The Naked Scientists
  • Login
  • Register
  • Podcasts
      • The Naked Scientists
      • eLife
      • Naked Genetics
      • Naked Astronomy
      • In short
      • Naked Neuroscience
      • Ask! The Naked Scientists
      • Question of the Week
      • Archive
      • Video
      • SUBSCRIBE to our Podcasts
  • Articles
      • Science News
      • Features
      • Interviews
      • Answers to Science Questions
  • Get Naked
      • Donate
      • Do an Experiment
      • Science Forum
      • Ask a Question
  • About
      • Meet the team
      • Our Sponsors
      • Site Map
      • Contact us

User menu

  • Login
  • Register
  • Home
  • Help
  • Search
  • Tags
  • Member Map
  • Recent Topics
  • Login
  • Register
  1. Naked Science Forum
  2. Non Life Sciences
  3. Geek Speak
  4. What is the Meltdown/Spectre bug?
« previous next »
  • Print
Pages: [1]   Go Down

What is the Meltdown/Spectre bug?

  • 15 Replies
  • 2953 Views
  • 6 Tags

0 Members and 1 Guest are viewing this topic.

Offline tkadm30 (OP)

  • Naked Science Forum King!
  • ******
  • 2439
  • Activity:
    0%
  • Thanked: 34 times
  • Breaking the box...
    • View Profile
    • IsotopeResearch
What is the Meltdown/Spectre bug?
« on: 06/01/2018 10:32:31 »
Virtually all moderns PCs and smartphones are vulnerable by theses low-level CPU flaws.

Why Intel did not released a security advisory when they become aware of the design flaw in June 2017? 

See:

https://meltdownattack.com/

https://react-etc.net/page/javascript-spectre-meltdown-faq

« Last Edit: 08/01/2018 19:47:53 by tkadm30 »
Logged
Not all who wander are lost...
 



Offline SeanB

  • Naked Science Forum King!
  • ******
  • 1185
  • Activity:
    0%
  • Thanked: 13 times
    • View Profile
Re: What is the Meltdown/Spectre bug?
« Reply #1 on: 08/01/2018 12:55:22 »
AMD as well, just not as well known. All CPU's that do predicitive and speculative execution are vunerable to it.
Logged
 

Offline chris

  • Naked Science Forum King!
  • ******
  • 7942
  • Activity:
    6.5%
  • Thanked: 273 times
  • The Naked Scientist
    • View Profile
    • The Naked Scientists
Re: What is the Meltdown/Spectre bug?
« Reply #2 on: 08/01/2018 13:50:30 »
How is the threat deployed against the host computer? Presumably to make the hardware do this it must tinker with the bios?
Logged
I never forget a face, but in your case I'll make an exception - Groucho Marx - https://www.thenakedscientists.com/
 

Offline tkadm30 (OP)

  • Naked Science Forum King!
  • ******
  • 2439
  • Activity:
    0%
  • Thanked: 34 times
  • Breaking the box...
    • View Profile
    • IsotopeResearch
Re: What is the Meltdown/Spectre bug?
« Reply #3 on: 08/01/2018 15:00:12 »
Quote from: chris on 08/01/2018 13:50:30
How is the threat deployed against the host computer? Presumably to make the hardware do this it must tinker with the bios?

Javascript...
Logged
Not all who wander are lost...
 

Offline SeanB

  • Naked Science Forum King!
  • ******
  • 1185
  • Activity:
    0%
  • Thanked: 13 times
    • View Profile
Re: What is the Meltdown/Spectre bug?
« Reply #4 on: 08/01/2018 15:00:41 »
You need to be able to run script on the host with some access to software timers, so just a web page will do, using javascript to run the attacks on the host computer. All it needs is the means to run code and read the built in OS timers, which all code will be allowed to do, as they all look at the system clock for time, and often also need to use the other high speed counters. That the difference between guessing wrong and guessing right is around 200 times the delay is a very easy thing to pull out of the system, and thus the program script can slowly pull out data it wants, provided it knows where the data is, even if it is nominally blocked from reading it, it can guess the data by multiple tries with all possible values of the target, the good one has a time difference that shows up.

