In that the original chip design team would have known? In my opinion, unlikely, as optimization paths like this have been around since CISC became mainstream and academically since around the 90’s. For ‘Meltdown’ it is more on Intel (and will be fascinating to how they respond to the inevitable class actions), but for Spectre, and the general use of the exploit, (which is inherent in pretty much every device we have today) it’s just more a case that the specialists that design these things were never the sort of people to look at security attack vectors methodically.
It then becomes a question of if Intel or anyone else thought of this but then decided not to say. Given Skylake/KabyLake and recent processors could have done something but didn’t, again unlikely. They could have fuzzed it a bit, but didn’t. The way the Intel board acted when Google informed them sort of indicates that they reacted like they really didn’t know anything (other than selling stock asap).
The Google team that discovered these literally just do this sort of thing for a living. Timing side-channel as an attack vector for CPU execution paths is something they figured out probably because they already have a body of work in Web security timing attacks, so it’s the case where the security people thought about the microprocessor side rather than the microprocessor side thought about security. As Chrome as browser becomes more of an OS in itself, they realized that direct memory access and really accurate performance timers made this possible. Ironic, as the next chrome patch will take out the shared buffer memory access and reduce the accuracy of the performance timers exactly to try to stop people attempting this.
As for a nation state knowing about it, I’d bet one of @BeachAV8R’s dollars that there are enough smart people at the NSA that weaponized this if they could and might have. Very hard to tell.
So to expand on this a bit, as I tried to be succinct but sort of shortcutted too much.
The exploit is that we don’t know which book I had, but by asking the Librarian for a systematic list of books from A to Z, and then using the info of how long it takes for them to get them is the key. The fact that ‘Best Books’ was on the Librarian’s desk was because I had previously (in secret) returned it to the Library and that the ‘optimization’ that the Librarian uses is to keep recently returned books on her desk as it’s then quicker to then go loan them out to other people immediately rather than having to go all the way over to the shelves where the books are kept in neat order. We are using the ‘timing’ of systematic question/answers to reveal secret info.
The Spectre exploit is a bit like this, but good enough for an analogy. The protected memory is never revealed but the optimization of keeping recently run info in a faster area then allows unprotected users to go ask for secrets and always get a ‘no’ but a ‘no’ that varies in timing. By trying all the combinations per memory address (computers are very quick at repetition) then by the case of elimination you find your secret. Hence, a side channel exploit.
Incidentally, if you enjoyed that sort of ‘Huh, that’s neat’ aspect of how this happened then a very enjoyable (and readable) intro into cryptography book is ‘Code’.
Fascinating stuff fearless. Steve Gibson must be feeling as giddy as a school girl at a feature length Frozen sequel about now. One doesn’t have to think very hard to imagine where this could all be bad. I was going to ask at which end would the vulnerability be most effective, but I guess that it could be either. If I lock down the front end with hardware based 2FA and the rest of the industry standard cybersecurity measures, there’s the back end to worry about.
The most urgent thing is probably the web browsers, as getting someone to read a malicious bit of javascript and people spelunking your address space is pretty much as bad as it can be. After that it’s all the Cloud vendors, as in Google, Amazon AWS and Microsoft have to patch up the OS (at least in terms of Meltdown) on the Intel side, as it’s trivial to get a cloud account and go spelunking in other people’s address space, as in their virtual instances that they thought were private (cloud computing is pretty much costed around virtualization, so they are hit hard by this). The reason it is called ‘Meltdown’ is that it literally melts the hard divisions of protected memory addressing that everything above the processor has relied on.
If the browsers are secure and it’s a phone or PC then it’s then a case of malware, as in downloading something naughty that does bad things. That’s more in the domain of ‘who do you trust’ rather than actual mechanical security measures in the world of Windows, but in the area of the Linux/*nix’s it’s more serious. Although I didn’t go into it, the fundamental memory model of kernel/user space memory protection is potentially broken with Spectre. If you run something under your account in Unix then it can only really impact/see within that space, but with this it’s more up for grabs.
Intel are taking the stance that ‘it is what it is, what can you do?’ as in, it’s up to compiler writers to look out for this or something. They aren’t going to update older processor firmware microcode. They might even see it as a market opportunity to sell something newer and perhaps faster (especially if your current hardware is about to get slower with an OS patch etc).
I wouldn’t take any of the performance hits for granted, though, given the short reaction time. Surely these will become smaller as they spend more time refining the security measures.
Performance is money, so there is a strong incentive to get as close to performance pre patch as possible.
I hope so, plus in terms of desktop graphics games maybe little impact. As for refinement, the fix is to turn off the optimization as that’s the thing that leaks information. Not sure how that could be made better, but you’re right that there is a huge amount of money/liability riding on this so people will be concentrating on it.
For Chrome/Firefox, they removed features for SharedBuffer and reduced the performance.now timer resolution. I’m not even that sure that a web browser should even have that sort of OS like abilities anyway, as in, what happened to just showing web pages?
I’m certainly no expert when it comes to the low level OS memory handling stuff (not even close), but maybe there is some leeway to cache some stuff intelligently without making the system vulnerable.
All of this is competing with DCS patches and my new build to create the perfect storm. I went to fly last night SP to unwind from the stress and strain of everyday life. OMG stutters like hello wtf… troubleshooting followed and it stopped when I disabled ccleaner running in the background. This was fine to have running prior to the previously mentioned coinciding. Now I don’t know who to blame but at least it is an easy fix
If you see any game slow-down after installing that then try turning off the ‘Xbox Game DVR’ feature they helpfully included for everyone.
In Windows 10, type ‘Settings’ and then look for the new ‘Gaming’ section. The ‘DVR’ is on by default, so hit the off on the ‘Record game clips…’ bit (unless you want it of course).
It’s interesting because after I rebooted, I guess Windows Defender ran a new scan and I’m getting a trojan alert for this file, which is a direct download from the Reality XP website (for the GTN 750)…
If I wasn’t covered in tinsel and entangled with Xmas lights I’d one day like to do a small write up on how the heuristics work for virus checkers, and how they pattern match to try to infer that something is being naughty but without ever proving it but executing. It’s a bit of an art.
I’d one day like to do a small write up on how the heuristics work for virus checkers, and how they pattern match to try to infer that something is being naughty but without ever proving it but executing. It’s a bit of an art.