_disclosed_flaws_november/
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5279
Location: Removed by Neddy

PostPosted: Sun Jan 28, 2018 8:29 pm    Post subject: Reply with quote

Naib wrote:
erm67 wrote:
pjp wrote:
erm67 wrote:
Sounds like FUD (aka secret documents shared with secret customers):


https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/

IME, KPTI, performance hit, botched patches. I guess that does lead to fear, uncertainty and doubt.

Everybody reading the news was aware that some systems were not booting even with Ubuntu, Intel just informed some customers about the problem, and confirmed it to the press as well a few hours after the article about the secret Intel documents was published. The story about super secret intel docs shared only with top customers was FUD.


Orly. https://www.theregister.co.uk/2018/01/25/intel_spectre_disclosed_flaws_november/



OOOOOOOOOOOOORLY
Intel Warned Chinese Companies of Chip Flaw Before U.S. Government
http://www.foxbusiness.com/features/2018/01/28/intel-warned-chinese-companies-chip-flaw-before-u-s-government.html
Quote:
In initial disclosures about critical security flaws discovered in its processors, Intel Corp. notified a small group of customers, including Chinese technology companies, but left out the U.S. government, according to people familiar with the matter and some of the companies involved.

The decision raises concerns, security researchers said, as it potentially could have allowed information about the chip flaws, dubbed Spectre and Meltdown, to fall into the hands of the Chinese government before being publicly divulged. There is no evidence any information was misused, the researchers said.

Weeks after word of the flaws first surfaced, Intel's choices about whom would receive advance warning continue to ripple through the security and tech industries.


you want to re-assess that statement or do you want to keep on shilling?
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17166

PostPosted: Mon Jan 29, 2018 2:41 am    Post subject: Reply with quote

:lol: :lol:
_________________
The whole system has to go. The modern criminal justice system is incompatible with Neuroscience. --Sapolsky
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5279
Location: Removed by Neddy

PostPosted: Mon Jan 29, 2018 10:53 pm    Post subject: Reply with quote

anyway...
Congress has some questions :)

https://energycommerce.house.gov/wp-content/uploads/2018/01/Meltdown-Spectre-Letters.pdf



Quote:
As more products and services become connected, no one company, or even one sector working in isolation can provide sufficient protection for their products and users. Today, effective responses require extensive collaboration not only between individual companies, but also across sectors traditionally siloed from one another. This reality raises serious questions about not just the embargo imposed on information regarding the Meltdown and Spectre vulnerabilities, but on embargos regarding cybersecurity vulnerabilities in general.

_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
Bigun
Advocate
Advocate


Joined: 21 Sep 2003
Posts: 2088

PostPosted: Tue Feb 06, 2018 4:13 pm    Post subject: Reply with quote

What a goat f*** this has turned out to be.
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17166

PostPosted: Tue Feb 06, 2018 4:59 pm    Post subject: Reply with quote

Naib wrote:
anyway...
Congress has some questions :)

https://energycommerce.house.gov/wp-content/uploads/2018/01/Meltdown-Spectre-Letters.pdf



Quote:
As more products and services become connected, no one company, or even one sector working in isolation can provide sufficient protection for their products and users. Today, effective responses require extensive collaboration not only between individual companies, but also across sectors traditionally siloed from one another. This reality raises serious questions about not just the embargo imposed on information regarding the Meltdown and Spectre vulnerabilities, but on embargos regarding cybersecurity vulnerabilities in general.
Isn't this the logical outcome of Security as an Afterthought?
_________________
The whole system has to go. The modern criminal justice system is incompatible with Neuroscience. --Sapolsky
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17166

PostPosted: Fri Feb 09, 2018 4:07 am    Post subject: Reply with quote

:lol: :lol: :lol:

Quote:
Intel's offered the world some helpful advice about how to handle the Meltdown and Spectre chip design flaws it foisted on the world.

"I can't emphasize enough how critical it is for everyone to always keep their systems up-to-date," wrote Navin Shenoy, executive veep and general manager of Intel's data centre group, bemoaning the fact that punters are slow to install patches and criminals use that tardiness to do their worst.
source
_________________
The whole system has to go. The modern criminal justice system is incompatible with Neuroscience. --Sapolsky
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17166

PostPosted: Thu Mar 29, 2018 3:50 am    Post subject: Reply with quote

Total Meltdown? wrote:
Did you think Meltdown was bad? Unprivileged applications being able to read kernel memory at speeds possibly as high as megabytes per second was not a good thing.

Meet the Windows 7 Meltdown patch from January. It stopped Meltdown but opened up a vulnerability way worse ... It allowed any process to read the complete memory contents at gigabytes per second, oh - it was possible to write to arbitrary memory as well.