Plenty of info online about this at the moment.
Logged
 



Offline chris

  • Naked Science Forum King!
  • ******
  • 7942
  • Activity:
    6.5%
  • Thanked: 273 times
  • The Naked Scientist
    • View Profile
    • The Naked Scientists
Re: What is the Meltdown/Spectre bug?
« Reply #5 on: 08/01/2018 16:51:31 »
How can it be mitigated?
Logged
I never forget a face, but in your case I'll make an exception - Groucho Marx - https://www.thenakedscientists.com/
 

Offline RD

  • Naked Science Forum GOD!
  • *******
  • 9092
  • Activity:
    13%
  • Thanked: 151 times
    • View Profile
Re: What is the Meltdown/Spectre bug?
« Reply #6 on: 08/01/2018 18:24:45 »
Quote from: chris on 08/01/2018 16:51:31
How can it be mitigated?
Ensure the browser and operating-system are up-to-date ... https://spectreattack.com/
These vulnerabilities were not found "in the wild".
Logged
 

Offline tkadm30 (OP)

  • Naked Science Forum King!
  • ******
  • 2439
  • Activity:
    0%
  • Thanked: 34 times
  • Breaking the box...
    • View Profile
    • IsotopeResearch
Re: What is the Meltdown/Spectre bug?
« Reply #7 on: 08/01/2018 19:46:36 »
Quote from: SeanB on 08/01/2018 12:55:22
AMD as well, just not as well known. All CPU's that do predicitive and speculative execution are vunerable to it.

Thanks, I'll correct that. My understanding is that AMD CPUs are vulnerable to Spectre-class hardware timing attacks but not to Meltdown.
Logged
Not all who wander are lost...
 

Offline chris

  • Naked Science Forum King!
  • ******
  • 7942
  • Activity:
    6.5%
  • Thanked: 273 times
  • The Naked Scientist
    • View Profile
    • The Naked Scientists
Re: What is the Meltdown/Spectre bug?
« Reply #8 on: 10/01/2018 14:03:27 »
Bad news regarding Spectre / Meltdown fix for older PC owners: Microsoft says it will slow down your computer But doesn't Windows do that anyway? Will I even notice?

An independent write-up is here in this article.
« Last Edit: 10/01/2018 14:06:21 by chris »
Logged
I never forget a face, but in your case I'll make an exception - Groucho Marx - https://www.thenakedscientists.com/
 



Offline SeanB

  • Naked Science Forum King!
  • ******
  • 1185
  • Activity:
    0%
  • Thanked: 13 times
    • View Profile
Re: What is the Meltdown/Spectre bug?
« Reply #9 on: 10/01/2018 14:52:20 »
Little more here.

https://www.grc.com/sn/sn-645-notes.pdf

If you want you can watch the whole show as well at www.twit.tv/sn look for ep 645.
Logged
 

Offline tkadm30 (OP)

  • Naked Science Forum King!
  • ******
  • 2439
  • Activity:
    0%
  • Thanked: 34 times
  • Breaking the box...
    • View Profile
    • IsotopeResearch
Re: What is the Meltdown/Spectre bug?
« Reply #10 on: 10/01/2018 19:41:30 »
Quote from: chris on 10/01/2018 14:03:27
Bad news regarding Spectre / Meltdown fix for older PC owners: Microsoft says it will slow down your computer But doesn't Windows do that anyway? Will I even notice?

An independent write-up is here in this article.

I don't install security patches for my AMD Windows 7 laptop since a long time ago...
Logged
Not all who wander are lost...
 

Offline tkadm30 (OP)

  • Naked Science Forum King!
  • ******
  • 2439
  • Activity:
    0%
  • Thanked: 34 times
  • Breaking the box...
    • View Profile
    • IsotopeResearch
Re: What is the Meltdown/Spectre bug?
« Reply #11 on: 22/01/2018 00:02:09 »
Are theses severe CPU design flaws evidences that Intel is corrupted to the bone??

