Major CHIP vulnerability

Started by Hoofer, January 05, 2018, 04:19:45 AM

Previous topic - Next topic

Hoofer

This time, it's more than software, they say...

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
QuoteSeveral recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs.  Our internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins.  The full extent of this class of attack is still under investigation and we are working with security researchers and other browser vendors to fully understand the threat and fixes.  Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox.  This includes both explicit sources, like performance.now(), and implicit sources that allow building high-resolution timers, viz., SharedArrayBuffer.

Specifically, in all release channels, starting with 57:

The resolution of performance.now() will be reduced to 20µs.
The SharedArrayBuffer feature is being disabled by default.
Furthermore, other timing sources and time-fuzzing techniques are being worked on.

In the longer term, we have started experimenting with techniques to remove the information leak closer to the source, instead of just hiding the leak by disabling timers.  This project requires time to understand, implement and test, but might allow us to consider reenabling SharedArrayBuffer and the other high-resolution timers as these features provide important capabilities to the Web platform.

Update [January 4, 2018]: We have released Firefox 57.0.4 which includes the two timing based mitigations described above.

I am afraid this is a major *potential* problem that has the Server Farm / Data Center people scrambling for a temporary patch.

Link to the PDF: https://spectreattack.com/spectre.pdf
Google's research: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
QuotePosted by Jann Horn, Project Zero


We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.

Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01 [1].

So far, there are three known variants of the issue:

Variant 1: bounds check bypass (CVE-2017-5753)
Variant 2: branch target injection (CVE-2017-5715)
Variant 3: rogue data cache load (CVE-2017-5754)

Before the issues described here were publicly disclosed, Daniel Gruss, Moritz Lipp, Yuval Yarom, Paul Kocher, Daniel Genkin, Michael Schwarz, Mike Hamburg, Stefan Mangard, Thomas Prescher and Werner Haas also reported them; their [writeups/blogposts/paper drafts] are at:

Spectre (variants 1 and 2)
Meltdown (variant 3)

read the rest of the Google article, if you'd like... or maybe you really should if you work in a Data Center.  If you use these processors:
Intel Haswell Xeon CPU, the AMD FX CPU, the AMD PRO CPU and an ARM Cortex A57.

I guess we need to revise the 3 options to 4.   Speed-Cost-Reliability and add Security.   You only get 2, and sacrifice the other two.
All animals are created equal; Some just take longer to cook.   Survival is keeping an eye on those around you...

taxed

I've been telling everyone about it that cares.  I don't think I posted here, so I'm glad you did.  Even though the Intel CEO dumped ~$50mm worth of shares, Intel seems to be handling it, and the engineers think they'll climb out of this.

Hoof, I was thinking the whole time how crazy it would be if this was a CIA/NSA backdoor and they were using it to spy on Huma, Hillary, etc.

Go check out the image summary I just posted in CBTS.
#PureBlood #TrumpWon

Solar

#2
Allow me to expose the lie that's going around, where they're claiming this is a bug.

QuoteGruss and his colleagues had just confirmed the existence of what he regards as "one of the worst CPU bugs ever found".

The flaw, now named Meltdown, was revealed on Wednesday and affects most processors manufactured by Intel since 1995.

Separately, a second defect called Spectre has been found that also exposes core memory in most computers and mobile devices running on chips made by Intel, Advanced Micro Devices (AMD) (AMD.O) and ARM Holdings, a unit of Japan's Softbank (9984.T).

I recognized this name because my wife uses in her work when there is suspect computer use.
Spectre is a PROGRAM, you have to actually install and turn on when needed.
So, who installed this, NSA?

https://www.reuters.com/article/us-cyber-intel-researcher/how-a-researcher-hacked-his-own-computer-and-found-worst-chip-flaw-idUSKBN1ET1ZR
Official Trump Cult Member

#WWG1WGA

Q PATRIOT!!!

Solar

Quote from: taxed on January 05, 2018, 01:34:45 PM
I've been telling everyone about it that cares.  I don't think I posted here, so I'm glad you did.  Even though the Intel CEO dumped ~$50mm worth of shares, Intel seems to be handling it, and the engineers think they'll climb out of this.

Hoof, I was thinking the whole time how crazy it would be if this was a CIA/NSA backdoor and they were using it to spy on Huma, Hillary, etc.

Go check out the image summary I just posted in CBTS.
What post, I didn't see it?
Official Trump Cult Member

#WWG1WGA

Q PATRIOT!!!

Solar

Official Trump Cult Member

#WWG1WGA

Q PATRIOT!!!

Hoofer

Update!
https://www.wsj.com/articles/businesses-rush-to-contain-fallout-from-major-chip-flaws-1515160803
QuoteThe two flaws, dubbed Meltdown and Spectre by researchers that discovered them, provide opportunities for hackers to exploit tricks many modern chips use to speed performance, and steal information in the chips' memory, like passwords.

Experts say software patches to plug the holes could slow computers. With one of the flaws, these experts say, full protection against it may require swapping out most of today's chips for a new generation of hardware, an undertaking that could take years to complete.
Is it just me... or was this a security breach that -our- Intel has been using, and some knucklehead just GAVE AWAY a valuable TOOL by exposing it to the MSM...?  Is the FBI, CIA , NSA and the guys looking at the NORKS fuming, "Who was the dumb F-----r that let this out?  We had easy access to everything that dog eating fat boy was doing!  Obama used it for 9 years to spy on the GOP, Trump gets in, and we finally get to use it the way it was intended, and WTF...  some first class idiot spills the beans!?"

