- Joined
- Jun 24, 2023
- Messages
- 30 (0.06/day)
System Name | Pioneer |
---|---|
Processor | Ryzen R9 9950X |
Motherboard | GIGABYTE Aorus Elite X670 AX |
Cooling | Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans... |
Memory | 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30 |
Video Card(s) | XFX RX 7900 XTX Speedster Merc 310 |
Storage | Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs |
Display(s) | 55" LG 55" B9 OLED 4K Display |
Case | Thermaltake Core X31 |
Audio Device(s) | TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED |
Power Supply | FSP Hydro Ti Pro 850W |
Mouse | Logitech G305 Lightspeed Wireless |
Keyboard | WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps |
Software | Gentoo Linux x64 / Windows 11 Enterprise IoT 2024 |
I'm not going to link malware, but you can find source code for examples on as mainstream sites as reddit:Any example of these javascript meltdown exploits out in the wild?
System Name | Main PC |
---|---|
Processor | 13700k |
Motherboard | Asrock Z690 Steel Legend D4 - Bios 13.02 |
Cooling | Noctua NH-D15S |
Memory | 32 Gig 3200CL14 |
Video Card(s) | 4080 RTX SUPER FE 16G |
Storage | 1TB 980 PRO, 2TB SN850X, 2TB DC P4600, 1TB 860 EVO, 2x 3TB WD Red, 2x 4TB WD Red |
Display(s) | LG 27GL850 |
Case | Fractal Define R4 |
Audio Device(s) | Soundblaster AE-9 |
Power Supply | Antec HCG 750 Gold |
Software | Windows 10 21H2 LTSC |
Ok was hoping for some known in the wild examples, but understand why you wouldnt post the links. Will see if I can find anything out.I'm not going to link malware, but you can find source code for examples on as mainstream sites as reddit:
https://www.reddit.com/r/javascript/comments/7ob6a2
System Name | 192.168.1.1~192.168.1.100 |
---|---|
Processor | AMD Ryzen5 5600G. |
Motherboard | Gigabyte B550m DS3H. |
Cooling | AMD Wraith Stealth. |
Memory | 16GB Crucial DDR4. |
Video Card(s) | Gigabyte GTX 1080 OC (Underclocked, underpowered). |
Storage | Samsung 980 NVME 500GB && Assortment of SSDs. |
Display(s) | ViewSonic VA2406-MH 75Hz |
Case | Bitfenix Nova Midi |
Audio Device(s) | On-Board. |
Power Supply | SeaSonic CORE GM-650. |
Mouse | Logitech G300s |
Keyboard | Kingston HyperX Alloy FPS. |
VR HMD | A pair of OP spectacles. |
Software | Ubuntu 24.04 LTS. |
Benchmark Scores | Me no know English. What bench mean? Bench like one sit on? |
To be fair, the vulnerability affects only one set of instructions in AVX2+. Explicit vectorization could forgo the op in favor of alternatives (and afaik, this was the better choice back in the early days).There are many many editing tools that heavily rely on AVX in some form, and there are whole range of applications for WS which will also will be impacted by the "fix".
System Name | Main PC |
---|---|
Processor | 13700k |
Motherboard | Asrock Z690 Steel Legend D4 - Bios 13.02 |
Cooling | Noctua NH-D15S |
Memory | 32 Gig 3200CL14 |
Video Card(s) | 4080 RTX SUPER FE 16G |
Storage | 1TB 980 PRO, 2TB SN850X, 2TB DC P4600, 1TB 860 EVO, 2x 3TB WD Red, 2x 4TB WD Red |
Display(s) | LG 27GL850 |
Case | Fractal Define R4 |
Audio Device(s) | Soundblaster AE-9 |
Power Supply | Antec HCG 750 Gold |
Software | Windows 10 21H2 LTSC |
Just realised, I cant actually disable meltdown as I am now on a CPU with a hardware mitigation. I am going to research what you said anyway for curiosity purposes but on my system its still mitigated.I'm not going to link malware, but you can find source code for examples on as mainstream sites as reddit:
https://www.reddit.com/r/javascript/comments/7ob6a2
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: False
Microsoft has been doing this for a very long time with Windows. Some mitigations for previous vulnerabilities are not active by default on consumer versions of Windows while being enabled on server editions.This uptake in hardware vulnerabilities, and subsequent performance penalties from patches, makes me wonder if operating systems in general should shift towards a linux kernel "flavors" -like approach. Provide two kernels: Performance-oriented with only the most critical microcode patches, and standard/secure with everything locked down.
