Security issues in CPUs

ENAY · January 04, 2018, 09:14:08

Soooooo, not an expert on things like this, but as I gather it's possible to patch software and even OS security issues, but what if it's CPU architecture?

https://googleprojectzero.blogspot.jp/2018/01/reading-privileged-memory-with-side.html

Also this, a potential fix? But man, safety requires a slower processor.

https://en.wikipedia.org/wiki/Kernel_page-table_isolation

Matty · January 04, 2018, 10:33:57

I glanced over it. What does it mean?

iWasAdam · January 04, 2018, 11:21:08

whilst (in theory) it seems possible. The 'fix' CPU overhead of 5%-30% sounds (mmm, not sure how to phrase it, but...) Odd, almost as if something else was going on?

lets assume a fast cpu. It can run a key logger, virus, etc at virtually no cpu hit. if something was hogging 5%-30% it could be doing ANYTHING <- insert favourite spyware, complete monitoring, face detection, etc.

Not that I'm saying a rogue state/nation would do a thing. but... "its security, it's protecting you" 'could' be used to do lots of other things...

Now where did I leave my tin foil hat and conspiracy theory bedtime reading. I'm sure it was next to my bed. has it been moved? Has someone been in my house? This is not my beautify house, you're not my beautiful wife/husband, etc, etc

Derron · January 04, 2018, 12:12:26

I did not read the article but read that yesterday in German news portals already.

OS tries to split system from "other processes" - so not everything could compromise the OS.
There is a mechanism which should do this (memory tables) - function adresses are stored there.
To make that fast, CPUs have some kind of "hardware acceleration" for this subject.

On Intel CPUs this hardware acceleration contains some flaws - leading so security issues.
To avoid these issues the OS devs have to "fix around" as fixing the CPUs is not "possible".

These fixes seem to be the 5-30% you have read. Previous statements talked about 0.5% (in the thesis papers) while ~5% were measured.

bye
Ron

Henri · January 04, 2018, 15:27:20

This actually seems like a major thing. You can't even switch to AMD as a remedy, because the 'fix' will affect both processors (even though Intel was at fault).

-Henri

Pakz · January 04, 2018, 16:39:55

On the news here a expert said you could probably notice this in the future with cloud drives. Dropbox/gdrive and such. Older computers also would mean more slowdown this.

Still it is early. Not much certainty.

col · January 04, 2018, 16:52:50

Just the tip of the iceberg really.

CPU manufacturers have been using propriety 'code' in their cpus for a while. Who knows if they even have a complete OS kernel running in there? as it's all hidden...
https://boingboing.net/2016/06/15/intel-x86-processors-ship-with.html

Just don't do anything unsavoury on your 'puter and the law enforcing sheep won't come knocking, you can also comfortably and safely remove your shiny hat

It's all getting out of hand really - we all know that MS and Intel sleep together and that the corporates run the goverments but what else can you do? Go totally off-grid is one option I guess

Yue · January 04, 2018, 17:14:40

Around here they say in the news that it is Intel's campaign for people to update their processors. However, updates are expected for operating systems.

Derron · January 04, 2018, 17:40:24

@ Yue
That campaign cost 7% of their stock price (ok, this and a intel boss selling stocks before bug announcement ;-)).

I am pretty sure that this is no "advertising campaign" for processor updates.

Next one will rant that XP does not get an update.

bye
Ron

Yue · January 04, 2018, 19:18:01

ENAY · January 05, 2018, 01:18:38

More news here

My favourite quote

"Again it's not entirely clear, but indications are that every Intel chip with speculative execution (which is all the mainstream processors introduced since the Pentium Pro, from 1995) can leak information this way."

https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/

I'm just pleased I use my Vita to go on the Internet and PS4 for games and still to this day, don't have a smartphone. Have a feeling that I'm safer than most.

These designers only have themselves to blame to be honest.

Goodlookinguy · January 05, 2018, 03:59:01

Quote from: ENAY on January 05, 2018, 01:18:38
I'm just pleased I use my Vita to go on the Internet and PS4 for games and still to this day, don't have a smartphone. Have a feeling that I'm safer than most.

Security through obscurity can be nice, assuming no one targets them. I think IoT device manufacturers had this in mind until the Mirai malware spread through them.

On the topic of this, I get a lot of my tech news from HardOCP:https://hardforum.com/forums/h-ard-ocp-front-page-news.116/ - They've been covering this since the day before it was announced. I'd recommend if you're interested in this to take a read at the articles there covering it. Also Linus Trovalds has been on a rampage: https://hardforum.com/threads/linus-torvalds-blasts-intel-pr-statement-on-cpu-security.1951775/, https://hardforum.com/threads/linus-torvalds-trusts-lisa-sus-commitment-to-amd-cpu-security.1951746/

This is quite an entertaining story for me since I've been using only AMD stuff since forever ago. Not because I'm a fanboy, but because I'm cheap and so are they.

Qube · January 05, 2018, 07:46:32

i think I'll retrofit my iMac with a 386 DX33, break out my tinfoil hat, flask of coffee and see how things are in a few weeks.

In the meantime folks, stay away from dodgy downloads and websites... so same advise as always

Yue · January 05, 2018, 13:34:34

Prices of Intel processors in Colombia have fallen in price, I'm talking about processors that sell used processors.

They're now 50% cheaper. The question is, that's how it affects a common user.

col · January 05, 2018, 14:15:50

QuotePrices of Intel processors in Colombia have fallen in price

In other words...

'There's no REAL need for the cpu to be at this high price, but meh we'll have new yachts as a bonus'