Skip to main content

Suche

Beiträge die mit Spectre getaggt sind


 

 
NVIDIA GPUs weren't immune to #Spectre security flaws either
https://www.engadget.com/2018/01/10/nvidia-gpu-meltdown-and-spectre-patches/

#NVIDIA has detailed how its #GPU are affected by the speculative execution attacks and has started releasing updated drivers that tackle the issue.

NVIDIA GPUs weren't immune to Spectre security flaws either

NVIDIA has begun patching its graphics hardware to fight Meltdown and Spectre security vulnerabilities.

 
#intel #meltdown #spectre

 
#meltdown/#spectre commits are starting to show up in #OpenBSD

This one fixes arm64: https://marc.info/?l=openbsd-cvs&m=151562684426478&w=2

'CVS: cvs.openbsd.org: src' - MARC

'CVS: cvs.openbsd.org: src' - MARC

 
I missed this post by Anders Fogh a couple of days ago, on the academic work that has lead up to #Meltdown / #Spectre: https://cyber.wtf/2018/01/05/behind-the-scene-of-a-bug-collision/

"Well, CPU research is much like drawing a map of an uncharted world. Researchers start from known research and proceed into the unknown, and if they find something, they document it and add it to the map. This essentially means that the frontier looks very similar to everybody leading people into the same paths."

Don't need no conspiracy.

cyber.wtf: Behind the scenes of a bug collision (Anders Fogh)

Introduction In this blog post I’ll speculate as to how we ended up with multiple researchers arriving at the same vulnerabilities in modern CPU’s concurrently. The conclusion is that t…

 
#spectre / #meltdown reality check over at the xorl blog: https://xorl.wordpress.com/2018/01/10/thoughts-on-meltdown-spectre/

"The only real victim that this attack is more valuable than privilege escalation attacks is shared hosting providers. Whether that is virtual machines, containers, or anything similar. Those exploitation techniques break the sole business model of those companies. Huge players [..] are selling exactly what Meltdown & Spectre proved that it doesn’t exist, high quality isolation between shared resources."

xorl %eax, %eax: Thoughts on Meltdown & Spectre (xorl)

2018 started with some unique low-level exploitation techniques disclosure. People that never cared about processor architecture suddenly explain how speculative execution, advanced side-channel an…

 
#spectre / #meltdown reality check over at the xorl blog: https://xorl.wordpress.com/2018/01/10/thoughts-on-meltdown-spectre/

"The only real victim that this attack is more valuable than privilege escalation attacks is shared hosting providers. Whether that is virtual machines, containers, or anything similar. Those exploitation techniques break the sole business model of those companies. Huge players [..] are selling exactly what Meltdown & Spectre proved that it doesn’t exist, high quality isolation between shared resources."

xorl %eax, %eax: Thoughts on Meltdown & Spectre (xorl)

2018 started with some unique low-level exploitation techniques disclosure. People that never cared about processor architecture suddenly explain how speculative execution, advanced side-channel an…

 

AMD Is Releasing Spectre Firmware Updates To Fix CPU Vulnerabilities - Slashdot


#amd #meltdown #spectre

 

 

Meltdown & Spectre Megathread : sysadmin


#meltdown #spectre

 

CVE-2017-5754


#meltdown #spectre #debian

"Locate the following line in your /etc/default/grub file:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

or similar, and change it to:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash nopti"

then run $ sudo update-grub2 and reboot

You can verify it worked by running the following:

$ dmesg | grep 'page table'
[ 0.000000] Kernel/User page tables isolation: disabled on command line."
https://www.reddit.com/r/debian/comments/7wozlc/q_how_do_i_prevent_updates_to_fix_spectre_meltdown/

 

 
Don't feel bad, #OpenBSD. The US Government didn't learn about #meltdown or #spectre until public disclosure either. #intel o_0

 
Spring Creators Update: Warten auf den Windows-Frühlingspatch - Golem.de
https://www.golem.de/news/spring-creators-update-warten-auf-den-windows-fruehlingspatch-1804-133775.html
#Windows10 #Betriebssystem #CreatorsUpdate #Sicherheitslücke #Spectre #Windows #Microsoft #Security