I'm simplifying this a bit here. This vulnerability allows a malicious program using the AVX2 gather instructions to snoop other programs (within the same core, with or without HT) that utilize different types of AVX2 instructions. In modern systems there's many places those instructions are used, particularly around encryption, but not limited to it - SIMD reading, writing and memory copying are also affected. Basically high-performance code paths.To be fair, the vulnerability affects only one set of instructions in AVX2+. Explicit vectorization could forgo the op in favor of alternatives (and afaik, this was the better choice back in the early days).
Could pose problems to auto vectorization tho. But people don't typically expect that much performance out of them...
I'm not an expert, but I wonder if this feared performance loss could be itself mitigated by rewriting code to do manual loads instead of relying on the faulty ops.
Yes, both "small server" Xeon-E and workstation Xeon-W, but no big chips.was there a xeon rocketlake?
Intel is still supporting Skylake Xeons launched in 2017 until the end of this year. There's a lot of hardware still in use since then, and most likely running earlier architectures.sounds like it's not that big a deal if it's just older hardware but new chips aren't vulnerable to it.
Processor | AMD Ryzen 9 5900X ||| Intel Core i7-3930K |
---|---|
Motherboard | ASUS ProArt B550-CREATOR ||| Asus P9X79 WS |
Cooling | Noctua NH-U14S ||| Be Quiet Pure Rock |
Memory | Crucial 2 x 16 GB 3200 MHz ||| Corsair 8 x 8 GB 1333 MHz |
Video Card(s) | MSI GTX 1060 3GB ||| MSI GTX 680 4GB |
Storage | Samsung 970 PRO 512 GB + 1 TB ||| Intel 545s 512 GB + 256 GB |
Display(s) | Asus ROG Swift PG278QR 27" ||| Eizo EV2416W 24" |
Case | Fractal Design Define 7 XL x 2 |
Audio Device(s) | Cambridge Audio DacMagic Plus |
Power Supply | Seasonic Focus PX-850 x 2 |
Mouse | Razer Abyssus |
Keyboard | CM Storm QuickFire XT |
Software | Ubuntu |
Most attack vectors for Spectre etc. rely on manipulating CPU registers to read/copy data that you shouldn't have access to. There is a tiny window of nanoseconds to read out this data. To my knowledge, most interpreted languages don't allow you to even manipulate CPU registers. I know of two main ways to execute a such attack, either you read out some "random" data which happened to be there, or you target a memory address and let the CPU prefetch it, time an attack and retrieve it before it's removed. Both of these examples would also require some bug in the interpreter. Now I haven't studied what is possible through WebAssembly, so something might be possible there... But if someone shows a loop in JavaScript leak some data from one variable to another, that's a JavaScript bug, not a CPU bug. (And I'm not surprised if there are plenty of ways to escape JavaScript's memory sandbox.)Ok was hoping for some known in the wild examples, but understand why you wouldnt post the links. Will see if I can find anything out.
You are saying that as if it was a teenager on a night out who's got a STD and gave birth to a whole bunch of retarded execs.intel is suffering a streak of bad luck.
System Name | 192.168.1.1~192.168.1.100 |
---|---|
Processor | AMD Ryzen5 5600G. |
Motherboard | Gigabyte B550m DS3H. |
Cooling | AMD Wraith Stealth. |
Memory | 16GB Crucial DDR4. |
Video Card(s) | Gigabyte GTX 1080 OC (Underclocked, underpowered). |
Storage | Samsung 980 NVME 500GB && Assortment of SSDs. |
Display(s) | ViewSonic VA2406-MH 75Hz |
Case | Bitfenix Nova Midi |
Audio Device(s) | On-Board. |
Power Supply | SeaSonic CORE GM-650. |
Mouse | Logitech G300s |
Keyboard | Kingston HyperX Alloy FPS. |
VR HMD | A pair of OP spectacles. |
Software | Ubuntu 24.04 LTS. |
Benchmark Scores | Me no know English. What bench mean? Bench like one sit on? |
Somewhat similar but not quite what I had in mind. Server and PC Windows are de facto two separate platform. The kernel approach I had in mind applies to the same platform depending on the use case, say for example video editing (high performance) and office work (low performance), both cases [generally] apply to the PC (and I'm including workstations in the definition) platform rather than servers. If going by the Windows SKU scheme, they'd need a new Windows version or modify their existing home/pro structure.Microsoft has been doing this for a very long time with Windows. Some mitigations for previous vulnerabilities are not active by default on consumer versions of Windows while being enabled on server editions.
