How a Researcher Hacked His Own Computer and Found One of the Worst CPU Bugs Ever Found (reuters.com) 87
Reuters tells the story of how Daniel Gruss, a 31-year-old information security researcher and post-doctoral fellow at Austria's Graz Technical University, hacked his own computer and exposed a flaw in most of the Intel chips made in the past two decades. Prior to his discovery, Gruss and his colleagues Moritz Lipp and Michael Schwarz had thought such an attack on the processor's "kernel" memory, which is meant to be inaccessible to users, was only theoretically possible. From the report: "When I saw my private website addresses from Firefox being dumped by the tool I wrote, I was really shocked," Gruss told Reuters in an email interview, describing how he had unlocked personal data that should be secured. Gruss, Lipp and Schwarz, working from their homes on a weekend in early December, messaged each other furiously to verify the result. "We sat for hours in disbelief until we eliminated any possibility that this result was wrong," said Gruss, whose mind kept racing even after powering down his computer, so he barely caught a wink of sleep.
Gruss and his colleagues had just confirmed the existence of what he regards as "one of the worst CPU bugs ever found." The flaw, now named Meltdown, was revealed on Wednesday and affects most processors manufactured by Intel since 1995. Separately, a second defect called Spectre has been found that also exposes core memory in most computers and mobile devices running on chips made by Intel, Advanced Micro Devices (AMD) and ARM Holdings, a unit of Japan's Softbank.
Most likely Intel's numbers will go up, at least in the short term, as people buy more CPUs to make up for the performance hit.
We don't know that AMD doesn't have it's own issues which are just as bad...
However, AMD Kind of has Intel on the ropes in the performance space with that Rizen line. Intel's answer has been to drop more cores into the unit and then having to force them to lower clock rates due to heat. Intel is still turning huge profits, but AMD has started to recapture market share....
SO.... I point all this out to say the following. AMD now has a huge hole in Intel's armor to drive their marketing trucks though an
AMD seems way better off.
AMD was closing performance gap, now Intel just lost about 5-10% (workload dependant estimated mitigation costs of meltdown on a CPU with PCID) performance. This puts AMD at a tie in some areas (cost equivalent single thread) where it was slightly behind, and further grows its multi thread advantage.
Both CPUS are in theory vulnerable to spectre, which will likely be mitigated in software by application and be equally damaging to all.
At least that's how I've read it. Mitigation of me
You're right that AMD is unaffected (as unaffected as anything), but I don't think they can handle the volume. Not in the short term.
But they may be able to handle and extra 10-15% of cash for the same volume. That'd be real good on the books.
Actually, I'd expect many businesses to use it as an excuse to outsource more of their outdated on-prem equipment to "the cloud". Guess who makes over 95% of the CPU's used by the cloud hosting providers? Not AMD's.
Sure, that might sound counter-intuitive considering that this vulnerability showed a huge potential security issue with shared hosting models. That said, spending more money on upgrading what's considered to be a "legacy" data center by senior management probably won't get you that "VP of Infras
First to market with a fixed CPU gets big rewards? (Score:2)
For every punishing move in the market, there's a reward for new, better, faster, or in this case, more secure.
Who will get to market first with a fix? This will be fun to watch.
Who will get to market with a fixed CPU, is what I should have said to be unambiguous.
Whoever that company is may reap huge rewards, even if it's Intel.
First google hit says AMD is also affected:
https://www.theinquirer.net/in... [theinquirer.net]
I'm not so sure the impact is going to be big (Score:2)
Google and Amazon both say its negligible.
http://www.businessinsider.com... [businessinsider.com]
It happens to be a slow news week (Score:1)
The whole thing is overblown. US CERT gave it a CVSS of 1.5
... which means on a scale from 1 to 10 in severity, it didn't even break a 2.
https://www.kb.cert.org/vuls/i... [cert.org]
To nit pick myself (Score:1)
I guess technically the CVSS scale runs from 0 to 10, but still this one wallows in the bottom half of the Low classification.
https://nvd.nist.gov/vuln-metr... [nist.gov]
I can't help but wonder if this is only because they haven't found much in the kernel address space. If on could find hashed passwords for local accounts, it might cause people to reconsider..