QuoteThe U.S. Computer Emergency Readiness Team, which is part of the U.S. Department of Homeland Security, and the U.K.'s National Cyber Security Centre, an arm of Britain's intelligence agency, said it wasn't aware of hackers attacking via these vulnerabilities so far.
DUH!!!   How long did the last data breech take for OPM to say, "Oppsie.... someone hacked us!?" - 6 months?  (office of personnel management is the one-stop-database storehouse of data for government employees, with security clearances)

QuoteIntel Corp. INTC 0.70% , which dominates the market for chips that run servers and personal computers, said Thursday that it was "rapidly" issuing fixes it had developed for all types of Intel-based computer systems, including PCs and servers, that could be vulnerable to the two flaws. The company said it expects that by the end of the coming week it will have issued updates for more than 90% of its processor products of the past five years that could be vulnerable.
Translation:  If you really want to be safe, you're gonna have to replace the hardware, starting with the most expensive part, the CPU.

And in financial news, Intel stock has reversed it's slow downhill slide and is trending upwards.

All animals are created equal; Some just take longer to cook.   Survival is keeping an eye on those around you...

Solar

What people don't realize, is 95% of the world and its leaders, used these very same chips.
Sure, the NSA could and more than likely did download everyone's sensitive info, but we weren't the targets necessarily, unless you were TEA. :biggrin:
But truth is, we had a tool to look into everything other adversarial countries were plotting, at the deepest levels of security, it literally phoned home.

If you look at the link I posted for Spectre, the free download was a mere 0.02 megs, now think about that, why would such an invasive program be so tiny, compared to say, any antiviral prog, or other spy progs on the mkt?

Simple answer? Because its core components were already installed in the CPU, so all that was needed was a key to unlock it.
Of course, this is all speculation on my part, but it does make sense.
Official Trump Cult Member

#WWG1WGA

Q PATRIOT!!!

Hoofer

Quote from: Solar on January 06, 2018, 07:49:07 AM
What people don't realize, is 95% of the world and its leaders, used these very same chips.
Sure, the NSA could and more than likely did download everyone's sensitive info, but we weren't the targets necessarily, unless you were TEA. :biggrin:
But truth is, we had a tool to look into everything other adversarial countries were plotting, at the deepest levels of security, it literally phoned home.

If you look at the link I posted for Spectre, the free download was a mere 0.02 megs, now think about that, why would such an invasive program be so tiny, compared to say, any antiviral prog, or other spy progs on the mkt?

Simple answer? Because its core components were already installed in the CPU, so all that was needed was a key to unlock it.
Of course, this is all speculation on my part, but it does make sense.

As long as the system isn't Air-gapped...  think about it.   "Hey, my home internet is 10meg down, but .5 meg up, why is that..?"  .5 meg up is all you get to access... LOL

Here's the reality, IMHO...   
There isn't enough bandwidth to spy on EVERYONE all the time, nor is there the resources to filter through all that material - yet.
Artificial Intelligence will mature, both in speed and capacity to someday make that a reality.
Keep your personal stuff Air-gapped, or learn to live with the idea your Grandmother is standing behind you while you surf the web.
All animals are created equal; Some just take longer to cook.   Survival is keeping an eye on those around you...

Solar

Quote from: Hoofer on January 06, 2018, 08:37:17 AM
As long as the system isn't Air-gapped...  think about it.   "Hey, my home internet is 10meg down, but .5 meg up, why is that..?"  .5 meg up is all you get to access... LOL

Here's the reality, IMHO...   
There isn't enough bandwidth to spy on EVERYONE all the time, nor is there the resources to filter through all that material - yet.
Artificial Intelligence will mature, both in speed and capacity to someday make that a reality.
Keep your personal stuff Air-gapped, or learn to live with the idea your Grandmother is standing behind you while you surf the web.
Encrypted and compressed keystrokes, that's all they're after, unless you're tagged as a target, then all resources are at their disposal.
Oh, and yeah, the NSA just built a brand new facility, 7 times bigger than they already have scattered across the country.
And that's just the above ground photo.

Official Trump Cult Member

#WWG1WGA

Q PATRIOT!!!

walkstall

Quote from: Solar on January 06, 2018, 11:05:03 AM
Encrypted and compressed keystrokes, that's all they're after, unless you're tagged as a target, then all resources are at their disposal.
Oh, and yeah, the NSA just built a brand new facility, 7 times bigger than they already have scattered across the country.
And that's just the above ground photo.



I see the NSA does not use park and ride or the bus line.   :ohmy:
A politician thinks of the next election. A statesman, of the next generation.- James Freeman Clarke

Always remember "Feelings Aren't Facts."

Hoofer

With all those cars.... I wonder if there's more chairs for butts than servers.   LOL  Everyone and their brother is getting into the Government hosting business.   

Just trying to imagine how many CPUs that would be replaced.... staggering numbers.
All animals are created equal; Some just take longer to cook.   Survival is keeping an eye on those around you...