MeltDown and Spectre

Can anyone tell me anything about this?

Other urls found in this thread:

twitter.com/nicoleperlroth/status/948684376249962496
youtube.com/watch?v=I5mRwzVvFGE
blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
twitter.com/SFWRedditVideos

How about you lurk the fuck more you lazy cunt

I'm waiting for Computerphile to release a explanation video.

64164413 thanks.. that´s anything .. bullshit but something at all

I understand very well how it works but I'm also waiting for that because I want to see how they'll make the explanation simpler.

forgot the >>.
twitter.com/nicoleperlroth/status/948684376249962496 Intel fucked up by having a "bug" (but in reality most likely a NSA/Mossad/CIA back door) that made Spectre so easy even a script kiddie can do it.
>Chances you are definitely effected, your personal PC/Smart Phone/consoles/etc. are fine. Anyone with the knowledge to run this is most likely gonna go after big game first.
>The Big game targets (Google, Amazon, Credit Card Companies, Gov websites, etc.) however are not and this is what will fuck people.
>The spin your seeing right now is blame it all on intel and install the patch that makes your computer slower and you'll be A-Okay. In reality, we should be shitting bricks over how shitty most websites have been running their security and best case scenerio is a shit load of SSL keys just got released in the wild. Worse case is in theory anyone with the resources can build their own NSA (unlikely, but in theory possible now)

oh and why this is a massive deal (I mean other than just the security flaw part of it)
>Nvidea uses intel processors in their graphics cards
>Nvidea has been king of the Graphics cards b/c of the way intel did it's processing fixing their security flaw means a lot of people just got fucked out of decent performing cards.

Awww, come on man. They're a newbie just trying to ask questions because they know their being fed bullshit right now.
Or be a dick. I'm not your mother I can't tell you what to do. They probably should of bounced around a bit and tried to gather a bit more info.

>>Nvidea uses intel processors in their graphics cards
>>Nvidea has been king of the Graphics cards b/c of the way intel did it's processing fixing their security flaw means a lot of people just got fucked out of decent performing cards.
Where the fuck did you get that bullshit from?

Thus, AMD will gain another advantage because of Intel's massive retardation...

Spectre affects AMD too. Essentially all CPUs that exist today are vulnerable junk, expect 1)prices for new generation of CPUs to skyrocket as corporations rush to update servers; 2)prices for current CPUs to plummet as there is no way to fix spectre.

yes, the 20 other threads you could have found if you were not dumb enough to use the catalog could.

Here's meltdown, I haven't looked into spectre yet:

Basically your CPU runs code before program flow reaches it in order to speed up performance. This is called "Out-Of-Order Execution." Due to this you can get code to run even when it shouldnt, cause it's a feature. However if an exception is called or program flow changes the Reorder buffer (that holds the results of the micro-operations of the full operation) gets whipped.

When a program runs it has two (virtual) memory sections, user and kernel space. Unprivileged software can only run in the user space, and can not affect the kernel space. If you try to, it will cause a seg fault. But if you use a transient instruction (an out of order instruction that was executed, despite control flow not reaching it), you can perform operations onto that value.

By using transient instructions to write to a user space cache page (say such as an array), we can then transmit this hidden value to ourselves. Then we can use a FLUSH+RELOAD attack (using time to figure out where a bit is 1 or 0 through operation time) to receive the data. Allowing us to receive the secret value, normally inaccessible. And by going over all memory locations, you can dump the entire physical memory.

>prices for current CPUs to plummet as there is no way to fix spectre
Does this mean that ebay is going to be flooded with dirt cheap and reasonably powerful x86-64 hardware? Because I could totally get behind that. It's gonna be good fun getting expensive as fuck laptops and desktops for pennies that I can still use for games and other normalfaggot shit where I won't have to care about security. I don't know about anyone else here but I'm seeing this from more of glass half full perspective.

Very basically, Intel cpus don't check for permissions and privileges while pre-executing code. This is so completely stupid, it boggle the mind of absolutely everyone.

Here's Meltdown exploit (and yes, it is very simple)
LINE 1: Fetch data from the kernel.
LINE 2: Depending on the value of that data, fetch other, legal data. If the bit is 0, fetch that; If the bit is 1, fetch that.

Normally, the cpu would never execute LINE 1. It would simply say "stop right here, criminal scum, you don't have the right to access kernel data!". And that's effectively what happens. But unfortunately, while LINE 1 is executed, the cpu pre-execute LINE 2. This include fetching the other, legal data into the cache.

Now you simply check what is in the cache by timing the access to that data. Congratulation. You just broke every permission and privilege ever.

Intel. What a bunch of incompetent faggots.

Read the paper you brainlet.

Intel adds bug to their chips.
Bug forces every one to replace old chips or at least buy new chips to make up for the performance lost.
Intel makes more money.

That's a pretty long game, considering this has been in their chips since 1995.

The bug allowed them a huge performance increase, making them the biggest game in town so when it was discovered they sold replacements instead of crashing and burning.

The bug didn't give them anything. Speculative Execution is used by both AMD and Intel, and has always contributed to the total processing speed of both. Intel just has to kill their implementation now because google unearthed a 2 decade old security flaw and the only way to close it is to disable SE completely.

I like a good conspiracy theory as much as the next guy, but it's more fun if you get some of the facts right. Suspension of disbelief and all that.

Government installed backdoors are real

>intel stock up

Explain pls.

>amd stock down

Explain pls.

They succeeded at mucking the ground enough that no-one really knows what the heck everything is about. No wonder. They had months to prepare for the fallout.

The PR is genius. First conflate Meltdown (pure incompetence from Intel, extremely dangerous) with Spectre (known for months but no-one cared, it's just a small CPU bug like you see ten every months). Then spin an incoherent narrative, where Meltdown, Spectre, all of this is very difficult to understand, but basically every cpu is touched, right? It's not us. We aren't miracle workers at Intel.

Just remember: Meltdown is the very dangerous security hole that can be exploited by two lines of c code. No-one serious really cares about Spectre. And Meltdown is purely the result of Intel's incompetence.

its just some intel news release saying effects are minimal or some pr bs

The wait is over youtube.com/watch?v=I5mRwzVvFGE

can he even code?

The explanation was horrible. Even normies are probably better off just reading the paper.

Do i need to do something after i installed the Windows 10 Update for that?

No, user.

So I have the recent Windows update for this shit, but where the hell am I supposed to get the BIOS / Microcode update from?

that imagine needs
>TTGL airs, causing a massive influx on edgy fedora-tipping manchildren on Sup Forums

>imagine
image

Nowhere yet. That shit's not going to be out for like a week or two.

Yes, I can tell you something that should scare the daylight out of you,

blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

"Our internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins."

It's is, in my humble opinion, pretty scary that Mozilla's testing found that a website you visit can use this to read your system memory.

Fuck

pls give me the most powerful haswell CPU for $15

He has tmux open on his MacOS desktop, so clearly he's a super-turbo expert.