All articles I've read only mention gather instructions. Nothing I've passed mentions anything about traditional load/store instructions.SIMD reading, writing and memory copying are also affected.
Gather instructions are always used on the attacking side. The DOWNFALL whitepaper has a list of affected victim instructions. In case of Tiger Lake 850 instructions leaked data in HT environment.All articles I've read only mention gather instructions. Nothing I've passed mentions anything about traditional load/store instructions.
It doesn't really matter if they are manual or automatic optimizations when, with the test suite from the paper, 53% of tested AVX2/-512 instructions leak data.No one is arguing the benefits of vectorization in general, but there are more ways to skin this cat.
I did contest benefits of compiler auto-vectorizations in typical scenarios. Applications that do benefit from SIMD tend to have explicit implementations, no?
Processor | Ryzen 5 3600 |
---|---|
Motherboard | ASRock X470 Taichi |
Cooling | Scythe Kotetsu Mark II |
Memory | G.SKILL 32GB DDR4 3200 CL16 |
Video Card(s) | EVGA GeForce RTX 3070 FTW3 Ultra (1980 MHz / 0.968 V) |
Display(s) | Dell P2715Q; BenQ EX3501R; Panasonic TC-P55S60 |
Case | Fractal Design Define R5 |
Audio Device(s) | Sennheiser HD580; 64 Audio 1964-Q |
Power Supply | Seasonic SSR-650TR |
Mouse | Logitech G700s; Logitech G903 |
Keyboard | Cooler Master QuickFire TK; Kinesis Advantage |
VR HMD | Quest 2 |
As was linked upthread, it is possible to do this in JS.Most attack vectors for Spectre etc. rely on manipulating CPU registers to read/copy data that you shouldn't have access to. There is a tiny window of nanoseconds to read out this data. To my knowledge, most interpreted languages don't allow you to even manipulate CPU registers. I know of two main ways to execute a such attack, either you read out some "random" data which happened to be there, or you target a memory address and let the CPU prefetch it, time an attack and retrieve it before it's removed. Both of these examples would also require some bug in the interpreter. Now I haven't studied what is possible through WebAssembly, so something might be possible there... But if someone shows a loop in JavaScript leak some data from one variable to another, that's a JavaScript bug, not a CPU bug. (And I'm not surprised if there are plenty of ways to escape JavaScript's memory sandbox.)
It's always a game of cat-and-mouse. Here's a paper analyzing those browser mitigations and finding them lacking in certain areas, a short excerpt:However, browsers quickly mitigated it by reducing the resolution of the timers that Sprectre relied on for its side channel, making data extraction impractical.
SharedArrayBuffer have been disabled by default in Chrome 60 and Firefox 57.0.4 to mitigate Spectre. With the introduction of mitigations to transient execution attacks, they have been reimplemented. They are available by default in Firefox 79 with COOP/ COEP, and by default in Chrome 68. SharedArrayBuffer based timers are, by far, the most powerful timer available in browsers.
[...]
The offered resolution is sufficient to implement all known timing attacks. In addition, they have a very low measurement overhead and do not need amplification. An attacker using SharedArrayBuffer to build a covert channel can achieve an ideal bit rate of 50 Mbit/ sec on both browsers. This is 800 000 times higher than with performance.now() on Firefox 81 without COOP/ COEP, and 2000 times higher than Chrome 84 and Firefox 81 with COOP/COEP.
