-TWC| Forum
  • Forum
    • Top donors
    • Calendar
    • Help
    • Search
    • Statistics
    • Users
  • Manage
    • Identity
    • Panel
  • DJBooth
  • Gallery
  • Members
  • Site
  • Support


Trackbase Gametracker Facebook Steam

Current time: 23-04-2018, 01:18 PM Hello There, Guest! (Login — Register)


-TWC| Forum >> Offtopic >> Hydepark >> Technology v
1 2 Next »
>> The 2018 CPU vulnerability disaster (SPECTRE & MELTDOWN)

Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode | Linear Mode
The 2018 CPU vulnerability disaster (SPECTRE & MELTDOWN)
04-01-2018, 08:18 PM (This post was last modified: 12-01-2018 05:09 PM by Mystik.)
Post: #1
Mystik Online
¯\_(ツ)_/¯
**
Clan Friends
Posts: 214
Joined: Mar 2012
Reputation: 19
Bug The 2018 CPU vulnerability disaster (SPECTRE & MELTDOWN)
[Image: vGmwExg.png]

SPECTRE & MELTDOWN

Here's a great start to 2018: 99% of all processors in use today have design flaws that makes them vulnerable to attacks.

Researchers have found 2 bugs/design flaws that combined impact pretty much all processors in use today. This means that your PC, laptop, server and phone ARE AFFECTED by these bugs. Both of these bugs allow hackers to read information from the memory. THIS CAN INCLUDE PASSWORDS AND OTHER PERSONAL INFORMATION. There are 3 variants (variant 3 has a sub variant) of attacks. 1) Bounds check bypass [Spectre], 2) Branch target injection [Spectre], 3) Rogue data cache load [Meltdown]. Spectre attacks affect almost ALL MODERN CPUs, while Meltdown "only" affects Intel CPUs starting from 1995 and some ARM cores... These hardware bugs are basically caused by technically a design flaw in the modern CPU architectures, where Meltdown is specifically on x86 architecture. The extra bad news is that the global fix for Meltdown that has already been implemented to all major OSs will lead to performance decreases on all Intel CPUs, especially pre-2010 models. More on this in the Meltdown section.

SPECTRE:
What? - Spectre breaks the isolation between applications. This means that a harmful application exploiting spectre could read information from memory and hence from other apps. Even though the applications are coded by today's standards for optimized security, Spectre can actually benefit from this. Spectre is harder to exploit, but also harder to fix.
Affects? - All AMD, Intel, ARM CPUs. Yes. ALL OF THEM.
Fix? - Software patches. VERY hard to fix and a 100% fix is probably impossible. Rolleye

MELTDOWN:
What: Meltdown breaks the isolation between user applications and the operating system. This allows the exploit to read information from the memory, thus making it possible to gain information from others applications running in memory, which might include passwords etc.
Affects: All Intel CPUs from 1995-> (excluding Itanium and Atom before 2013). ARM: Cortex-A75. (Variant 3a also Cortex-A15-, A57- ja A72). AMD not affected.
Fix: KPTI (Kernel Page Table Isolation). This means that the kernel memory is completely isolated. This is done via Operating system patches / updates + microcode / firmware update. The Linux kernel has already been patched for this exploit, and an emergency Microsoft update KB4056892 has been released, that implements the first step of the fix. However this is a hardware bug/flaw, which means that Intel has to also issue some sort of microcode / firmware update to completely fix this. Note that the Windows Update is not being enabled on all PCs because it's NOT COMPATIBLE with most anti virus software. More on this as the story unfolds. And now for the worst news.
Performance degradation: The KPTI fix will lead to performance degradation on the Intel x86 platform. There are no proper tests of the amounts of performance degradations of yet, but they can be expected to range from virtually nothing to almost 30% in cases where a lot of CPU I/O calls are being made. This means that for gaming and general usage the performance degradation shouldn't be that noticeable, but for special high I/O workloads like certain SQL functions ran with the fix resulted in up to 23% performance degradation.

TL;DR
All modern CPUs have a hardware bug / design flaw that makes them vulnerable to two different exploits. The exploits can be used to (for example) read passwords from the memory. One of the bugs is easy to fix with OS patches but will result in performance degradation in Intel processors. The other exploit is hard to fix.

{Tried to write this as simply as possible. Will update when more info arises. Updates marked with heading UPDATE: (date)}


SOURCES:
https://meltdownattack.com/
https://meltdownattack.com/meltdown.pdf / https://spectreattack.com/spectre.pdf
https://www.theregister.co.uk/2018/01/02...sign_flaw/
https://googleprojectzero.blogspot.fi/20...-side.html
https://newsroom.intel.com/news/intel-re...-findings/
https://developer.arm.com/support/security-update
https://www.amd.com/en/corporate/speculative-execution
https://support.microsoft.com/en-us/help...s-released


UPDATE 11.01.2018: Intel released benchmarks detailing processor slowdowns of a few configurations.

The performance hits ON BENCHMARKS range from 7% - 8% on average.

