-
Competitor rules
Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.
Yet another Intel CPU security vulnerability!
- Thread starter Selekt0r
- Start date
Soldato
Was gonna say this a few days ago. I would not be surprised if these vulnerabilities are not by accident but by design.
You mean intentional weaknesses for NSA/CIA to exploit?
One of the aspects that has made security issues a bit more troubling lately is advances in things like machine learning which has made it possible to understand data/patterns at a level not really possible before - making it easier to identify weaknesses amongst a sea of noise, etc. where previously they were protected by a prohibitive amount of obscurity that no one really predicted would be defeated any time soon.
Last edited:
Soldato
Yes exactly.
I personally think that a lot of these things including software vulnerabilities are actually intentional.
They only become public and eventually patched, once they become of no use to the NSA/CIA etc... and or they fear the secret is out and malicious actors are starting to use them.
The rabbit whole is that companies like Intel have known about the issues with their hardware for years and are not allowed to fix them because the US government orders them not to.
China my favorite government and evil mastermind. Is rumored to have a whole army of degree and PHD hackers, sorry researches working on cyber warfare. That once a vulnerability is found to exist and becomes well known. It simply has to be patched fast.
We know the code can be run on the target machine using a website. We know that firefox can be used to do this. https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/
CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
Reporter
Multiple independent researchers
Impact
high
Description
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads.
Note: users need to update to macOS 10.14.5 in order to take advantage of this change.
That once the code runs it works.
https://software.intel.com/security...tel-analysis-microarchitectural-data-sampling
Disable simultaneous multithreading (SMT)
Another method to prevent the sibling thread from inferring data values through MDS is to disable SMT either through the BIOS or by having the OS only schedule work on one of the threads.
Have fun people, you can't beat the researchers.
Last edited:
Certainly some of these are suspiciously useful when you have a foot in the door but need to be able to snoop beyond normal network/enterprise security boundaries especially in that they leave very little in the way of a footprint in many cases. Ultimately though I guess we will never know.
EDIT: There are a lot of weird things when it comes to CPU behaviour though that can be impossible to predict at design time when some clever person finds ways to combine obscure operations to produce unexpected outcomes such as for example https://en.wikipedia.org/wiki/Fast_inverse_square_root
First one so it is fixed (I think you misunderstand that security advisory anyhow they've taken a precaution of implementing an Apple fix to provide extra resilience), second one no one is saying SMT doesn't present a threat on Intel systems but that doesn't mean it is universally a threat.
Last edited:
Learn to stay with the evidence, trust the people doing the research. Their whole reputation and livelihoods are on the line. They know the subject inside and out. Nothing in their white paper is seen in any way as wrong or contentious. No one casts doubt on their research, they are accepted by everyone even Intel. If they say disable SMT. Then they are right, until you can prove them wrong via pear review research. Until then don't troll people that get the research and accept the findings. Just makes you look like a fool.
As I've said many times what I'm saying does not conflict with the information in those white papers, etc. it is your lacking understanding of the subject that means you can't, and apparently have no interest in trying to, follow the interpretation.
At no point am I saying these people are wrong - I've pointed out where factors that they haven't elaborated on exist that are a barrier between their proof of concept and a real world environment.
Last edited:
They have proven their position. You are giving opinion, without any evidence other than a hypothesis. You are just stating well its unrealistic. Sure great, were is your proof? There's none. If you provide no proof, then you can be disregarded without proof. Do you get how hard it would be to even prove what you are arguing? You would have to show by attempting to write the tools and find those problems you think exist. Then present that proof. Then you can go running your mouth off about it. If not, then the expert with proof of concept and a written proof describing the method. Who states why you should turn SMT off. Would be the argument that stands without question.
I have provided examples that can be proved - such as the fact that you can't just bombard passwd as in their example in a real environment. I've also presented reasoning as to why it is unrealistic.
The simple fact is as things stand for someone to use these exploits and take advantage of vulnerabilities enabled by hyper-threading on the average user desktop they need to already have one leg inside the system and by that point you already have your pants down and that isn't at odds with anything said by experts. Much of the advice about disabling SMT as a security advisory is aimed at shared hosting type environments where significant weaknesses exist that facilitate using these exploits that don't on a typical desktop.
Just because an expert says the only way to mitigate such and such an attack is to disable hyper-threading doesn't meant that it is feasible to carry out that attack - the subtle point about a vulnerability can exist in a system but doesn't mean a system is vulnerable that some seem to have trouble understanding.
Your browser will disable HT for you by only scheduling work on one of the threads. Or like google just disable it in hardware. It's like everyone does not believe you.
Ignoring that, the advice given by the expert is disable HT. This expert has reasonable proof behind his reason. It is a reasonable position given the evidence they present, for me to say disable HT. Get how a real debate goes? I don't have to prove it, as this has been done for me. I don't have to understand the evidence inside out because it already been done and advise given.
By stating that advice its reasonable regardless of my limitations to explain or prove it. This has already been done for me. This call that type of argumentation playing the man and not the ball.
I just have to refer to it as a source and state this is why. Once that's done if you disagree with an accepted position like that. It's you who has to meet burden of proof. NOT ME. You failed to provide any proof, so your argument is not reasonable. No proof, I can just reject you out of hand. Regardless of how valid you think you are or reasonable you think your argument is.
Last edited:
Thereby mitigating the ability to use an attack like RIDL (if it was even possible) without the end user having to disable HT wholesale on their system!
It isn't about no one believing me - as is common with security advisories they will cover the lowest common denominator and for companies like Google with the purported reasons for using their hardware (ease and security, etc.) it is more of a business/political reason to cover their back than a technical one.
There is no conflict between generally advising people to turn off HT and me saying in reality as things stand by the time these exploits can benefit from HT weaknesses the pre-requisites for getting to that point in a typical consumer desktop environment mean you are already owned so disabling HT doesn't significantly change your security position and if you are that worried you'd be better off moving away from Intel entirely.
To be frank if you were correct we would see desktop systems being compromised left, right and centre - in reality there are many obstacles between these proof of concepts and being used in a real world environment hence as I said they showed off examples running on the same system against a specially crafted victim process rather than demonstrating the attack going through a standard browser environment and compromising arbitrary privileged data.
There could be exploits right now, can you proof that as untrue? See how you take your opinion as a reasonable argument. Yet provide nothing to substantiate it but I have to prove the earth is round in great detail and show my compete understanding. I hate to say it but IT Troll, lives up to his name.
This thread is starting to remind me of a famous quote...
William Shakespear said:
I'm all server'd out for the day so thought I would check in and have a gander. I think the point has been reached where agreement to disagree is the only way forward. I also just noticed that NetCat hasn't been mentioned yet, I like this one probably my favourite one so far.
Last edited:
There are lots of zero days exploits running around at any one time, one I remember could just let you take over a windows machine. Why has the world not ended? Why is every desktop systems being compromised left, right and centre....
There are companies such as Mirabilis, IBM, etc. that spend significant time monitoring for these kind of things - using honeypots and so on - exhaustively testing to see if exploits are live - we would know. If it was as easy as you were making out it would be being used extensively not just isolated cases here and there.
Back to name calling are you. Well I think you have demonstrated your name perfectly describes your capacity to process information. Definitely an 8-bit brain.
Did they find all the NSA hacking tools before they leaked? The ones everyone rushed to patch? Including several zero-day exploits.
Hackers are using leaked NSA hacking tools to covertly hijack thousands of computers
https://techcrunch.com/2018/11/28/hackers-nsa-eternalblue-exploit-hijack-computers/
Last edited:
Same level of quality argument from the troll. Don't you have a bridge to live under?