In your estimation, what protections were there against Spectre and Meltdown?

1    28 Feb 2018 13:43 by u/MHole

Seems to me the biggest exploit vector was in virtual machine theft. Grab DB keys from all the VM's on a shared webserver, for example. Or a Cloud Instance even.

Because yes, they really were that shortsighted and greedy.

What do you guys think mitigated this, if anything?

For example if you disable all the virtualization options in a BIOS, that fairly straightforwardly eliminates the most useful vectors for those exploits.

If they can already execute code, you must consider the host system exploited anyway. So what Spectre and Meltdown did was allow common ground to be exploited.

Perhaps it never should have been trusted anyway. Virtual Machines are elegant, and I understand the appeal. But you can't trust anything these days, and why would you?

3 comments

0 u/J_Darnley 28 Feb 2018 20:36

As far as I know there are no bios setting to guard against either of them. Turning off the virtualisation features would have just meant running VMs was slow and had no hardware pass-through options. It didn't disable speculative execution of branches. Disabling javascript in your browser was a good way to prevent a drive-by exploit just from visiting a website though. Not to mention it is good practice in general.

On servers, particularly virtual servers, it would have been a bigger deal because you might have different users running different thing all of which could read just about everything.

It almost sounds like you misunderstand what the exploits are. I don't. I just know that one of them featured observing side effects from speculative execution. I don't think either was particularly about VMs though.

0 u/MHole [OP] 28 Feb 2018 23:07

It almost sounds like you misunderstand what the exploits are.

I think the people who really understand how the exploits were actually used are still prohibited from discussing them.

0 u/MHole [OP] 01 Mar 2018 00:07

LOL I was trying to answer my own question a little better and ran across this gem of a thread:

https://forums.virtualbox.org/viewtopic.php?t=86399

The hoops poor windows users need to jump through.

Anyway the way this relates to my question is that in the Windows world, at least, some of the "features" they have were blocking VT-X from being used by higher level virtualization tools.

What I am getting at, in essense, is the only vectors I can really see as being widely used would be if someone like Lenovo integrated some simple exploits into their drivers. Any drivers that needed to go through WHQL would either not have exploits or would make Microsoft Complicit in this massive crime that was perpetrated on us.

So who was actually using Spectre?

If I were using it, hypothetically, I would want it on all the cloud devices I could infect with it; through drivers like netcode or something.

But to reliably use it on a virtual server, doesn't seem nearly as practical as those other vectors.

But I honestly don't know. The world is changing too fast, I can't keep up!