Re: (Score:3)
The link you provided reports the following CVSS metrics:
Base 4.4 AV:L/AC:M/Au:S/C:C/I:N/A:N
Temporal 3.4 E:POC/RL:OF/RC:C
Environmental 5.1 CDP:ND/TD:H/CR:H/IR:ND/AR:ND
Where did you read 1.5?
OK, the bug is big. Impact is going to be big. But who's gonna be punished by the market? Who can I short? Will users of Cloud services demand their processes to be hosted on exclusive servers not shared with others? Would it raise cloud costs? Would they punish Intel?
I read an article that said the Intel CEO dumped a bunch of stock last yer, so it's probably too late to short them.
Trezor, and other makers of hardware Bitcoin/Crypto wallets for one should go up.
All software wallets can be assumed compromised at this point.
So... (Score:2)
Is that yet another flaw or a duplicate name for one of the other two bugs we were already talking about in previous threads?
In other news, is the Motorola 68K series immune to these two/three problems? (Amiga, Atari ST, classic Macs)
Synergy, eh?
Bingo!
I seriously doubt the 68000 series has this issue.... Security was designed in from the start on these processors, even if it wasn't actually implemented until later. Between the 68000 and the 68030 there wasn't any need to change anything to run your program and only ONE instruction had to be modified (it had a different set of flags returned where one bit now was variable, instead of fixed).
The security architecture of Intel's solution was implemented after the fact. It had to pay homage to legacy instr
I don't think they do predictive branching.
Worthless submission (Score:1)
The article teases you with "how he did it" and answers with "he did it." You want to know how Meltdown or Specter work? Read the papers: https://meltdownattack.com/
Soft (Score:2)
Good thing they clarified who ARM are by referencing a group I have vaguely heard of once or twice.
AMD bug only affects THE SAME PROCESS, unlike Inte (Score:1)
Intel PR monkeys are trying to take AMD down with them, let's make this clear:
For the 3 bugs, the biggest one only affect Intel CPUs, for bug 2 and 3:
AMD bug only affects THE SAME PROCESS, unlike Intel, which allows exploits to cross processes:
https://googleprojectzero.blog... [blogspot.com]
As shown, AMD was only vulnerable to "the ability to read data inside mis-speculated execution within the same process, without crossing any privilege boundaries."
Intel ME (Score:2)
Does this brings up a another issue ? As fixes roll out what about Intel ME ? That is suppose to be on a somewhat modern 32 bit Intel processor. So I would think that ME will have these same issues.
How would that get patched ? Can ME even access kernel memory on the main chip like meltdown can on VM ?
Hope this does not keep you awake at night
:)
Three independent teams found bug at same time (Score:3)
Which begs the question - how long has the NSA known about this too?
Re: (Score:2)
Why?
NSA ANT catalog https://en.wikipedia.org/wiki/... [wikipedia.org]
PRISM (surveillance program) https://en.wikipedia.org/wiki/... [wikipedia.org]
Room 641A https://en.wikipedia.org/wiki/... [wikipedia.org]
Most of what was released talks to malware, OS support, hardware additions.
What is missing is the Equation Group https://en.wikipedia.org/wiki/... [wikipedia.org] effort
It means the cheap Indian/Chinese workers don't have the cultural bias towards creativity that 'western' workers do; and are less likely to find and report unexpected behavior because they don't want to make their superiors look bad.
I worked for a month for an India based software co, and the bosses *deleted unfixed bugs from the database* in order to appear better. I got away from that company ASAP.
It means the cheap Indian/Chinese workers don't have the cultural bias towards creativity that 'western' workers do; and are less likely to find and report unexpected behavior because they don't want to make their superiors look bad.
I worked for a month for an India based software co, and the bosses *deleted unfixed bugs from the database* in order to appear better. I got away from that company ASAP.
The other possibility is that they are equally creative, but don't have the confidence to raise the flag, since they don't have the protection of being a white American citizen? Or that "this may be the work of the CIA", so lets pretend we don't know about this?
Very little about "How" (Score:1)
For an article with a title containing "How a researcher hacked his own computer and found 'worst' chip flaw", there is very little detail about "How the Researcher Hacked His Own Computer" - other than the words "Daniel Gruss didn’t sleep much the night he hacked his own computer".
Bet the NSA is pissed this went public (Score:2)
How much you want to bet that this was one of their dirty tricks...