Advice Request Spectre and Meltdown

[DeepWeb]

Still no microcode for Linux. I think Linus Torvalds got them spooked. They probably want to make sure that they don't get chewed up by him again.

 

[Vasudev]

Still no microcode for Linux. I think Linus Torvalds got them spooked. They probably want to make sure that they don't get chewed up by him again.

Not because of that. If they ship it directly to Vendors consumers won't get their hands on testing experience and benchmarks. For now, we need to wait a longer until all fixes are supplied to vendors and subsequently we will get the Linux uCode file slated for public release in the coming months.

 

[DeepWeb]

Not because of that. If they ship it directly to Vendors consumers won't get their hands on testing experience and benchmarks. For now, we need to wait a longer until all fixes are supplied to vendors and subsequently we will get the Linux uCode file slated for public release in the coming months.

It's out! I still need to make an account over at notebookreview. I will eventually!
Download Linux* Processor Microcode Data File

Includes Haswell (HSW Cx/Dx 6-3c-3:32 22->24).

Unfortunately the driver does not load fast enough for Windows to notice the microcode and enable full Spectre mitigations. Either that or the new patch no longer needs/uses IBRS and STIPB...

In either case, Microsoft will provide downloadable Intel microcode on a new page as optional updates which can be found here: https://support.microsoft.com/en-us/help/4093836/summary-of-intel-microcode-updates

Right now they only offer KB4090007 which cover 6th, 7th & 8th generation Intel CPUs (Skylake, Kaby Lake, Coffee Lake).

 

[Vasudev]

It's out! I still need to make an account over at notebookreview. I will eventually!
Download Linux* Processor Microcode Data File

Includes Haswell (HSW Cx/Dx 6-3c-3:32 22->24).

Unfortunately the driver does not load fast enough for Windows to notice the microcode and enable full Spectre mitigations. Either that or the new patch no longer needs/uses IBRS and STIPB...

In either case, Microsoft will provide downloadable Intel microcode on a new page as optional updates which can be found here: https://support.microsoft.com/en-us/help/4093836/summary-of-intel-microcode-updates

Right now they only offer KB4090007 which cover 6th, 7th & 8th generation Intel CPUs (Skylake, Kaby Lake, Coffee Lake).

Its not needed to create an account at NBR you can download it straightaway. I'll be updating the pack with newer Ryzen and Intel after a week, lets see if there's any bug or problems.

 

[Hi Brothers]

Chances of you being infected, and/or your data compromised with malware exploiting meltown and spectre vulnerabilities, are close to none.

Do you have a legitimate source for that? Anyone can say anything, how about some proof?

 

[BoraMurdar]

Do you have a legitimate source for that? Anyone can say anything, how about some proof?

You will have to believe me, it's highly classified

 

[Hi Brothers]

You will have to believe me, it's highly classified

Is that sarcasm or not? Hard to tell

 

[ForgottenSeer 69673]

Just got another BIOS update today. My CPU was patched a few months ago but not really sure what this updates was f.
The last patch was for these two vulernabities.

 

[Vasudev]

Just got another BIOS update today. My CPU was patched a few months ago but not really sure what this updates was f.
The last patch was for these two vulernabities.

Check microcode version using hwinfo and google it or use inspectre to check if you're protected or not!

 

[509322]

Do you have a legitimate source for that? Anyone can say anything, how about some proof?

Cross my heart, hope to die. It's all perfectly true.

T.E. Lawrence

 

[shmu26]

As far as I know, these vulnerabilities have not been responsible for known attacks. Reportedly, they are hard vulnerabilities to capitalize on, and they require special conditions in order to succeed. So I, for one, have decided not to worry myself over them.

 

[oldschool]

You will have to believe me, it's highly classified

Is that sarcasm or not? Hard to tell

It's common sense. Why attack an individual average PC user with these? What is to be gained? Big forms of attack & their perpetrators prefer big targets. My PC is old enough that it will never be patched and I could care less. Update apps & don't be careless in browsing. Pretty simple.

 

[upnorth]

Speculative execution which is used pervasively in modern CPUs can leave side effects in the processor caches and other structures even when the speculated instructions do not commit and their direct effect is not visible. The recent Meltdown and Spectre attacks have shown that this behavior can be exploited to expose privileged information to an unprivileged attacker. In particular, the attack forces the speculative execution of a code gadget that will carry out the illegal read, which eventually gets squashed, but which leaves a side-channel trail that can be used by the attacker to infer the value. Several attack variations are possible, allowing arbitrary exposure of the full kernel memory to an unprivileged attacker. In this paper, we introduce a new model (SafeSpec) for supporting speculation in a way that is immune to side-channel leakage necessary for attacks such as Meltdown and Spectre. In particular, SafeSpec stores side effects of speculation in a way that is not visible to the attacker while the instructions are speculative. The speculative state is then either committed to the main CPU structures if the branch commits, or squashed if it does not, making all direct side effects of speculative code invisible. The solution must also address the possibility of a covert channel from speculative instructions to committed instructions before these instructions are committed. We show that SafeSpec prevents all three variants of Spectre and Meltdown, as well as new variants that we introduce. We also develop a cycle accurate model of modified design of an x86-64 processor and show that the performance impact is negligible. We build prototypes of the hardware support in a hardware description language to show that the additional overhead is small. We believe that SafeSpec completely closes this class of attacks, and that it is practical to implement.

SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation

 

[vtqhtr413]

SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation

Excellent post.

 

[SumTingWong]

It still requires you to download and run a malicious app in order to exploit Spectre and Meltdown vulnerabilities.

 

[upnorth]

“幽灵” CPU 漏洞在线检测工具

 

[Azure]

It still requires you to download and run a malicious app in order to exploit Spectre and Meltdown vulnerabilities.

Can't drive-by-downloads execute themselves?

 

[shmu26]

Can't drive-by-downloads execute themselves?

They need to somehow trick you into executing the file, or else use an advanced and highly unlikely exploit that compromises your system to the point of being able to execute the downloaded file.

 

[upnorth]

Can't drive-by-downloads execute themselves?

How Drive-by Download Attacks Work – From Disbelief to Protection

 

[shmu26]

How Drive-by Download Attacks Work – From Disbelief to Protection

The article is technically correct, but unnecessarily fear-mongering. The type of fileless drive-by attacks they are scaring us with just don't happen anymore. They died out a few years ago. Actually, I think there was a targeted attack like that a few months ago on South Korean diplomats using Internet Explorer (sic) but that shouldn't make us lose too much sleep...