 
Eine Kombination aus einem Windows-Update mit BIOS-Updates für Mainboards soll Windows-10-Rechner mit AMD-Prozessoren ab der 2011 vorgestellten Bulldozer-Generation schützen.
AMD-Prozessoren bekommen Windows-10-Update gegen Spectre-V2-Lücke
#AMD #AMDRyZen #APU #Bulldozer #Prozessoren #Sicherheitslücken #Spectre

 
Spectre v2: AMD und Microsoft patchen CPUs bis zurück zum Bulldozer - Golem.de
https://www.golem.de/news/spectre-v2-amd-und-microsoft-patchen-cpus-bis-zurueck-zum-bulldozer-1804-133778.html
#AMDZen #CreatorsUpdate #FallCreatorsUpdate #Mainboard #Prozessor #SandyBridge #Spectre #Windows10 #Microsoft #PC-Hardware

 
Windows 7, 8.1 und 10: Kein Registry-Eintrag für Sicherheitsupdates mehr nötig - Golem.de
https://www.golem.de/news/windows-7-8-1-und-10-kein-registry-eintrag-fuer-sicherheitsupdates-mehr-noetig-1804-133798.html
#Windows #Windows8 #Anti-Virus #Betriebssystem #Meltdown #Spectre #Virenscanner #Windows10 #Windows7 #WindowsServer2012

 
Der Registry-Schlüssel, der die Installation von Meltdown- und Spectre-Patches beim Vorhandensein inkompatibler AV-Programme verhindern soll, wird ab sofort bei der Installation von Updates nicht mehr beachtet.
Meltdown- & Spectre-Updates für alle: Microsoft entfernt Antiviren-Registry-Schlüssel
#Meltdown #MeltdownundSpectre #Microsoft #Registry #Spectre #Updates #Windows

 
Betriebssysteme: Linux 4.17 bringt Verbesserungen für AMD-Grafikkarten - Golem.de
https://www.golem.de/news/betriebssysteme-linux-4-17-bringt-verbesserungen-fuer-amd-grafikkarten-1804-133850.html
#Linux-Kernel #Dateisystem #HSA #Linux #Meltdown #OpenComputeFoundation #OpenCL #Spectre #Tracking #UEFI

 
Das optionale Update KB4090007 bringt neuen Microcode nun auch für Systeme mit Intel Core i-4000 und Core i-5000, deren Hersteller keine BIOS-Updates liefern; derweil erschien der Exploit-Code für "Total Meltdown". #IntelCorei #MeltdownundSpectre #Security #Sicherheitslücken #Spectre

 
Core-i-Prozessoren: Microsoft liefert Spectre-Schutz für Haswell und Broadwell - Golem.de
https://www.golem.de/news/core-i-prozessoren-microsoft-liefert-spectre-schutz-fuer-haswell-und-broadwell-1804-134091.html
#Windows10 #Haswell #Meltdown #Prozessor #Sicherheitslücke #Skylake #Spectre #UEFI #Windows7 #Intel

 
Quartalszahlen: Intel erzielt erneuten Rekordumsatz - Golem.de
https://www.golem.de/news/quartalszahlen-intel-erzielt-erneuten-rekordumsatz-1804-134098.html
#Intel #IntelCoffeeLake #PC #Prozessor #Quartalsbericht #Skylake #Spectre #Server #Wirtschaft

 
Latest #KaliLinux Ethical Hacking OS Release Adds #Spectre & #Meltdown Mitigations

 
Acht neue Sicherheitslücken – vier davon hochriskant – haben Forscher in Intel-Prozessoren gefunden. Das belegen Informationen, die c't exklusiv vorliegen. #Intel #Prozessoren #Security #Sicherheitslücken #Spectre #Spectre-NG

 
Acht neue Sicherheitslücken – vier davon hochriskant – haben Forscher in Intel-Prozessoren gefunden. Das belegen Informationen, die c't exklusiv vorliegen. #Intel #Prozessoren #Security #Sicherheitslücken #Spectre #Spectre-NG

