[SOLVED] Intel Loses 5X More Average Performance Than AMD From Mitigations: Report

Page 4 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Your data lives here... Good advice, but how often do you get hit by a small bomb?

I don't see panic, I see normal people in our field discussing a potential issue which will affect less technologically astute people.
 

digitalgriffin

Distinguished
Jan 29, 2008
488
84
18,870
3
Ok, never use an admin account period.
That will stop a good portion of them. Unfortunately not all of them. Once you penetrate Ring 0, you have the keys to the kingdom.

The new chips on the drawing board dynamically encrypt memory based on process. So even if they corrupted the cache, they would get encrypted worthless code back. Trying to inject code that's encrypted differently is like speaking Pig Latin to a Thai person.

If you are really serious about security, you launch Linux fully patched with a vm machine running windows 10 enterprise in a standard account with hyperthreading off. (Which is a bit tricky.)

It's possible to detect if you are in a VM machine or not via code exploit, but pretty hard to hack above that unless you penetrate ring 0.
 
Last edited:

USAFRet

Titan
Moderator
All of my Windows systems are run with a standard user acct. Like right now.
The admin account is accessed rarely, and only when something demands it.

For instance, creating a new Win 10 install USB must be run from an admin account. Dunmb, but that's what it requires.
OK, do that, and then log out of that account. Back to the standard guy.

The admin acct exists, but rarely used.
 
Reactions: remixislandmusic

USAFRet

Titan
Moderator
Your data lives here... Good advice, but how often do you get hit by a small bomb?

I don't see panic, I see normal people in our field discussing a potential issue which will affect less technologically astute people.
I've seen people state they will never buy another Intel CPU due to this.
I've seen people 'panicking' over what FPS degradation they will suffer, due to whatever patch is pushed. And asking this long before any patch is even written, much less pushed out.
 

InvalidError

Titan
Moderator
To date, no actual exploit has been seen. Either in the wild or in theory.
If the vulnerabilities hadn't been demonstrated in an academic setup to some extent, then they wouldn't have been confirmed as something worth being remotely worried about.

Practical real-world exploits in the other hand are highly unlikely. Still better safe than sorry if you have security-critical stuff running on your systems.
 

USAFRet

Titan
Moderator
If the vulnerabilities hadn't been demonstrated in an academic setup to some extent, then they wouldn't have been confirmed as something worth being remotely worried about.

Practical real-world exploits in the other hand are highly unlikely. Still better safe than sorry if you have security-critical stuff running on your systems.
OK, yes...in theory it exists.
 
I appreciate the debate tonight, but we should all relax for a few hours and ponder what a skilled ASM/C developer could do with these abilities.

Assembly is easier then C and with all the libs you can call damn. I'll do some research tomorrow and update.
 

USAFRet

Titan
Moderator
When you can exploit the idiot admin person, low level attacks on individual systems are small potatoes.

Hackers Are Holding Baltimore's Government Computers Hostage, and It's Not Even Close to Over
https://gizmodo.com/hackers-are-holding-baltimores-government-computers-hos-1834948639

Millions of Golfers Land in Privacy Hazard After Cloud Misconfig
 
Reactions: digitalgriffin

InvalidError

Titan
Moderator
Its hard to test everu single aspect of a product before launch. Not surprising some security flaws slipped past testing.
It is even harder to test for things that merely rise to the level of hypothetical threat. Yes, these flaws make it possible for a hostile process to lift data from a victim thread when given infinite chances at extracting said data in a test bench optimized to demonstrate the exploit. In the real-world, the attack thread does not get infinite chances, it gets only one in most cases.

Another major issue with exploiting these flaws is that the attack thread has to be running a busy-loop to monitor whatever CPU metric the flaw is about and you need to run one such thread on every CPU core if you want to catch your victim thread on whatever CPU it lands on. People should get suspicious pretty quickly if they see exactly half of their CPU threads loaded to 100% all of the time by an unidentified process. In other words, anything attempting to leverage these flaws will be severely lacking in subtlety.
 

digitalgriffin

Distinguished
Jan 29, 2008
488
84
18,870
3
The problem being, once the exploit is known, somebody with a lot of time/resources is looking at it (most likely for evil purposes)

The problem with attacking your enemy with a weapon is they will eventually figure out that weapon and use it against you. ie: WannaCry/Stuxnet. I'm not saying Govt agencies (US/China/Israel/Iran/NK/Russia) aren't the only ones responsible. But you can be sure there are people looking at the exploit now.

Me, I like solving hard problems. But I'm a white hat. I don't believe in committing harm using computers. But if an idiot like me can figure out the general attack vector within a day of it's initial announcement, then people smarter than me are already working on the specifics to make it usable.

I don't want to say how exploitable it is. But I have a pretty good idea. Yes it takes some time to run.
 
Reactions: JQB45

digitalgriffin

Distinguished
Jan 29, 2008
488
84
18,870
3
It is even harder to test for things that merely rise to the level of hypothetical threat. Yes, these flaws make it possible for a hostile process to lift data from a victim thread when given infinite chances at extracting said data in a test bench optimized to demonstrate the exploit. In the real-world, the attack thread does not get infinite chances, it gets only one in most cases.

Another major issue with exploiting these flaws is that the attack thread has to be running a busy-loop to monitor whatever CPU metric the flaw is about and you need to run one such thread on every CPU core if you want to catch your victim thread on whatever CPU it lands on. People should get suspicious pretty quickly if they see exactly half of their CPU threads loaded to 100% all of the time by an unidentified process. In other words, anything attempting to leverage these flaws will be severely lacking in subtlety.
You mean half the computer is loaded down and it acts like it's doing nothing? Must be a windows update! 🤡

I don't want to get into specifics here, but you are somewhat correct. Some of these exploits do result in crashes if they get it wrong. But there are ways around that. But I prefer not to discuss them for obvious reasons. I don't want to give away any ideas which could be used to recreate the exploits.

Disclaimer: No I'm not a hacker or security researcher. I just like solving puzzles and reverse engineering designs.
 

AllanGH

Commendable
Mar 10, 2019
2,078
414
1,740
61
It's an arms race and, once a successful methodology has been achieved for a particular implementation, it's a trivial matter to sent it out through those specific "cracks in the wall", and get to working on another version for other hardware configurations.
 

InvalidError

Titan
Moderator
It's an arms race and, once a successful methodology has been achieved for a particular implementation, it's a trivial matter to sent it out through those specific "cracks in the wall", and get to working on another version for other hardware configurations.
Nearly all software-based side-channel exploits hinge on having the correct piece of exploit code running on the same core as the target piece of code and data within nanoseconds from each other. Side-channel exploits are intrinsically grossly inefficient, good luck optimizing one.
 

ASK THE COMMUNITY

TRENDING THREADS