[Image: b6028a7c6c.png]

https://newsroom.intel.com/editorials/in...t-systems/
http://www.pcgamer.com/intel-shares-more...n-patches/
https://www.engadget.com/2018/01/11/inte...-slowdown/

[Image: gKvxXZK.png]
[Image: mystard_steam1.png]
Visit this user's website Find all posts by this user
Quote this message in a reply
05-01-2018, 06:48 AM
Post: #2
Thrasher Offline
Meme Supreme
*****
Server Supremes
Posts: 4,678
Joined: Sep 2012
Reputation: 185
Confirmed Active Member Top Spammer
RE: The 2018 CPU vulnerability disaster (SPECTRE & MELTDOWN)
2 researchers have unintentionally unleashed a new hackers apocalypse. 2018 is already looking great xd

[Image: ?xm5lLD3.png,0GkVcJU.png,d8kMRLH.png,KMe...J2SL8J.gif]

[Image: 7TR0f7G.gif]
HERE IS THE MEANINGS OF LIFE (Click to View)
dank warning
volume warning
[Image: SQZ7eND.jpg]
KappaKappa
Visit this user's website Find all posts by this user
Quote this message in a reply
05-01-2018, 08:58 AM
Post: #3
Haures Offline
Aka meagain
**
Beginners Members
Posts: 1,481
Joined: Dec 2015
Reputation: 89
Outstanding Achievement Winner Confirmed Active Member
RE: The 2018 CPU vulnerability disaster (SPECTRE & MELTDOWN)


Find all posts by this user
Quote this message in a reply
05-01-2018, 01:06 PM
Post: #4
Mystik Online
¯\_(ツ)_/¯
**
Clan Friends
Posts: 214
Joined: Mar 2012
Reputation: 19
RE: The 2018 CPU vulnerability disaster (SPECTRE & MELTDOWN)
(05-01-2018 08:58 AM)Haures Wrote:  


However, this is not all that's needed to actually make the patch work. As he has commented on the video.

[Image: c37799e2ff.png]

(04-01-2018 08:18 PM)Mystik Wrote:  an emergency Microsoft update KB4056892 has been released, that implements the first step of the fix. However this is a hardware bug/flaw, which means that Intel has to also issue some sort of microcode / firmware update to completely fix this. Note that the Windows Update is not being enabled on all PCs because it's NOT COMPATIBLE with most anti virus software.

[Image: gKvxXZK.png]
[Image: mystard_steam1.png]
Visit this user's website Find all posts by this user
Quote this message in a reply
07-01-2018, 02:32 PM
Post: #5
$ubzero Offline
So tired!
**
Clan Friends
Posts: 880
Joined: Feb 2015
Reputation: 52
RE: The 2018 CPU vulnerability disaster (SPECTRE & MELTDOWN)
Don't know that much about this but thanks for the information.
Is this something I should take in account for/while building a new PC or is it like you said on every CPU?

[Image: 2wpt7rm.png]

"Maybe it's all you need, but it's not all I give you"

"You can't change what happend, only what will come"

Hate or Love Mette will always stay my dove
"quote thnx Zeme"

Banger is better then me at HS! Biggrin
Find all posts by this user
Quote this message in a reply
07-01-2018, 03:23 PM
Post: #6
Mystik Online
¯\_(ツ)_/¯
**
Clan Friends
Posts: 214
Joined: Mar 2012
Reputation: 19
RE: The 2018 CPU vulnerability disaster (SPECTRE & MELTDOWN)
(07-01-2018 02:32 PM)$ubzero Wrote:  Don't know that much about this but thanks for the information.
Is this something I should take in account for/while building a new PC or is it like you said on every CPU?

Spectre affects (almost) all CPUs. Meltdown affects (almost) all Intel CPUs.

Well you can take it in to consideration yes, Intel CPUs will get a bit slower, most likely not in a way that is visible to a normal user nor gamers. I'm still gonna buy the 8700K and invest in that stupid Z370 platform that will be supported for like 6 months or something....

You can basically expect new CPUs without these vulnerabilities in like a year or something... Maybe... As these flaws / bugs generally have to do with the entire architectures CPUs are made with Rolleye

For me this won't affect my CPU purchase decision because all CPUs are vulnerable, and even with like 0,5% degradation on Intel CPUs they will still be the gaming kings.

[Image: gKvxXZK.png]
[Image: mystard_steam1.png]
Visit this user's website Find all posts by this user
Quote this message in a reply
08-01-2018, 05:48 PM (This post was last modified: 08-01-2018 05:48 PM by Mystik.)
Post: #7
Mystik Online
¯\_(ツ)_/¯
**
Clan Friends
Posts: 214
Joined: Mar 2012
Reputation: 19
RE: The 2018 CPU vulnerability disaster (SPECTRE & MELTDOWN)
3 class-action lawsuits already in the making!

https://www.theguardian.com/technology/2...s-computer

[Image: gKvxXZK.png]
[Image: mystard_steam1.png]
Visit this user's website Find all posts by this user
Quote this message in a reply
12-01-2018, 05:08 PM (This post was last modified: 12-01-2018 05:09 PM by Mystik.)
Post: #8
Mystik Online
¯\_(ツ)_/¯
**
Clan Friends
Posts: 214
Joined: Mar 2012
Reputation: 19
RE: The 2018 CPU vulnerability disaster (SPECTRE & MELTDOWN)
UPDATE 11.01.2018: Intel released benchmarks detailing processor slowdowns of a few configurations.

The performance hits ON BENCHMARKS range from 7% - 8% on average.

[Image: b6028a7c6c.png]

https://newsroom.intel.com/editorials/in...t-systems/
http://www.pcgamer.com/intel-shares-more...n-patches/
https://www.engadget.com/2018/01/11/inte...-slowdown/

[Image: gKvxXZK.png]
[Image: mystard_steam1.png]
Visit this user's website Find all posts by this user
Quote this message in a reply
« Next Oldest | Next Newest »
Post Reply 


  • View a Printable Version
  • Send this Thread to a Friend
  • Subscribe to this thread
Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | Site | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication

Powered By MyBB, © 2002-2018 MyBB Group.
Design: Duru
Theme reworked by Destroy666