 
Bild/Foto
#sifive #hifive #risc-v #linux #openhardware #opensource

NO #spectre & #meltdown

HiFive Unleashed is the ultimate RISC-V developer board. Featuring the world’s first and only Linux-capable, multi-core, RISC-V processor – the Freedom U540 – the HiFive Unleashed ushers in a brand new era for RISC-V.

https://www.sifive.com/products/hifive-unleashed/

 
Acht neue Sicherheitslücken – vier davon hochriskant – haben Forscher in Intel-Prozessoren gefunden. Das belegen Informationen, die c't exklusiv vorliegen. #Intel #Prozessoren #Security #Sicherheitslücken #Spectre #Spectre-NG

 
Intel: Spectre Next Generation gefährdet Cloudanwendungen #Spectre #Broadwell #Haswell #Meltdown #Rowhammer #Skylake #Intel #Internet

 
Meltdown- und Spectre-Benchmarks: Weniger schlimm als erwartet #Meltdown #Benchmark #Dateisystem #Haswell #Linux #Sicherheitslücke #Skylake #Spectre #iWork #Server

 
Diesen Text schreibe ich an meinem Bürocomputer mit Haswell-CPU: Er ist nicht gegen die Spectre-V2-Lücke geschützt - 11 Monate nach deren Entdeckung. #Intel #Meltdown #Prozessoren #Security #Sicherheitslücken #Spectre #Spectre-NG

 
Getunte E-Bikes werden zur Gefahr für ihre Fahrer und Dritte, Elon Musk verscherzt es sich mit Investoren, neue Sicherheitsprobleme in Intel-CPUs sind entdeckt worden: die wichtigsten Meldungen der Woche. #Bosch #Diesel #Intel #Spectre #Spectre-NG

 
#Linux #Kernel Hardens Sound Drivers Against #Spectre V1 Vulnerability https://www.phoronix.com/scan.php?page=news_item&px=Linux-Spectre-Sound-Drivers #security

 
Eigentlich war für Montag die Veröffentlichung der ersten Spectre-NG-Patches geplant. Doch Intel hat um Aufschub gebeten und diesen auch erhalten. Neue, exklusive Informationen zeigen, wie es mit Spectre-NG jetzt weiter gehen soll. #Intel #Spectre #Spectre-NG

 
Microcode-Updates für Intel-Prozessoren, die unter Windows zum Schutz vor der Sicherheitslücke Spectre V2 nötig sind, kommen nun auch per Windows Update für aktuelle Installationen; bei Linux gibt es aber noch Probleme. #Intel #MeltdownundSpectre #Prozessoren #Security #Sicherheitslücken #Spectre

 
Für zwei der acht neuen Spectre-NG-Lücken kündigt Intel Updates an; sie betreffen abermals fast sämtliche Intel-Prozessoren der vergangegen Jahre. #Intel #MeltdownundSpectre #Prozessoren #Security #Sicherheitslücken #Spectre #Spectre-NG

 
Sicherheitslücken: Deaktivierte Patches für Spectre 3 und 4 werden ausgeliefert #Prozessor #Meltdown #Passwort #Sicherheitslücke #Spectre #Windows10 #Windows7 #Intel #Microsoft #Applikationen

 

Spectre Variant 4 update - reboot required


I updated the linux kernel. A reboot is required. I'll do this asap...
BRB

#libranet #spectre #linux #reboot @Libranet Support

USN-3654-1: Linux kernel vulnerabilities

linux, linux-aws, linux-kvm, vulnerabilities


A security issue affects these releases of Ubuntu and its derivatives:
  • Ubuntu 16.04 LTS

Summary


Several security issues were addressed in the Linux kernel.

Software Description

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-kvm - Linux kernel for cloud environments

Details


Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639)

Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975)

It was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18193)

It was discovered that a buffer overflow existed in the Hisilicon HNS Ethernet Device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18222)

It was discovered that the netfilter subsystem in the Linux kernel did not validate that rules containing jumps contained user-defined chains. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1065)

It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068)

It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130)

It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803)

It was discovered that a double free error existed in the block layer subsystem of the Linux kernel when setting up a request queue. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7480)

It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757)

It was discovered that a race condition existed in the x86 machine check handler in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7995)

Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781)

Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822)