System Name | Main PC |
---|---|
Processor | 13700k |
Motherboard | Asrock Z690 Steel Legend D4 - Bios 13.02 |
Cooling | Noctua NH-D15S |
Memory | 32 Gig 3200CL14 |
Video Card(s) | 4080 RTX SUPER FE 16G |
Storage | 1TB 980 PRO, 2TB SN850X, 2TB DC P4600, 1TB 860 EVO, 2x 3TB WD Red, 2x 4TB WD Red |
Display(s) | LG 27GL850 |
Case | Fractal Define R4 |
Audio Device(s) | Soundblaster AE-9 |
Power Supply | Antec HCG 750 Gold |
Software | Windows 10 21H2 LTSC |
Yep, thats the conclusion I had already reached, difficult to do in the wild.Most attack vectors for Spectre etc. rely on manipulating CPU registers to read/copy data that you shouldn't have access to. There is a tiny window of nanoseconds to read out this data. To my knowledge, most interpreted languages don't allow you to even manipulate CPU registers. I know of two main ways to execute a such attack, either you read out some "random" data which happened to be there, or you target a memory address and let the CPU prefetch it, time an attack and retrieve it before it's removed. Both of these examples would also require some bug in the interpreter. Now I haven't studied what is possible through WebAssembly, so something might be possible there... But if someone shows a loop in JavaScript leak some data from one variable to another, that's a JavaScript bug, not a CPU bug. (And I'm not surprised if there are plenty of ways to escape JavaScript's memory sandbox.)
System Name | Pioneer |
---|---|
Processor | Ryzen R9 9950X |
Motherboard | GIGABYTE Aorus Elite X670 AX |
Cooling | Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans... |
Memory | 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30 |
Video Card(s) | XFX RX 7900 XTX Speedster Merc 310 |
Storage | Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs |
Display(s) | 55" LG 55" B9 OLED 4K Display |
Case | Thermaltake Core X31 |
Audio Device(s) | TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED |
Power Supply | FSP Hydro Ti Pro 850W |
Mouse | Logitech G305 Lightspeed Wireless |
Keyboard | WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps |
Software | Gentoo Linux x64 / Windows 11 Enterprise IoT 2024 |
Yeah honestly the original meltdown only applies to like skylake and older. Maybe Rocket Lake too, I'm not entirely sure anymore, the whole thing is just a wild table of "if this then" that could drive anyone insane lol.Just realised, I cant actually disable meltdown as I am now on a CPU with a hardware mitigation. I am going to research what you said anyway for curiosity purposes but on my system its still mitigated.
Code:Speculation control settings for CVE-2017-5754 [rogue data cache load] Hardware requires kernel VA shadowing: False
Intel is not longer a company that I respect.
Seriously? These kinds of things are not sloppy engineering. No design team is thinking about loop-holes or whacky ways to exploit what they're creating. They're designing the fastest and most efficient way to do the things they're trying to do. These things are not intentional and are not a sign of incompetence.-1 for engineering shortcuts.
Booo.
My guess is no. If it is possible from a remote vector, the difficulty will be high, if not extreme.Only a question of time until somebody triggers this from Javascript or Web assembly, so it is relevant to everybody surfing the web.
Processor | AMD R7 5800X3D |
---|---|
Motherboard | Asus Crosshair VIII Dark Hero |
Cooling | Thermalright Frozen Edge 360, 3x TL-B12 V2, 2x TL-B12 V1 |
Memory | 2x8 G.Skill Trident Z Royal 3200C14, 2x8GB G.Skill Trident Z Black and White 3200 C14 |
Video Card(s) | Zotac 4070 Ti Trinity OC |
Storage | WD SN850 1TB, SN850X 2TB, SN770 1TB |
Display(s) | LG 50UP7100 |
Case | Fractal Torrent Compact |
Audio Device(s) | JBL Bar 700 |
Power Supply | Seasonic Vertex GX-1000, Monster HDP1800 |
Mouse | Logitech G502 Hero |
Keyboard | Logitech G213 |
VR HMD | Oculus 3 |
Software | Yes |
Benchmark Scores | Yes |
Anything to get the edge on the competition, who are we to say if shortcuts were made or not?Seriously?
With IC design, that's not how it works.who are we to say if shortcuts were made or not?