_________________
The whole system has to go. The modern criminal justice system is incompatible with Neuroscience. --Sapolsky
Back to top
View user's profile Send private message
Dominique_71
Veteran
Veteran


Joined: 17 Aug 2005
Posts: 1600
Location: Switzerland (Romandie)

PostPosted: Sun Apr 01, 2018 11:45 pm    Post subject: Reply with quote

It promises: :oops:
Quote:
As a result, while the stop-gap countermeasures described in the previous section may help limit practical exploits in the short term, there is currently no way to know whether a particular code construction is, or is not, safe across today’s processors – much less future designs.

_________________
[[[ To any NSA and FBI agents reading that text: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17166

PostPosted: Thu Apr 05, 2018 2:23 pm    Post subject: Reply with quote

Intel abandons older chip Spectre patch plans wrote:
Intel has some bad news for those still running older hardware: It has abandoned plans to release microcode updates for anything but its most recent processor families.

In an announcement first spotted by Tom's Hardware, Intel confirmed that it had stopped development on Spectre-related microcode updates for its SoFIA Atom, Kasper Forest, Clarksfield, Bloomfield, Wolfdale, Yorkfield, and Penryn processor families, which had currently be marked as in-development. The majority of these chip families date from 2007 through to 2010, while the SoFIA Atom is the outlier having been released only three years ago in 2015. All had been on the roadmap as due to receive patches against the Spectre vulnerabilities prior to the roadmap update this week.

_________________
The whole system has to go. The modern criminal justice system is incompatible with Neuroscience. --Sapolsky
Back to top
View user's profile Send private message
Yamakuzure
Advocate
Advocate


Joined: 21 Jun 2006
Posts: 2115
Location: Bardowick, Germany

PostPosted: Fri Apr 06, 2018 11:22 am    Post subject: Reply with quote

It is almost impossible to practically exploit any of the Spectre variants. You'd need a highly sophisticated program on the target machine (*) , and nothing but a looot of patience and even more luck, to get at anything useful. And then you need some ingenious idea telling you that the useful data grab actually holds something useful and what it is good for. (**)

(*) If you can do that, a simple process and key logger is far more promising. By about factor 10 billion.
(**) Meldown/Spectre do not cause any (direct and actual) harm. The idiotic panicking about them and the enormous waste of time and resources all the hype involves does.
_________________
elogind
CygwinOnSteroids
"A conservative is a man who is too cowardly to fight and too fat to run."
-- Elbert Hubbard
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5279
Location: Removed by Neddy

PostPosted: Fri Apr 06, 2018 12:54 pm    Post subject: Reply with quote

Yamakuzure wrote:
It is almost impossible to practically exploit any of the Spectre variants. You'd need a highly sophisticated program on the target machine (*) , and nothing but a looot of patience and even more luck, to get at anything useful. And then you need some ingenious idea telling you that the useful data grab actually holds something useful and what it is good for. (**)

(*) If you can do that, a simple process and key logger is far more promising. By about factor 10 billion.
(**) Meldown/Spectre do not cause any (direct and actual) harm. The idiotic panicking about them and the enormous waste of time and resources all the hype involves does.
OOOOORLY https://react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
Yamakuzure
Advocate
Advocate


Joined: 21 Jun 2006
Posts: 2115
Location: Bardowick, Germany

PostPosted: Fri Apr 06, 2018 1:16 pm    Post subject: Reply with quote

Naib wrote:
Yamakuzure wrote:
It is almost impossible to practically exploit any of the Spectre variants. You'd need a highly sophisticated program on the target machine (*) , and nothing but a looot of patience and even more luck, to get at anything useful. And then you need some ingenious idea telling you that the useful data grab actually holds something useful and what it is good for. (**)

(*) If you can do that, a simple process and key logger is far more promising. By about factor 10 billion.
(**) Meldown/Spectre do not cause any (direct and actual) harm. The idiotic panicking about them and the enormous waste of time and resources all the hype involves does.
OOOOORLY https://react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript
That Javascript example exploits the vulnerability by using XOR upon 'localJunk'. Wow. Now that will provide useful data... :lol: (That can be so easily read by ... well.. nobody. :roll: )

Look: I do not say it is not possible to use those vulnerabilities and get useful data. I just say that it is very very difficult. And all "proof" until today were nothing but POCs.
_________________
elogind
CygwinOnSteroids
"A conservative is a man who is too cowardly to fight and too fat to run."
-- Elbert Hubbard
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17166

PostPosted: Fri Apr 06, 2018 3:54 pm    Post subject: Reply with quote

Yamakuzure wrote:
all "proof" until today were nothing but POCs.
What happened "today"? Discovered vulnerabilities which have not been known to have been exploited are all proofs of concept.
_________________
The whole system has to go. The modern criminal justice system is incompatible with Neuroscience. --Sapolsky
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Off the Wall All times are GMT
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum