Spectre and Meltdown: Next Generation

Chat about just about anything else
User avatar
absque fenestris
Level 5
Level 5
Posts: 608
Joined: Sat Nov 12, 2016 8:42 pm
Location: Confoederatio Helvetica

Re: Spectre and Meltdown: Next Generation

Post by absque fenestris » Tue May 22, 2018 6:51 pm

DAMIEN1307 wrote:
Tue May 22, 2018 10:54 am
It is now officially known as Spectre variant 3a and Spectre variant 4...following article discusses just which CPUs are vulnerable and once again telling us about staying up to date on microcode updates as well as any update patches to come...note also that atom processors are now also included...thus far only Intel processors seem to be affected but we all know by now that the experts will probably find out that the other manufacturers products may soon join the list...more fun to come...lol...DAMIEN
I'm so glad about the N Series... :mrgreen:

Intel® Atom™ Processor C Series (C3308 - C3958)
Intel® Atom™ Processor E Series
Intel® Atom™ Processor A Series
Intel® Atom™ Processor X Series (x5-E3930, x5-E3940, x7-E3950)
Intel® Atom™ Processor T Series (T5500, T5700)
Intel® Atom™ Processor Z Series
Linux Mint 18.3 Sylvia (Mate) 32-bit - Acer D250 Netbook (Intel Atom N270, 2 GB RAM, 120 GB SSD)

User avatar
stephanieswitzer
Level 2
Level 2
Posts: 80
Joined: Mon Feb 26, 2018 12:49 pm
Location: Ontario

Re: Spectre and Meltdown: Next Generation

Post by stephanieswitzer » Tue May 22, 2018 7:03 pm

DAMIEN1307 wrote:
Tue May 22, 2018 3:58 pm
Hi stephanie...that microcode in your driver manager is the latest one released thru the mint updater and recommended for your system...i always install the most up to date microcode recommended and have never had a failure...yes your system is "chirping" right along with the existing microcode, however this newest one has new "mitigation" code re-written within it to mitigate vulnerabilities found in your Intel CPU chipset...this should be installed as well as any updates that will be forthcoming from the linux mint update manager...DAMIEN

run this code to check your microcode version, dont panic if nothing shows up, it just means that you have what came installed and have probably never updated it...after installing and REBOOTING your computer, run the code again and it should show up.

dpkg -l | grep microcode


after you have done the above, run this code, the last word in the terminal after running this should say "patched"

grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched" || echo "unpatched"


and lastly, run this code in your terminal and it will show that mitigations have been applied

grep . /sys/devices/system/cpu/vulnerabilities/*
Thank you so much Damien. I’ll give it a whirl 😊
Mac-Mini running MacOS and Linux Mint 19 Cinnamon (Dual Boot), Intel© Core™ i5-2415M CPU @ 2.30GHz × 2, 8 GiB, Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller

DAMIEN1307
Level 6
Level 6
Posts: 1149
Joined: Tue Feb 21, 2017 8:13 pm
Location: Alamogordo, New Mexico

Re: Spectre and Meltdown: Next Generation

Post by DAMIEN1307 » Wed May 23, 2018 5:24 am

hi stephanie...let us know how you make out with this...DAMIEN

ps-is The Governor Massey Inn in downtown Toronto still in business?
ORDO AB CHAO

DAMIEN1307
Level 6
Level 6
Posts: 1149
Joined: Tue Feb 21, 2017 8:13 pm
Location: Alamogordo, New Mexico

Re: Spectre and Meltdown: Next Generation

Post by DAMIEN1307 » Wed May 23, 2018 5:26 am

hi absque...my experimental netbook is an "N" series too...lol...DAMIEN
ORDO AB CHAO

KBD47
Level 7
Level 7
Posts: 1630
Joined: Fri Jul 29, 2011 12:03 am

Re: Spectre and Meltdown: Next Generation

Post by KBD47 » Wed May 23, 2018 12:19 pm

By the time these variants and additional patches are all through, will these cpu's even work at all :( Am I right in understanding that javascript is primarily how these problems will affect user's computers?

rene
Level 8
Level 8
Posts: 2228
Joined: Sun Mar 27, 2016 6:58 pm

Re: Spectre and Meltdown: Next Generation

Post by rene » Wed May 23, 2018 1:29 pm

KBD47 wrote:
Wed May 23, 2018 12:19 pm
Am I right in understanding that javascript is primarily how these problems will affect user's computers?
No. This family of vulnerabilities require fairly involved code executing on your computer to exploit. As part of a piece of malware already on your system or, as the only way in which Javascript entered into this at all, as part of for example Javascript code executing on your system by your browser when visiting a malicious site.

Seeing as how you can to a large degree defend against locally installed malware yourself simply by not installing it, the web-based attack vector got the most attention but with the mitigations implemented by browsers (denying code easy access to high resolution timers, needed for the exploit) that threat is in fact at this point probably least likely.

And that's saying something especially on Linux: with the lack of serious malware for Linux out there you'd need to go out and try really hard to get exploited by any of this...

User avatar
stephanieswitzer
Level 2
Level 2
Posts: 80
Joined: Mon Feb 26, 2018 12:49 pm
Location: Ontario

Re: Spectre and Meltdown: Next Generation

Post by stephanieswitzer » Wed May 23, 2018 2:03 pm

DAMIEN1307 wrote:
Wed May 23, 2018 5:24 am
hi stephanie...let us know how you make out with this...DAMIEN

ps-is The Governor Massey Inn in downtown Toronto still in business?
I did the Microcode update and here is the resulting outputs:

Code: Select all

sps@spsMini ~ $ dpkg -l | grep microcode
ii  intel-microcode    3.20180425.1~ubuntu0.16.04.1   amd64   Processor microcode firmware for Intel CPUs
ii  iucode-tool          1.5.1-1ubuntu0.1                        amd64   Intel processor microcode tool

Code: Select all

sps@spsMini ~ $ grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched" || echo "unpatched"
CONFIG_PAGE_TABLE_ISOLATION=y
patched
And

Code: Select all

sps@spsMini ~ $ grep . /sys/devices/system/cpu/vulnerabilities/* 
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: OSB (observable speculation barrier, Intel v6)
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB (Intel v4)
Not sure what all this means, but my system still works fine :)

P.S. Not sure about the The Governor Massey Inn in downtown Toronto, as I haven't been to Toronto for quite a while.
Mac-Mini running MacOS and Linux Mint 19 Cinnamon (Dual Boot), Intel© Core™ i5-2415M CPU @ 2.30GHz × 2, 8 GiB, Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller

KBD47
Level 7
Level 7
Posts: 1630
Joined: Fri Jul 29, 2011 12:03 am

Re: Spectre and Meltdown: Next Generation

Post by KBD47 » Wed May 23, 2018 2:18 pm

rene wrote:
Wed May 23, 2018 1:29 pm
No. This family of vulnerabilities require fairly involved code executing on your computer to exploit. As part of a piece of malware already on your system or, as the only way in which Javascript entered into this at all, as part of for example Javascript code executing on your system by your browser when visiting a malicious site.

Seeing as how you can to a large degree defend against locally installed malware yourself simply by not installing it, the web-based attack vector got the most attention but with the mitigations implemented by browsers (denying code easy access to high resolution timers, needed for the exploit) that threat is in fact at this point probably least likely.

And that's saying something especially on Linux: with the lack of serious malware for Linux out there you'd need to go out and try really hard to get exploited by any of this...
That's the bottom line--how likely is it that Linux users will be affected by this? Sometimes the cure is worse than the illness. Dual-core machines already lack speed, and some machines are never going to get patches anyway. I just wonder if users keep their browsers updated, stick to software in the repositories, and don't download sketchy programs, how big a threat is it?

DAMIEN1307
Level 6
Level 6
Posts: 1149
Joined: Tue Feb 21, 2017 8:13 pm
Location: Alamogordo, New Mexico

Re: Spectre and Meltdown: Next Generation

Post by DAMIEN1307 » Wed May 23, 2018 2:19 pm

hi stephanie...sounds like you did it all just fine...stay tuned to this thread for when the next microcode becomes available for your Intel CPU...your speculative storage bypass is still vulnerable only because Intel hasnt put out an updated new microcode to mitigate it as of yet but dont really worry about that...problems with that just yet are really remote and the "Press" really overhypes the problem as something earth shattering...lol...with linux you would have to really, really work very hard to get anything malicious into your system...(the article link below will tell you all about the SSB vulnerability that still needs to be mitigated)...On another note, The Governer Massey Inn was a favourite watering hole of mine when i used to live in New Hampshire near the Canadian border and used to spend my vacations in Ontario Provence...now i live only an hour away from the Mexican border here in New Mexico...lol...DAMIEN


https://arstechnica.com/gadgets/2018/05 ... and-intel/
ORDO AB CHAO

rene
Level 8
Level 8
Posts: 2228
Joined: Sun Mar 27, 2016 6:58 pm

Re: Spectre and Meltdown: Next Generation

Post by rene » Wed May 23, 2018 4:39 pm

KBD47 wrote:
Wed May 23, 2018 2:18 pm
I just wonder if users keep their browsers updated, stick to software in the repositories, and don't download sketchy programs, how big a threat is it?
Extremely minimal. Both on this Core 2 Duo that's never going to see microcode updates as well as on my other systems, some of which I've even disabled the kernel-side mitigations on due to having no desire for even small real slowdowns so as to defend against virtual-only threats. The interesting aspect of this family of exploits is the location of the vulnerability: not in any one of the thousands of pieces of software we've got installed but in hardware, in the most core bit of hardware at that, and THEN not just as a braino-type of thing but fairly intrinsically tied to a core technique used by any and all non-archaic CPU designs.

As in "ouch". But not as in "tremble".

DAMIEN1307
Level 6
Level 6
Posts: 1149
Joined: Tue Feb 21, 2017 8:13 pm
Location: Alamogordo, New Mexico

Re: Spectre and Meltdown: Next Generation

Post by DAMIEN1307 » Tue Jul 10, 2018 7:43 pm

The "gift" that just keeps on giving, seems like engineers knew to at least to an extent, that they were sacrificing chip security for the sake of faster speeds and thus profit, as well as form of planned obsolesence...Intel is now going to issue a slew of microcode updates for flawed chips, (the ones they will support until they decide not to), on an order of every three months, much like a M$ "patch tuesday"...enjoy the link article...DAMIEN

https://www.theregister.co.uk/2018/07/1 ... dvisories/
ORDO AB CHAO

Post Reply

Return to “Open chat”