A new Intel speculative execution flaw has been found - can be exploited by JS - Sensationalist Headlines

https://www.theregister.co.uk/2019/03/05/spoiler_intel_flaw/ Everything from the first gen Core forward s vulnerable.

yep been using this exploit .

This security shortcoming can be potentially exploited by malicious JavaScript within a web browser tab, ... . An attacker therefore requires some kind of foothold in your machine in order to pull this off. ... The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior. My decision to run script-blocking extensions for years now is validated once again, and my decision to ditch Intel for Ryzen 3 is confirmed. As soon as the winter stops raping my heating bills I'm going to save up for a new board, new RAM, and new Zen 2 CPU. Speculative execution was a mistake and Intel's going to lose a large part of their IPC margin over AMD if they turn it off. That's what you get for cutting corners, Inty.

AMD wins again.

Does this mean a potential performance decrease is possible after a patch or is this entirely different from Meltdown/Spectre?

No one is gonna think you're a badass

Computer scientists baffled at company's incredible ability to fuck up every time Intel needs to get their shit together and stop sacrificing security for speed

Got worried for a minute, then remembered I have an AMD processor lmao

Unlink those there's no patch this time. You can't mitigate this unless you're on the silicon level. Of course, browser companies could try to mitigate the JS method but there's probably tons of others within the OS.

can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments. will make existing Rowhammer and cache attacks easier, and make JavaScript-enabled attacks more feasible – instead of taking weeks, Rowhammer could take just seconds ...and also works from within virtual machines and sandboxed environments Mitigations may prove hard to come by. "There is no software mitigation that can completely erase this problem," the researchers say. So essentially every Intel processor from the first gen i7 until now is irreparably vulnerable to browser-based attacks that can even escape virtual machines. Thanks Intel

absence of proof isn't proof, silly

> Thanks Intel Well gee, you can blame Intel all day long, but every other manufacturer who uses an out-of-order execution design is potentially vulnerable for possible permutations of this and/or spectre attack. Throwing that design out would result in massive performance reduction. When people are demanding faster and faster processors, I'm not sure if anyone is able to get out of that hole.

woah dude that is fucken bad ass

It's important to note that they tested Bulldozer architecture, not Zen. So we don't know if Zen is vulnerable or not.

ayyy, being broke made me safe.

Is the problem with speculative execution in general or the implementations of it? I imagine there's some way of doing it safely, even if it means sacrificing some of the potential speed improvements.

What I recommend these days is uMatrix, all that's needed is to block first party scripts under "*".

Fuck. Should have shorted Intel.

"Don't underestimate the ability of AMD's engineers to make similar mistakes. The exploit specifics may be different, but it's foolish to think you are safe just for not knowing whether something bad is possible or not."

https://www.youtube.com/watch?v=Ag1o3koTLWM I had to do it to em

The article seems kind of sensationalist, to be honest: In this work, we are the first to show that the dependency resolution logic that serves the speculative load can be exploited to gain information about the physical page mappings. Microarchitectural side-channel attacks such as Rowhammer and cache attacks rely on the reverse engineering of the virtual-to-physical address mapping. We propose the SPOILER attack which exploits this leakage to speed up this reverse engineering by a factor of 256. Then, we show how this can improve the Prime+Probe attack by a 4096 factor speed up of the eviction set search, even from sandboxed environments like JavaScript. Finally, we improve the Rowhammer attack by showing how SPOILER helps to conduct DRAM row conflicts deterministically with up to 100% chance, and by demonstrating a double-sided Rowhammer attack with normal user’s privilege. The later is due to the possibility of detecting contiguous memory pages using the SPOILER leakage. In essence, SPOILER allows malicious programs to discover physical address mapping from userspace. While this is still pretty nasty, it still requires a side-channel attack vector to be of any use, it's pretty inoffensive compared to Heartbleed, Spectre, Meltdown, and Shellshock.

That's simply an argument about staying vigilant and not being overly trusting, not proof that AMD is equally as unreliable as Intel.

Does any one else always worry about their parents getting hacked they are old people they dont even know whats going on

depends, do you get a heart attack if you search for their email here? https://haveibeenpwned.com/ Because when I enter my mom's I get this: https://i.imgur.com/XfvIXpX.png and I know for a fact she hasn't changed any of her passwords

Speculative execution is basically essential for modern computing performance - it's the only thing letting us really get faster, despite RAM latency being pretty much static since the 90s. You know how far back it goes? Speculative execution debuted on the P6 architecture - the Pentium Pro. It was then featured on the Pentium II, Pentium III, Pentium 4, and all Core series processors. The only Intel chips right now without it are the Atom and Quark lines. On the AMD side, it goes back to the K5 - it's on every Athlon, every Phenom, every Bulldozer chip, and yes, every Zen chip. It's even on the Bobcat cores. And while it's not full speculative execution, branch-predicted prefetch is present on Atom and most modern ARM cores, and that feature was the source of many of these types of security bugs. If you think we should go back to the days before speculative execution, you're literally asking us to go back to 1995 or so. You might be able to eke an order of magnitude improvement from modern fabrication tech, get higher clock speeds, maybe switch back to SRAM for main memory... but we're several orders of magnitude past 1995 right now. The fundamental problem is that you can't run code without trusting it. You know the saying, if someone has physical access to the device, there's nothing you can do to stop them from hacking it, just slow them down? That applies to software too - if you're running someone's code, no matter how much sandboxing or virtualization you try to use, all you can do is slow it down if it's built to be malicious. (I'm pretty sure that conclusion could be derived from the halting problem proof, but I suck at that kind of abstract formal computer science. I'm an engineer, I just make it work.)

Probably because we're reading the register otherwise the paper itself can be read directly from arxiv https://arxiv.org/pdf/1903.00446.pdf [1903.00446] SPOILER

Well my email only comes up with a dailymotion account I didn't even know I had and... https://files.facepunch.com/forum/upload/257085/98ca9821-2c09-4f91-b2dd-17ff23cf4273/image.png https://www.youtube.com/watch?v=cKhcgxy1xQU&feature=youtu.be

This is why we're on Newpunch.

Update: AMD Ryzen is not affected