Update instructions


The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTSlinux-image-4.4.0-1026-kvm - 4.4.0-1026.31linux-image-4.4.0-1060-aws - 4.4.0-1060.69linux-image-4.4.0-127-generic - 4.4.0-127.153linux-image-4.4.0-127-generic-lpae - 4.4.0-127.153linux-image-4.4.0-127-lowlatency - 4.4.0-127.153linux-image-4.4.0-127-powerpc-e500mc - 4.4.0-127.153linux-image-4.4.0-127-powerpc-smp - 4.4.0-127.153linux-image-4.4.0-127-powerpc64-emb - 4.4.0-127.153linux-image-4.4.0-127-powerpc64-smp - 4.4.0-127.153linux-image-aws - 4.4.0.1060.62linux-image-generic - 4.4.0.127.133linux-image-generic-lpae - 4.4.0.127.133linux-image-kvm - 4.4.0.1026.25linux-image-lowlatency - 4.4.0.127.133linux-image-powerpc-e500mc - 4.4.0.127.133linux-image-powerpc-smp - 4.4.0.127.133linux-image-powerpc64-emb - 4.4.0.127.133linux-image-powerpc64-smp - 4.4.0.127.133
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

Please note that fully mitigating CVE-2018-3639 (Spectre Variant 4) may require corresponding processor microcode/firmware updates or, in virtual environments, hypervisor updates. On i386 and amd64 architectures, the SSBD feature is required to enable the kernel mitigations. BIOS vendors will be making updates available for Intel processors that implement SSBD and Ubuntu is working with Intel to provide future microcode updates. Ubuntu users with a processor from a different vendor should contact the vendor to identify necessary firmware updates. Ubuntu provided corresponding QEMU updates for users of self-hosted virtual environments in USN 3651-1. Ubuntu users in cloud environments should contact the cloud provider to confirm that the hypervisor has been updated to expose the new CPU features to virtual machines.

References


https://usn.ubuntu.com/3654-1/

 
Hersteller von Hardware, Betriebssystemen und Software stellen Webseiten mit Informationen und Sicherheitsupdates für die neuen Spectre-Lücken Spectre V3a und Spectre V4 bereit: Ein Überblick. #AMD #ARM #Corei #IBM #Intel #Prozessoren #Sicherheit #Sicherheitslücken #Spectre #Spectre-NG

 
Bild/Foto
Bild/Foto

Intel

CES 2018: Intel announces 'major breakthrough' in quantum computing chip


Intel's CES 2018 keynote focused on its 49-qubit quantum computing chip, VR applications for content, its AI self-learning chip, and an autonomous vehicles platform.
By Corinne Reichert | January 9, 2018 -- 14:44 GMT (06:44 PST) | Topic: Hardware



The Intel CES 2018 Keynote can be viewed in full here:
https://www.hooktube.com/watch?v=RlJ9zB74G_U |
15 minute summary available here:
https://www.hooktube.com/watch?v=8lbM5vsqJd8 |

Intel has announced a 49-qubit quantum chip at CES 2018, with CEO Brian Krzanich calling it a major breakthrough in quantum computing and the next step to "quantum supremacy".

During the Intel keynote, Krzanich said Intel's labs and researchers are "committed" to advancing quantum computing, with a Netherlands-based lab specifically testing and building quantum computing systems.

Intel did not disclose any timeline details for the quantum chip.

Other advanced computing systems being tested by Intel include neuromorphic computing the form of its artificial intelligence (AI) test chip Loihi, which was announced in September.

According to Krzanich, Intel now has a fully functioning neuromorphic chip that after a few weeks is already performing simple object recognition in the labs. In the coming years, Krzanich said Intel will put Loihi in the hands of partners to explore use cases.

Krzanich had kicked off his CES 2018 keynote by addressing Meltdown and Spectre, saying it is "truly remarkable" how so many tech companies have come together to research and resolve these issues.

"As of now, we have not received any information that customer data has been breached," he added.

"We expect some workloads may have a larger impact than others, so we'll continue working with industry to minimise the impact on those workloads over time."

Krzanich also discussed Intel's role as technology partner for the 2018 Pyeongchang Olympic Winter Games, saying it would provide the largest ever VR experience across a total of 30 events both live and on-demand using its Intel True VR solution.

