Good article... I've always liked to keep up on security issues. I actually subscribe to the ics-cert@ncas.us-cert.gov mailing list to keep up on the security issue du jour.
You are correct. The issue itself is on how the hardware tries to predict the outcome of a conditional check. Basically, to keep things humming along the processor will try to guess the outcome of an either/or check. This guessing is what can be abused. There are ways to limit these either or situations occurring through software, but they severely limit what you can do to optimize your software and therefore slows everything down.
Every CPU post PentiumPro has this problem. This is how they made things scale 'faster' with deeper pipelines, and more branch prediction. The P4 was a dead end of going to far this direction, hence why everything today is based off of the wider P3 approach.
'Microcode' is an abstraction. Commonly in the processor's controller, there is a programmable logic device (PLD) that serves as the interpreter between the machine code (and its extensions) and the actual signalling instruction(s) the controller will execute.
This issue is micro-architectural, and has to do with the implementation of branch prediction technology, and speculative execution. These technologies (at least their core components) are hard-wired and built on necessary assumptions that Spectre exploits. This is why Spectre is thus named as such, 'As it will haunt us for a long time'. It theoretically cannot be fully mitigated without replacement.
To compensate for spectre, techniques are being divisive at the microcode and kernel level (which you did correctly assume) to add enough entropy against the branch predictor and the speculative execution circuits to effectively cripple them.
Of course there are engineers at Intel, AMD, Broadcom, IBM, et al who knew this for years and I'm sure they let management know. And as usual, the fix is expensive and unacceptable so nothing was done to mitigate it. Even now, I imagine discussions going on about it and security will simply take a backseat to making the processor faster.
And of course Big Tech wants a rollout of hardware fixes. Is this how they get their Big Brother chips into everyone's computers, smartphones, and everything else?
They've been putting hidden servers and flaws in silicone for years already. I believe the flaw is real and the alphabet agencies love the flaw because it also allows them easy access to our data. If the chip companies fix this flaw, they will be asked to engineer a new exploit.
AMD uses similar optimization techniques as all other semiconductor manufacturers use. The conspiracy theorist in me can believe the alphabet agencies may have designed this flaw or all silicon engineers use similar designs in the architecture of the processors. Either way, most processors have this embedded in the design.
I suspect some engineer may redesign the chips or a completely different technology will make the current design obsolete. I'm guessing the latter. It may be optical chip tech or quantum tech. Either way, new and more exciting flaws will be discovered.
This is, of course, particularly worrying for cloud computing where it is common for virtual machines belonging to different companies to run on the same hardware.
Now that's a crazy implication I hadn't thought about. Lots of people are probably rightfully shitting their pants, right now.
I never heard of it. Granted, this was at a time when I was still squarely in blue-pill land, and never paid attention much to these things. I always knew what Spectre and Meltdown was, in a broad-view sense, but never read up the specs on how exactly it worked.
I didn't realize it could access shared memory/cache simply by virtue of even running on the same processor, bypassing all software checks and existing on a lower level than even the kernel. Also, we were told it was fixed/patched, and the scare went away. Now Google's telling people it might actually be inherent to the architecture of modern processors, and may very well be unpatchable. That's nuts and news to me.
Open your eyes a little more. They’re nasty but there are nastier things that come out daily. For instance, pretty much all versions of Linux, Win 10/Server 2016 both have nasty vulns right now, as does Drupal.
Bleeping Computer, Threat Post, Krebs, etc. take a few mins each day and scan those sites and you’ll get the big stuff.
I should add, I think that the chances of getting owned by this in a targeted attack are pretty small vs getting owned because your cloud hosting provider opened an office doc with a malicious macro, which happens all the time.
So what? Please will everyone now roll-back the reduction in performance they caused trying to fix it and instead tell people to stop running other people's code? If this means you can't even run javascript in your browser so be it. (It is a privacy violation anyway.)
When does the new hardware arrive that does not have these flaws in them?
New inflated CPU’s once a fucking decade would be nice.
I spent a fucking fortune on my custom pc, and then they turn around and say, it’s already hacked before you’ve got it.
What other industry tries to pull shit like this?
I can see the I.T industry collapsing due to this. I have no trust in any of the major players right now, and doubt I ever will again.
35 comments
0 u/Themooninthesky 23 Feb 2019 01:03
Who cares?
0 u/polygeek [OP] 23 Feb 2019 01:13
I guess I do. I like to find out shit like that.
0 u/Jewed 23 Feb 2019 03:07
Are you a pajeet?
0 u/ratsmack 23 Feb 2019 02:03
Good article... I've always liked to keep up on security issues. I actually subscribe to the ics-cert@ncas.us-cert.gov mailing list to keep up on the security issue du jour.
0 u/hon 23 Feb 2019 13:55
Check out www.Krebsonsecurity.com
His series on ATM skimming is pretty interesting
0 u/carlip 23 Feb 2019 02:03
i was under the impression its a microcode issue, so anything kernel or higher isn't going to be able to do much
0 u/Bobbyhill88 23 Feb 2019 06:26
You are correct. The issue itself is on how the hardware tries to predict the outcome of a conditional check. Basically, to keep things humming along the processor will try to guess the outcome of an either/or check. This guessing is what can be abused. There are ways to limit these either or situations occurring through software, but they severely limit what you can do to optimize your software and therefore slows everything down.
0 u/phillyjoe 23 Feb 2019 07:00
It's an architectural issue.
Every CPU post PentiumPro has this problem. This is how they made things scale 'faster' with deeper pipelines, and more branch prediction. The P4 was a dead end of going to far this direction, hence why everything today is based off of the wider P3 approach.
