• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Skyfall and Solace Could be the First Attacks Based on Meltdown and Spectre?

btarunr

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,194 (7.56/day)
Location
Hyderabad, India
System Specs
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
Out of the blue, a website popped up titled "Skyfall and Solace," which describes itself as two of the first attacks that exploit the Spectre and Meltdown vulnerabilities (it doesn't detail which attack exploits what vulnerability). A whois lookup reveals that the person(s) behind this website may not be the same one(s) behind the Spectre and Meltdown website. The elephant in the room, of course, is that the two attacks are named after "James Bond" films "Skyfall" and "Quantum of Solace." The website's only piece of text ends with "Full details are still under embargo and will be published soon when chip manufacturers and Operating System vendors have prepared patches," and that one should "watch this space for more." We doubt the credibility of this threat. Anyone who has designed attacks that exploit known vulnerabilities won't enter embargoes with "chip manufacturers and operating system vendors" who have already developed mitigation to the vulnerabilities.



View at TechPowerUp Main Site
 
Prima.Vera

Prima.Vera

Joined
Sep 15, 2011
Messages
6,693 (1.39/day)
System Specs
Processor Intel® Core™ i7-13700K
Motherboard Gigabyte Z790 Aorus Elite AX
Cooling Noctua NH-D15
Memory 32GB(2x16) DDR5@6600MHz G-Skill Trident Z5
Video Card(s) ZOTAC GAMING GeForce RTX 3080 AMP Holo
Storage 2TB SK Platinum P41 SSD + 4TB SanDisk Ultra SSD + 500GB Samsung 840 EVO SSD
Display(s) Acer Predator X34 3440x1440@100Hz G-Sync
Case NZXT PHANTOM410-BK
Audio Device(s) Creative X-Fi Titanium PCIe
Power Supply Corsair 850W
Mouse Logitech Hero G502 SE
Software Windows 11 Pro - 64bit
Benchmark Scores 30FPS in NFS:Rivals
 
L

londiste

Joined
Feb 3, 2017
Messages
3,732 (1.32/day)
System Specs
Processor Ryzen 7800X3D
Motherboard ROG STRIX B650E-F GAMING WIFI
Memory 2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s) INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage 2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s) 42" LG C2 OLED, 27" ASUS PG279Q
Case Thermaltake Core P5
Power Supply Fractal Design Ion+ Platinum 760W
Mouse Corsair Dark Core RGB Pro SE
Keyboard Corsair K100 RGB
VR HMD HTC Vive Cosmos
Please try to split the text into paragraphs a bit ;)
We doubt the credibility of this threat. Anyone who has designed attacks that exploit known vulnerabilities won't enter embargoes with "chip manufacturers and operating system vendors" who have already developed mitigation to the vulnerabilities.
Click to expand...
I cannot agree with this editorial note. Spectre is a class of vulnerabilities, so more vulnerabilities/attacks or their variants were and are likely to appear sooner rather than later.

With the problem being in hardware and hardware design rather than specific bugs, software patches are mitigation measures not a complete fix. Even with current (rushed and incomplete) patches, both chip and operating system vendors may want to take additional measures when new ways to attack are found. Embargoes are also pretty standard operating procedure in these situations.
 
R

R0H1T

Joined
Apr 12, 2013
Messages
7,483 (1.77/day)
londiste said:
Please try to split the text into paragraphs a bit ;)
I cannot agree with this editorial note. Spectre is a class of vulnerabilities, so more vulnerabilities/attacks or their variants were and are likely to appear sooner rather than later.

With the problem being in hardware and hardware design rather than specific bugs, software patches are mitigation measures not a complete fix. Even with current (rushed and incomplete) patches, both chip and operating system vendors may want to take additional measures when new ways to attack are found. Embargoes are also pretty standard operating procedure in these situations.
Click to expand...
Yup 200% this, many people do not understand this ~ Spectre 1 & 2 are just ways to exploit the speculative execution flaws in OoO chips, like CFL or indeed Ryzen. There can technically be as many variants of spectre as there are (different) chips, meltdown patches are also probably not 100% secure without a hardware fix.
 
THU31

THU31

Joined
Dec 12, 2012
Messages
771 (0.18/day)
Location
Poland
System Specs
System Name THU
Processor Intel Core i5-13600KF
Motherboard ASUS PRIME Z790-P D4
Cooling SilentiumPC Fortis 3 v2 + Arctic Cooling MX-2
Memory Crucial Ballistix 2x16 GB DDR4-3600 CL16 (dual rank)
Video Card(s) MSI GeForce RTX 4070 Ventus 3X OC 12 GB GDDR6X (2610/21000 @ 0.91 V)
Storage Lexar NM790 2 TB + Corsair MP510 960 GB + PNY XLR8 CS3030 500 GB + Toshiba E300 3 TB
Display(s) LG OLED C8 55" + ASUS VP229Q
Case Fractal Design Define R6
Audio Device(s) Yamaha RX-V381 + Monitor Audio Bronze 6 + Bronze FX | FiiO E10K-TC + Sony MDR-7506
Power Supply Corsair RM650
Mouse Logitech M705 Marathon
Keyboard Corsair K55 RGB PRO
Software Windows 10 Home
Benchmark Scores Benchmarks in 2024?
Was there a "Meltdown" Bond movie that I missed?
 
remixedcat

remixedcat

Joined
May 13, 2010
Messages
6,040 (1.14/day)
System Specs
System Name RemixedBeast-NX
Processor Intel Xeon E5-2690 @ 2.9Ghz (8C/16T)
Motherboard Dell Inc. 08HPGT (CPU 1)
Cooling Dell Standard
Memory 24GB ECC
Video Card(s) Gigabyte Nvidia RTX2060 6GB
Storage 2TB Samsung 860 EVO SSD//2TB WD Black HDD
Display(s) Samsung SyncMaster P2350 23in @ 1920x1080 + Dell E2013H 20 in @1600x900
Case Dell Precision T3600 Chassis
Audio Device(s) Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DAC
Power Supply 630w Dell T3600 PSU
Mouse Logitech G700s/G502
Keyboard Logitech K740
Software Linux Mint 20
Benchmark Scores Network: APs: Cisco Meraki MR32, Ubiquiti Unifi AP-AC-LR and Lite Router/Sw:Meraki MX64 MS220-8P
is this gonna be like "muh russia" conspiracy theory the fake news networks are obsessed with?
 
R-T-B

R-T-B

Supporter
Joined
Aug 20, 2007
Messages
21,421 (3.40/day)
System Specs
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
remixedcat said:
is this gonna be like "muh russia" conspiracy theory the fake news networks are obsessed with?
Click to expand...

Not sure how to take this, except to point out these vulnerabilities are not conspiracy theories. Neither is Russian meddling in the election likely to be, ironically. The idea Russia "rigged" the election is pretty BS though.
 
Last edited:
You must log in or register to reply here.
Top