The solution involves the placement of multiple 360-degree cameras along the perimeter and interior of playing fields and ski runs. When stitched together with software, the footage allows fans to look around the field and choose what camera position they want to view events from.

This "immersive media" viewing experience is also being expanded by installing cameras in players' helmets in the NFL to provide viewers with their perspectives, Intel announced.

Intel is additionally extending this volumetric technology to content creation such as movies, where viewers can "be the actor". By using hundreds of cameras, a scene can be viewed from any viewpoint or angle after just one take.

Krzanich said this will allow audiences to choose which character they want to view the movie from, and can be extended to such use cases as TV, advertising, and gaming.

As part of this, Intel announced an "exploratory partnership" with Paramount Pictures, with the latter company's chair Jim Gianopulos saying that such technology is "the key to our future" in the creation of a new form of entertainment.

As audiences move from flat screens to immersive experiences involving VR, Gianopulos said Paramount will be able to create content that's closer to reality than has ever been possible before by placing audiences inside the movie itself.

Krzanich also briefly addressed Mobileye's new autonomous driving platform, which he said brings autonomous vehicles "closer to reality than anyone realises"; the Volocopter drone taxi service; and the use of its Shooting Star mini drones to create light show without the use of GPS.

Intel also extended its promise to use only conflict-free minerals in its micro-processors to include every product being labelled conflict free. Its promise to spend $300 million over five years to improve diversity in the workplace will also reach fruition by the end of 2018 as it reaches "full representation", two years earlier than its original commitment.

Intel also used its CES 2018 keynote to showcase how its Location Technologies SDK 1.0, Shooting Star quadcopter drones, RealSense Vision Processor D4 series cameras, 8th-gen core processors, Movidius Myriad X VPU running an AI engine, and SoundVision software can be combined to create a theatrical performance

During the performance, musicians "played data" via gesture control while wearing smart gloves; drones and AI musicians played music learned in real-time; and location technology was paired with sensors and cameras to present data collected from dancing and acrobatics.

Other technologies used for the show were the Unity3d game development platform for AI playback; Intel data-enabled StretchSense gloves and drumsticks; Intel processor-based servers for music generation and data visualisation; the Yamaha DC5Z Disklavier; the Derivative TouchDesigner for visual development platform; Cycling 74 Max MSP for data routing; Autodesk Maya for 3D character creation; Ableton for audio sample workflow and playback; and the Pixologic Zbrush digital sculpting tool for avatar creation.

Intel also used CES 2018 to announce its 8th-generation core processor, combining AMD's Radeon RX Vega M Graphics and 4GB of second-generation high-bandwidth memory (HBM2) and its new mini-PC NUCs during CES 2018, which pack its 8th-gen core i7 processors and are aimed at VR applications.

Disclosure: Corinne Reichert travelled to CES 2018 in Las Vegas as a guest of Intel

#Intel #Meltdown #Spectre #AMD #IBM #HPsters #HansonRobotics #VR #VirtualReality #Watson #Sophia #AI #ArtificialIntelligence #ANN #NeuralNetworks #DeepLearning #RealSense #Movidius #SoundVision #StretchSense #Yamaha #Max #NUCs #IC #QuantumComputing #QuantumSupremacy#Qubit #Qubits #Alphabet #Google #Lockheed #NASA #NSA #BND #GHCQ #Unit8200 #SpookyKids #Spook #Spooks #CES #CES2018 #SiliconValley #NoMagic

 
ARM's #Spectre V4 Mitigation Updated, Speculative Store Bypass Disable https://www.phoronix.com/scan.php?page=news_item&px=ARM64-SSBD-Linux-V2

 
Intel veröffentlicht die nächste Prozessor-Sicherheitslücke: Die Funktion Lazy FP Restore ist anfällig für eine Seitenkanal-Attacke. #IntelCorei #MeltdownundSpectre #Prozessoren #Security #Sicherheit #Spectre #Spectre-NG

 
Lazy FPU: Intels Floating Point Unit kann geheime Daten leaken #Intel #Amazon #Malware #Meltdown #SandyBridge #Sicherheitslücke #Spectre #Server #Security