Category: meltdown

Jan 15 2018

Spectre and Meltdown patches causing trouble as realistic attacks get closer

Enlarge (credit: Simon Smith)

Applications, operating systems, and firmware all need to be updated to defeat Meltdown and protect against Spectre, two attacks that exploit features of high-performance processors to leak information and undermine system security. The computing industry has been scrambling to respond after news of the problem broke early a few days into the new year.

But that patching is proving problematic. The Meltdown protection is revealing bugs or otherwise undesirable behavior in various drivers, and Intel is currently recommending that people cease installing a microcode update it issued to help tackle the Spectre problem. This comes as researchers are digging into the papers describing the issues and getting closer to weaponizing the research to turn it into a practical attack. With the bad guys sure to be doing the same, real-world attacks using this research are sure to follow soon.

Back when initially releasing its Windows patch, Microsoft acknowledged incompatibilities with some anti-virus software. To receive the Meltdown and Spectre fixes, anti-virus software on Windows is required to create a special registry entry indicating that it's compatible. Without this entry, not only are these patches blocked, but so too are all future Windows patches. Most anti-virus vendors should now have compatible versions of their products, but users with stale anti-virus software—expired trials or end-of-lifed products—are at this point much better off removing the third-party software entirely and using the built-in protection in Windows 8.1 and Windows 10.

Read 8 remaining paragraphs | Comments

Jan 11 2018

Here’s how, and why, the Spectre and Meltdown patches will hurt performance

Enlarge (credit: Aurich / Getty)

As the industry continues to grapple with the Meltdown and Spectre attacks, operating system and browser developers in particular are continuing to develop and test schemes to protect against the problems. Simultaneously, microcode updates to alter processor behavior are also starting to ship.

Since news of these attacks first broke, it has been clear that resolving them is going to have some performance impact. Meltdown was presumed to have a substantial impact, at least for some workloads, but Spectre was more of an unknown due to its greater complexity. With patches and microcode now available (at least for some systems), that impact is now starting to become clearer. The situation is, as we should expect with these twin attacks, complex.

To recap: modern high-performance processors perform what is called speculative execution. They will make assumptions about which way branches in the code are taken and speculatively compute results accordingly. If they guess correctly, they win some extra performance; if they guess wrong, they throw away their speculatively calculated results. This is meant to be transparent to programs, but it turns out that this speculation slightly changes the state of the processor. These small changes can be measured, disclosing information about the data and instructions that were used speculatively.

Read 47 remaining paragraphs | Comments

Jan 10 2018

Darknet 2018-01-10 14:04:15

Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux

Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 “speculative execution” CVEs that were made public early 2018.

Without options, it’ll inspect you currently running kernel. You can also specify a kernel image on the command line, if you’d like to inspect a kernel you’re not running.

The script will do its best to detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number.

Read the rest of Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux now! Only available at Darknet.

Jan 09 2018

Bad docs and blue screens make Microsoft suspend Spectre patch for AMD machines

An Athlon 64 purchased in 2007. (credit: Fred)

Microsoft has suspended delivering the latest Windows update to certain systems with AMD processors after reports that the update was causing the machines to crash with a blue screen of death when booting. The update contains countermeasures against both the Meltdown and Spectre attacks; although AMD systems are not affected by Meltdown, they're vulnerable to Spectre.

Withdrawing or suspending delivery of Windows Updates is not uncommon; while there is some testing done by Microsoft, releasing things to a wider audience does from time to time unearth incompatibilities or bugs within the update. What is uncommon is that Microsoft is not merely suspending this update; the company has also outlined why. Specifically, Microsoft writes that:

After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown.

This is an unusual act of buck-passing.

Read 1 remaining paragraphs | Comments