Safe nowhere - CPU Vulnerability on Intel - AMD and ARM!
Tech companies are trying to fix the problem with CPU's that can be exploited to leak data from computers.
Google Project Zero team discovered a serious problem with the INTEL , AMD and ARM chipsets that can cause leakage of data from computers.
Before public announcement, this isse was reported to AMD - ARM and INTEL on 01.06.2017
AMD reports an update on the issue.
ARM proposes a software update to fix the issue
INTEL provides no feed-back until now.
According to their report, there are 3 variants of the issue :
Variant 1 : Bounds check by-pass ( called Spectre )
Variant 2 : Branch target injection( also called Spectre )
Variant 3: Rogue data cache load ( called MeltDown )
Spectre Attack
The SPECTRE attack is targeting high speed CPU since these processors, to increase the speed uses a tecnique called Speculative Execution.
Speculative execution:
Guessing future execution path and prematurely executing instructions in them.
This technique opens the CPU to the hacks as it is defined in the paper :
As a summary, Spectre is fooling the speculative execution property of CPU to leak information from victims computer.
MeltDown Attack
The MELTDOWN attack is targeting another optimization technique called Out of Order Execution.
Out of Order Execution :
Processing information as soon as resources are available instead of traditional sequenatial execution.
That is a strong optimization way but on the other side this exposes the CPU to attacks as defined in the paper.
To simplify, MeltDown attack is using the cache data storing property of Out of Order Execution technique to steal data from the stored cache.
Since this issue is found six months ago but annouced to public just recently, the big question mark is "is this already being exploited and to what extent"
FD.
It is noteworthy that to AMD chips v2 is only in limited cases and v3 not at all applicable, as far as the current state of news allow to guess. It is also possible that the only AMD CPU affected is the Opteron ones based on ARM architectures. Which would explain the statement by AMD that "they" are not affected by the attack.
The test is done on the following processors :
As I can understand from Google team report, all these processors have the bug.
But it is fair to say, if the CPU is using the speculative execution or Out of Order execution method, it is likely to have this vulnerability.
I am following the further declarations on the issue.
raspberry pi cpu's are all clear! might be worth having a backup machine around! :)
@originalworks
The @OriginalWorks bot has determined this post by @firedream to be original material and upvoted it!
To call @OriginalWorks, simply reply to any post with @originalworks or !originalworks in your message!
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by firedream from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews/crimsonclad, and netuoso. The goal is to help Steemit grow by supporting Minnows and creating a social network. Please find us in the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP. Be sure to leave at least 50SP undelegated on your account.
Wow, while everyone is thinking about how to make more money, not everyone is thinking about saving the money from attacks!!! Great job FD. My PC is 7 years old , Intel dual core. Any idea how to clear the cpu cache ?
Don't worry friend. This bug is only for the new developed high-speed CPU's using speculative execution or out of order execution method. Dual cores still old and safe.
So Now I can say "Old is Gold" hehehehe
You got a 0.83% upvote from @postpromoter courtesy of @firedream!
Nice article. Thank you for your support :)
Thank you @hanen
I manage a large user base (around 2000)....its unbelievable these things are kept quiet for so long. My hope is as you say....hasnt been exploited to much thus far.
Seems we will never know that...
when something is digital accept that you no longer have control of it. period. every part, every protocol, every exchange is a possible vulnerability.
time to break out the raspberry pi's ;) they are safe ;)
Exactly, more complicated more hackable...
Sneaky Ninja Attack! You have been defended with a 1.50% vote... I was summoned by @firedream! I have done their bidding and now I will vanish...Whoosh