c.r.s.
Goto Top

Defenseless: Spectre Mitigations Leveraged

A team of University of Virginia School of Engineering computer science researchers has uncovered a line of attack that breaks all Spectre defenses, meaning that billions of computers and other devices across the globe are just as vulnerable today as they were when Spectre was first announced.

https://engineering.virginia.edu/news/2021/04/defenseless

The good news is that you won't have to patch that quickly this time.

Content-Key: 666285

Url: https://administrator.de/contentid/666285

Ausgedruckt am: 29.03.2024 um 09:03 Uhr

Mitglied: GrueneSosseMitSpeck
GrueneSosseMitSpeck 01.05.2021, aktualisiert am 16.05.2023 um 15:17:51 Uhr
Goto Top
well, the Spectre panic was already a lot of wind in a teacup... With the Spectre patch, a Xeon E5 from the v4 series, for example, drops in performance to what a v2 (without Spectre patch) is capable of. I know this so well because I often recreate customer workflows in my lab.
Mitglied: Visucius
Visucius 03.05.2021, aktualisiert am 16.05.2023 um 15:17:51 Uhr
Goto Top
Dealing with this SuperGau alone is a reason to look for alternatives to Intel.
Mitglied: HansDampf06
HansDampf06 03.05.2021, aktualisiert am 16.05.2023 um 15:17:51 Uhr
Goto Top
Zitat von @Visucius:

Dealing with this SuperGau alone is a reason to look for alternatives to Intel.

IIn the area of Intel x86/x64 architectures, that would actually be AMD. But if I understand the linked article correctly, the newly discovered problem applies equally to Intel and AMD processors. That only leaves other architectures like ARM. Of course, these must then be supported by the respective operating system. For Windows, the supported architectures are very manageable.

Quite apart from that, I wonder whether the technological substructure that causes this security gap exists in a similar form in other architectures. If this is the case, then the change to an alternative would not be so easy, if one does not want to come from the "frying pan into the fire".

Many greetings
HansDampf06
Mitglied: C.R.S.
C.R.S. 04.05.2021, aktualisiert am 16.05.2023 um 15:17:51 Uhr
Goto Top
Yes, the attacks shown affect both manufacturers. ARM processors are not architecturally immune either, but use micro-ops caching as well.
Even though this type of vulnerability is difficult to exploit, I find it very interesting: While it may be negligible with increasing complexity in a dedicated infrastructure, it does call the concept of the cloud into question. I wonder if the trend will reverse at some point.

Regards
Richard
Mitglied: HansDampf06
HansDampf06 04.05.2021, aktualisiert am 16.05.2023 um 15:17:51 Uhr
Goto Top
Zitat von @c.r.s.:

stellt sie doch das Konzept der Cloud infrage. Ob sich der Trend irgendwann wieder umkehrt?

So lange das "Vertrauen" (siehe Punkt 2.) in die Cloud propagiert wird und fast jeder auf diesen Zug aufspringt, habe ich da meine argen Zweifel. Die "süßen" Verheißungen sind doch auch sehr verlockend ... Nur die wenigsten machen sich wirklich einmal klar, was das reale Reiseziel dieses Zuges ist und ob sie da wirklich ankommen wollen.

Viele Grüße
HansDampf06
Mitglied: Visucius
Visucius 04.05.2021, aktualisiert am 16.05.2023 um 15:17:51 Uhr
Goto Top
I don't want to deny that.

It's just that I'm more concerned with "in general". The nonchalance with which Intel went over this SuperGau(!) and the lack of consequences, both financially and from the point of view of public relations, could only be maintained because there were no (real) technical alternatives.

You have to imagine that: A bug is delivered over years - in such a "depth" - that the customers "age" their expensive HW bought from the "premium manufacturer" by years with the installation of a (questionable) bugfix. And that doesn't seem to have any effect on reputation, business conduct or balance sheets.

VG
Mitglied: HansDampf06
HansDampf06 04.05.2021, aktualisiert am 16.05.2023 um 15:17:51 Uhr
Goto Top
Why does it work like that "in general"?

Quite simply: The hardware does run, even if it is limited in performance! In the BIOS or in the kernel routines the problem is "fixed" without needing any further intervention. New hardware already runs with the fix from the beginning, so there is no reminder of it due to the lack of original performance data. The advertising directs the attention to other "important" aspects. Thus, the problem is quickly forgotten or is no longer perceived as such.

In addition, there are almost no alternatives - at least not for Windows. And that can be "exploited" extremely well. So why change anything? Why make any cost-intensive effort, when it works just as well without? Forgetting and / or the lack of perception make it much easier.

Some may call euphorically: Buy a few Intel shares. Then you can even earn money from it!

So why should this have a significant effect on reputation, business conduct or balance sheets in such a mixed situation? In an "ideal" world this might be different ... But not in the here and now, even if it is really ... is!

Many greetings
HansDampf06
Mitglied: Visucius
Visucius 04.05.2021, aktualisiert am 16.05.2023 um 15:17:51 Uhr
Goto Top
... nice that you want to explain the world to me.

Only that is not necessary. with my almost 50 years I am well aware of the framework face-wink
Mitglied: HansDampf06
HansDampf06 04.05.2021, aktualisiert am 16.05.2023 um 15:17:51 Uhr
Goto Top
There you understood me completely wrongly! I am even very sure that you belong to those who go in this respect with open eyes through life and to which one can make in this respect probably rather rarely an X before the U.

Otherwise welcome to the club ... face-smile