Keeping Spectre Secret

AtlBo

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Details of the behind the scenes activities that led up to the news breaks we all heard about Meltdown and Spectre:

How an industry-breaking bug stayed secret for seven months

Still, you can’t rewrite the basic infrastructure of the internet without someone getting suspicious. The strongest clues came from Linux. Powering most of the cloud servers on the internet, Linux had to be a big part of any fix for the Spectre and Meltdown. But as an open-source system, any changes had to be made in public. Every update was posted to a public Git repository, and all official communications took place on a publicly archived listserve. When kernel patches started to roll out for a mysterious “page table isolation” feature, close observers knew something was up.
Click to expand...

The next break came from the chipmakers themselves. Under the new patch, Linux listed all x86-compatible chips as vulnerable, including AMD processors. Since the patch tended to slow down the processor, AMD wasn’t thrilled about being included. The day after Christmas, AMD engineer Tom Lendacky sent an email to the public Linux kernel listserveexplaining exactly why AMD chips didn’t need a patch.

“The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault,” Lendacky wrote.

That might sound technical, but for anyone trying to suss out the nature of the bug, it rang out like a fire alarm. Here was an AMD engineer, who surely knew the vulnerability from the source, saying the kernel problem stemmed from something processors had been doing for nearly 20 years. If speculative references were the problem, it was everyone’s problem — and it would take much more than a kernel patch to fix.
Click to expand...

I really feel like we won't see the end of this one for quite some time. These are bodies that haven't ever had to sit down together under the eye of a watchful public before. Intel, MS, AMD, and Apple all now learning what it means to try to get on common ground, while Intel stares at the aftermath of learning their hardware is rubbish and must be replaced. Where is Superman or Spiderman about right now honestly?
 
  • Like
Reactions: harlan4096
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass
Replies
2
Views
1,679
Security News
SeriousHoax
SeriousHoax
lokamoka820
    • Like
Hardware After Several Years, Spectre Is Once Again Haunting CPUs: Here's How to Stay Safe
Replies
0
Views
245
Technology News
lokamoka820
lokamoka820
Gandalf_The_Grey
    • Like
    • Wow
    • HaHa
Hardware Report: Intel Lost PlayStation 6 Chip Contract to AMD
Replies
0
Views
258
Technology News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top