Šta je novo?

Meltdown / Spectre

Koja je poenta ovoga? Zar su stvarno mislili da ce moci da sakriju podatke o brzini?
 
Bezobrazni su preko svake mere.

Sent from my MI MAX 2 using Tapatalk
 
Disable SMT/Hyperthreading in all Intel BIOSes

Two recently disclosed hardware bugs affected Intel cpus:

- TLBleed

- T1TF (the name "Foreshadow" refers to 1 of 3 aspects of this
bug, more aspects are surely on the way)

Solving these bugs requires new cpu microcode, a coding workaround,
*AND* the disabling of SMT / Hyperthreading.

SMT is fundamentally broken because it shares resources between the two
cpu instances and those shared resources lack security differentiators.
Some of these side channel attacks aren't trivial, but we can expect
most of them to eventually work and leak kernel or cross-VM memory in
common usage circumstances, even such as javascript directly in a
browser.

There will be more hardware bugs and artifacts disclosed. Due to the
way SMT interacts with speculative execution on Intel cpus, I expect SMT
to exacerbate most of the future problems.

VMware Performance Impact Statement for ‘L1 Terminal Fault - VMM’ (L1TF - VMM) mitigations: CVE-2018-3646 (55767)

Our tests showed that after enabling the ESXi Side-Channel-Aware Scheduler the maximum performance capacity of the host can diminish by as much as 30%, depending on the workloads, host utilization, and processors used within the host. It is important to note that this does not necessarily translate to a 30% reduction in application performance. On a host that is running below its maximum performance capacity, the enablement of the ESXi Side-Channel-Aware Scheduler might result in little or no loss of performance depending on how much spare capacity was available. A set of test results for common enterprise application workloads is included in the Performance Test Results section of this article.
 
Intel Responds to Complaints About Microcode Benchmarking Ban

Intel responded to our queries, stating:
We are updating the license now to address this and will have a new version available soon. As an active member of the open source community, we continue to welcome all feedback.

Updated: Intel Answers Complaints About Microcode Benchmarking Ban

UPDATE: Intel has shared its new, and very brief, licensing agreement:

Redistribution and use in binary form, without modification, are permitted, provided that the following conditions are met:

Redistributions must reproduce the above copyright notice and the following disclaimer in the documentation and/or other materials provided with the distribution.
Neither the name of Intel Corporation nor the names of its suppliers may be used to endorse or promote products derived from this software without specific prior written permission.
No reverse engineering, decompilation, or disassembly of this software is permitted.

“Binary form” includes any format that is commonly used for electronic conveyance that is a reversible, bit-exact translation of binary representation to ASCII or ISO text, for example “uuencode.”
 
SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks
Saad Islam[SUP]1[/SUP], Ahmad Moghimi[SUP]1[/SUP], Ida Bruhns[SUP]2[/SUP], Moritz Krebbel[SUP]2[/SUP], Berk Gulmezoglu[SUP]1[/SUP], Thomas Eisenbarth[SUP]1,2[/SUP],and Berk Sunar[SUP]1[/SUP]
[SUP]1[/SUP]Worcester Polytechnic Institute, Worcester, MA, USA
[SUP]2[/SUP]University of Lübeck, Lübeck, Germany​
 
https://www.blackhat.com/asia-19/br...html#intel-visa-through-the-rabbit-hole-13513

The complexity of x86-based systems has become so great that not even specialists can know everything. The recently discovered Meltdown/Spectre vulnerabilities, as well as numerous issues in Intel Management Engine, underscore the platform's mindboggling intricacies. So, the chips manufacturer has to actively use of various means for manufacturing verification and post-silicon debugging.

We found that modern Platform Controller Hub (PCH) and CPU contain a full-fledged logic signal analyzer, which allows monitoring the state of internal lines and buses in real time—a gold mine for researchers. A vulnerability previously discovered by us, INTEL-SA-00086, enabled studying this technology, which is called Intel Visualization of Internal Signals Architecture (VISA). We believe it is used for manufacturing line verification of chips. With an enormous number of settings, VISA allows for the creating of custom rules for capturing and analyzing signals. VISA documentation is subject to an NDA and not available to ordinary users. However, we will show how, with the help of publicly available methods, one can access all the might of this technology WITHOUT ANY HARDWARE MODIFICATIONS on publicly available motherboards.

With VISA, we succeeded in partially reconstructing the internal architecture of PCH and, within the chip, discovered dozens of devices that are invisible to the user yet are able to access certain critical data. In our talk, we will demonstrate how to read signals from PCH internal buses (for example, IOSF Primary and Side Band buses and Intel ME Front Side Bus) and other security-sensitive internal devices.
 
RIDL and Fallout: MDS attacks







Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs

security_passwd.gif


ZombieLoad Attack

ZombieLoad: Cross Privilege-Boundary Data Leakage



Najzanimljivije:
"This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware. "
 
Poslednja izmena:
Za te napade moraš da imaš fizički pristup računaru ili to može online da se odradi?

--

These are far from drive-by exploits where an attacker can take over your computer in an instant. Gruss said it was “easier than Spectre” but “more difficult than Meltdown” to exploit — and both required a specific set of skills and effort to use in an attack.

But if exploit code was compiled in an app or delivered as malware, “we can run an attack,” he said.
 
Da, sudeći po informacijama i AMD/ARM su imuni, pogođen je samo Intel.
 
A kada se aktiviraju sve zaštite na Intelu protiv svih tih propusta em mu obore preformanse em neke rupe i dalje ostanu nezatvorene?
 
A kada se aktiviraju sve zaštite na Intelu protiv svih tih propusta em mu obore preformanse em neke rupe i dalje ostanu nezatvorene?

Na kraju će ispasti da su 'kor' procesori posle 1. generacije čista prevara, i da su bolje performanse usledile kroz spekulativno programiranje na račun velikih bezbednosnih rupa.
 
Zombie Load 2:

https://zombieloadattack.com/

Update: New Variant of ZombieLoad enables attacks on MDS-resistant CPUs

With November 14th, 2019, we present a new variant of ZombieLoad that enables the attack on CPUs that include hardware mitigations against MDS in silicon. With Variant 2 (TAA), data can still be leaked on microarchitectures like Cascade Lake where other MDS attacks like RIDL or Fallout are not possible. Furthermore, we show that the software-based mitigations in combinations with microcode updates presented as countermeasures against MDS attacks are not sufficient.

We disclosed Variant 2 to Intel on April 23th, 2019, and communicated that the attacks work on Cascade Lake CPUs on May 10th, 2019. On May 12th, 2019, the variant has been put under embargo and, thus, has not been published with the previous version of our ZombieLoad attack on May 14th, 2019.
 
Nazad
Vrh Dno