System Name | ✨ Lenovo M700 [Tiny] |
---|---|
Cooling | ⚠️ 78,08% N² ⌬ 20,95% O² ⌬ 0,93% Ar ⌬ 0,04% CO² |
Audio Device(s) | ◐◑ AKG K702 ⌬ FiiO E10K Olympus 2 |
Mouse | ✌️ Corsair M65 RGB Elite [Black] ⌬ Endgame Gear MPC-890 Cordura |
Keyboard | ⌨ Turtle Beach Impact 500 |
Seriously? These kinds of things are not sloppy engineering. No design team is thinking about loop-holes or whacky way to exploit what they're creating. They're designing the fastest and most efficient way to do the things they're trying to do. These things are not intentional and are not a sign of incompetence.
Come on people, you're all smart enough to know how things work. See sense.
System Name | Pioneer |
---|---|
Processor | Ryzen R9 9950X |
Motherboard | GIGABYTE Aorus Elite X670 AX |
Cooling | Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans... |
Memory | 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30 |
Video Card(s) | XFX RX 7900 XTX Speedster Merc 310 |
Storage | Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs |
Display(s) | 55" LG 55" B9 OLED 4K Display |
Case | Thermaltake Core X31 |
Audio Device(s) | TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED |
Power Supply | FSP Hydro Ti Pro 850W |
Mouse | Logitech G305 Lightspeed Wireless |
Keyboard | WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps |
Software | Gentoo Linux x64 / Windows 11 Enterprise IoT 2024 |
I keep hearing privileged but is there anywhere actually saying/confirming that? Sounds to me like you just need to be able to execute code.It requires local privileged access.
True, it's a PR:L but also an AV:L, so you need at least authenticated local user access. In serious environments you shouldn't allow users to run arbitrary and unverified code. As far as home users who tend to ignore security: It's a side-channel attack. They're difficult to execute efficiently and there is a myriad of easier ways to get what you want - hell, some users will actually give you their bank password if you ask politely, therefore I say it's a "storm in a glass" situation. A lot of noise, realistically not a problem.I keep hearing privileged but is there anywhere actually saying/confirming that? Sounds to me like you just need to be able to execute code.
System Name | [H]arbringer |
---|---|
Processor | 4x 61XX ES @3.5Ghz (48cores) |
Motherboard | SM GL |
Cooling | 3x xspc rx360, rx240, 4x DT G34 snipers, D5 pump. |
Memory | 16x gskill DDR3 1600 cas6 2gb |
Video Card(s) | blah bigadv folder no gfx needed |
Storage | 32GB Sammy SSD |
Display(s) | headless |
Case | Xigmatek Elysium (whats left of it) |
Audio Device(s) | yawn |
Power Supply | Antec 1200w HCP |
Software | Ubuntu 10.10 |
Benchmark Scores | http://valid.canardpc.com/show_oc.php?id=1780855 http://www.hwbot.org/submission/2158678 http://ww |
So an issue for every single cloud server...Downfall requires admin access? and will only be relevant in use cases where multiple unconnected users share machines, ie shared server environments. So generally, it's not an issue.
There has been a trend towards security at hardware or other levels, when these are rarely (never?) exploited in the real world anyway. The best hacking tools are social engineering, user and configuration error and generally the human element. Not hardware!
Processor | Ryzen 7 5700X |
---|---|
Motherboard | ASUS TUF Gaming X570-PRO (WiFi 6) |
Cooling | Noctua NH-C14S (two fans) |
Memory | 2x16GB DDR4 3200 |
Video Card(s) | Reference Vega 64 |
Storage | Intel 665p 1TB, WD Black SN850X 2TB, Crucial MX300 1TB SATA, Samsung 830 256 GB SATA |
Display(s) | Nixeus NX-EDG27, and Samsung S23A700 |
Case | Fractal Design R5 |
Power Supply | Seasonic PRIME TITANIUM 850W |
Mouse | Logitech |
VR HMD | Oculus Rift |
Software | Windows 11 Pro, and Ubuntu 20.04 |
Downfall also relies on SMT as the attacker should be running on the same core as the victim. These cloud providers should stop running programs from different customers on the same cores.So an issue for every single cloud server...
Exactly. But they're also NOT clairvoyant. There are times when it is impossible to see a problem coming until it's already behind you.Engineers are just humans, and humans make errors. Period.