# speculative execution & side-channel vulnerabilities in CPUs



## Jeffbert (Mar 6, 2019)

According to this article, current CPU design makes them inherently vulnerable to hacking.  



> Ultimately, they found that speculative vulnerabilities present a challenge that no software or code-based mitigation can truly address. The conclusion is that all processors that employ speculative execution will remain vulnerable at a hardware level, and the only magic bullet is a significant change in CPU design, leading to more secure hardware and the isolation of hardware and operating system processes.


Unless modern CPU design changes significantly, side-channel attack vectors aren't going anywhere (TECHSPOT)

No mention of such weakness in Macs, though.


----------



## Nozzle Velocity (Mar 6, 2019)

Jeffbert said:


> According to this article, current CPU design makes them inherently vulnerable to hacking.
> 
> 
> Unless modern CPU design changes significantly, side-channel attack vectors aren't going anywhere (TECHSPOT)
> ...



I didn't read Google's paper because I'm using Firefox, but I was sceptical about calling this a side-channel attack when the news of this hit last year. You have to be in the system via malware in order to exploit these cpu speculative vulnerabilities. At that point, you may as well be sitting at the keyboard yourself. It's basically no different than any other malware. Why bother with predictive branches once you're in the system?


----------



## Jeffbert (Mar 8, 2019)

I am not as tech-savvy as I once was, so this whole discussion is hard to follow. But I love your avatar!


----------



## Nozzle Velocity (Mar 9, 2019)

Jeffbert said:


> But I love your avatar!



HaHa! Thanks. It's from one of those DC cartoons in the 70s. I picked it years ago for a music forum, but I had no idea who it was. I later learned it's Black Mantis, Aquaman's arch-nemesis, designed by Alex Toth.


----------



## Jeffbert (Mar 17, 2019)

That guy and *Mysterio* (A Spiderman enemy)  are so cool!


----------



## HanaBi (Mar 18, 2019)

Not sure if this is a direct correlation, but all the same Intel seems to have dropped the ball again, and it would appear they're a little clueless how to pick it up again. 

Needless to say the AMDs of this world are laughing their page mappings off 

SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability


----------



## Nozzle Velocity (Mar 22, 2019)

Spectre works against Intel, AMD and ARM architectures. But these are all "proof of concepts". Spectre, Meltdown, SPOILER, none of these have been seen in the wild yet. They inevitably will someday, but again, it's the same as any malware: the problem is that it's in your system. Imagine you have security cameras in your home, but you lock the doors because you don't want anyone breaking in and using the cameras to see what's in your house. I don't see why malware designers would have a critical need for Rowhammer or other side channel attacks when they would already have access to the system at that point. Like I said, once they're in your system, they may as well be sitting at your keyboard.


----------



## Jeffbert (Mar 22, 2019)

Hmmm. Makes sense to me.  But what about Norton, and other protection suites? These are constantly updated. Are they also so full of holes, that they don't matter?


----------



## Nozzle Velocity (Mar 22, 2019)

Well, there's no silver bullet, but I wouldn't necessarily call anti-virus suites irrelevant. The problem with Norton, Kaspersky, McAfee, etc., is that they're always scrambling to keep up with new attacks and sometimes give false positives. They're resource hogs and you take a performance hit when you leave them running for real-time protection. Sometimes they become attack vectors (targets) in themselves. Also, Norton puts its hooks deep into your OS, making it sometimes impossible to remove completely. I've heard of some people having to wipe their hard drive completely to get rid of Norton.

I'm running Windows and have simply used Windows Defender for real-time protection for years now. Don't open e-mails from sources you don't know, and stay away from dark corners of the web. It sounds simple, but those actions alone go a long way to protection. Once a week I'll do a complete system scan with Defender, then I'll use a couple of spyware scanners like Malwarebytes and Super Anti-Spyware for a complete scan and shut them off for another week. It's still possible to get hit, but I'd rather do this than run those anti-virus pigs all the time.

These Spectre/Meltdown types of attacks are being hyped as though they're impervious to anti-virus checks, but no one says it specifically that I can find. And notice this part of that Register article: "This security shortcoming can be potentially exploited by malicious JavaScript within a web browser tab, or malware running on a system, or rogue logged-in users, to extract passwords, keys, and other data from memory. *An attacker therefore requires some kind of foothold in your machine in order to pull this off.*"

This description is no different than any other malware in existence, so I'm not seeing these new attacks as extraordinarily dangerous.


----------