Logged
Not all who wander are lost...
 

Offline SeanB

  • Naked Science Forum King!
  • ******
  • 1185
  • Activity:
    0%
  • Thanked: 13 times
    • View Profile
Re: What is the Meltdown/Spectre bug?
« Reply #12 on: 22/01/2018 04:46:38 »
No, more that making a modern CPU is hard. The decisions made years ago to increase speed had some unanticipated side effects.
Logged
 



Offline tkadm30 (OP)

  • Naked Science Forum King!
  • ******
  • 2439
  • Activity:
    0%
  • Thanked: 34 times
  • Breaking the box...
    • View Profile
    • IsotopeResearch
Re: What is the Meltdown/Spectre bug?
« Reply #13 on: 22/01/2018 19:50:48 »
Quote from: SeanB on 22/01/2018 04:46:38
No, more that making a modern CPU is hard. The decisions made years ago to increase speed had some unanticipated side effects.

Seriously?

A Spectre-class exploit/bug was not introduced automagically in Intel hardware. Theses things only happens in real life because Intel engineers carefully developed their products with specific design guidelines.
Logged
Not all who wander are lost...
 

Offline RD

  • Naked Science Forum GOD!
  • *******
  • 9092
  • Activity:
    13%
  • Thanked: 151 times
    • View Profile
Re: What is the Meltdown/Spectre bug?
« Reply #14 on: 22/01/2018 20:43:44 »
Quote from: tkadm30 on 22/01/2018 19:50:48
A Spectre-class exploit/bug was not introduced automagically in Intel hardware. Theses things only happens in real life because Intel engineers carefully developed their products with specific design guidelines.

Your conspiracy-theory will have to include software engineers too : javascript and multiple web browsers.
« Last Edit: 22/01/2018 20:46:01 by RD »
Logged
 

Offline tkadm30 (OP)

  • Naked Science Forum King!
  • ******
  • 2439
  • Activity:
    0%
  • Thanked: 34 times
  • Breaking the box...
    • View Profile
    • IsotopeResearch
Re: What is the Meltdown/Spectre bug?
« Reply #15 on: 22/01/2018 21:20:46 »
Quote from: RD on 22/01/2018 20:43:44
Your conspiracy-theory will have to include software engineers too : javascript and multiple web browsers.
Yes. But calling this a "conspiracy theory" is incorrect. Do you really think we should not hold Intel accountable for theses severe CPU design flaws?

Logged
Not all who wander are lost...
 



  • Print
Pages: [1]   Go Up
« previous next »
Tags: spectre  / meltdown  / electronic vulnerability  / virus  / hacking  / computer 
 

Similar topics (3)

What radiation protective clothing is needed in case of a meltdown?

Started by rebBoard General Science

Replies: 10
Views: 6080
Last post 11/02/2018 15:10:41
by petelamana
How does the 311 earthquake affecting Fukushima affect the nuclear meltdown?

Started by The ScientistBoard Technology

Replies: 2
Views: 3872
Last post 30/06/2011 23:06:37
by CliffordK
What is the science behind the Brocken spectre phenomenon?

Started by chrisBoard General Science

Replies: 11
Views: 3778
Last post 30/08/2016 00:13:27
by Colin2B
There was an error while thanking
Thanking...
  • SMF 2.0.15 | SMF © 2017, Simple Machines
    Privacy Policy
    SMFAds for Free Forums
  • Naked Science Forum ©

Page created in 0.158 seconds with 71 queries.

  • Podcasts
  • Articles
  • Get Naked
  • About
  • Contact us
  • Advertise
  • Privacy Policy
  • Subscribe to newsletter
  • We love feedback

Follow us

cambridge_logo_footer.png

©The Naked Scientists® 2000–2017 | The Naked Scientists® and Naked Science® are registered trademarks created by Dr Chris Smith. Information presented on this website is the opinion of the individual contributors and does not reflect the general views of the administrators, editors, moderators, sponsors, Cambridge University or the public at large.