But P2/P3/P4 are all the root of this evil.
0 u/stradian 23 Feb 2019 16:41
'Microcode' is an abstraction. Commonly in the processor's controller, there is a programmable logic device (PLD) that serves as the interpreter between the machine code (and its extensions) and the actual signalling instruction(s) the controller will execute.
This issue is micro-architectural, and has to do with the implementation of branch prediction technology, and speculative execution. These technologies (at least their core components) are hard-wired and built on necessary assumptions that Spectre exploits. This is why Spectre is thus named as such, 'As it will haunt us for a long time'. It theoretically cannot be fully mitigated without replacement.
To compensate for spectre, techniques are being divisive at the microcode and kernel level (which you did correctly assume) to add enough entropy against the branch predictor and the speculative execution circuits to effectively cripple them.
0 u/vastrightwing 23 Feb 2019 03:11
Of course there are engineers at Intel, AMD, Broadcom, IBM, et al who knew this for years and I'm sure they let management know. And as usual, the fix is expensive and unacceptable so nothing was done to mitigate it. Even now, I imagine discussions going on about it and security will simply take a backseat to making the processor faster.
0 u/wizardofthefuture 23 Feb 2019 10:25
And of course Big Tech wants a rollout of hardware fixes. Is this how they get their Big Brother chips into everyone's computers, smartphones, and everything else?
0 u/vastrightwing 23 Feb 2019 12:24
They've been putting hidden servers and flaws in silicone for years already. I believe the flaw is real and the alphabet agencies love the flaw because it also allows them easy access to our data. If the chip companies fix this flaw, they will be asked to engineer a new exploit.
0 u/polygeek [OP] 25 Feb 2019 15:38
I thought AMD was not affected..?
0 u/vastrightwing 25 Feb 2019 15:51
AMD uses similar optimization techniques as all other semiconductor manufacturers use. The conspiracy theorist in me can believe the alphabet agencies may have designed this flaw or all silicon engineers use similar designs in the architecture of the processors. Either way, most processors have this embedded in the design.
I suspect some engineer may redesign the chips or a completely different technology will make the current design obsolete. I'm guessing the latter. It may be optical chip tech or quantum tech. Either way, new and more exciting flaws will be discovered.
0 u/polygeek [OP] 25 Feb 2019 16:02
LOL. I see you've done this before too. :)
0 u/TheTrigger 23 Feb 2019 03:27
Now that's a crazy implication I hadn't thought about. Lots of people are probably rightfully shitting their pants, right now.
0 u/bezzy 23 Feb 2019 06:03
Huh? These exploits are old news and this was at the time the main concerning implication.
0 u/TheTrigger 23 Feb 2019 14:18
I never heard of it. Granted, this was at a time when I was still squarely in blue-pill land, and never paid attention much to these things. I always knew what Spectre and Meltdown was, in a broad-view sense, but never read up the specs on how exactly it worked.
I didn't realize it could access shared memory/cache simply by virtue of even running on the same processor, bypassing all software checks and existing on a lower level than even the kernel. Also, we were told it was fixed/patched, and the scare went away. Now Google's telling people it might actually be inherent to the architecture of modern processors, and may very well be unpatchable. That's nuts and news to me.
0 u/Toomanydelaccounts 23 Feb 2019 14:52
Open your eyes a little more. They’re nasty but there are nastier things that come out daily. For instance, pretty much all versions of Linux, Win 10/Server 2016 both have nasty vulns right now, as does Drupal.
Bleeping Computer, Threat Post, Krebs, etc. take a few mins each day and scan those sites and you’ll get the big stuff.
0 u/bezzy 23 Feb 2019 16:56
It is "unpatchable" (afaik) because the fixes would cause extreme performance loss in the cloud servers, like 30+%
0 u/bezzy 23 Feb 2019 18:24
I should add, I think that the chances of getting owned by this in a targeted attack are pretty small vs getting owned because your cloud hosting provider opened an office doc with a malicious macro, which happens all the time.
0 u/polygeek [OP] 25 Feb 2019 15:37
AMD is going to be verrry happy with all the new custom hardware builds.
0 u/videocodec 23 Feb 2019 08:41
When you combine Jews and pajeets in tech you have people too evil or too incompetent to fix the problem or even look at a working solution.
0 u/J_Darnley 23 Feb 2019 11:06
So what? Please will everyone now roll-back the reduction in performance they caused trying to fix it and instead tell people to stop running other people's code? If this means you can't even run javascript in your browser so be it. (It is a privacy violation anyway.)
0 u/polygeek [OP] 25 Feb 2019 15:36
Fucking true.
0 u/Chap 23 Feb 2019 11:45
When does the new hardware arrive that does not have these flaws in them? New inflated CPU’s once a fucking decade would be nice. I spent a fucking fortune on my custom pc, and then they turn around and say, it’s already hacked before you’ve got it. What other industry tries to pull shit like this?
I can see the I.T industry collapsing due to this. I have no trust in any of the major players right now, and doubt I ever will again.
I won’t be buying a new PC.
0 u/polygeek [OP] 25 Feb 2019 15:36
It's a fundamental hardware redesign. It's going to take motherfuckin' years.
New PC doesn't matter since all the chips post Pentium are affected. Try AMD. :)
0 u/drstrangegov 23 Feb 2019 15:28
Somebody broke the internet?
0 u/Vaginal_Sandstorm 23 Feb 2019 17:49
Almost makes you wonder if they were put there on purpose, doesn't it?
0 u/polygeek [OP] 25 Feb 2019 15:34
This one was lazy opportunism, not malice. It wasn't even exploitable until hardware had evolved to sufficient speed to make the exploit practical.