Spectre also includes sample code for breaking out of the JavaScript sandbox on chrome. It's very, very clever.
-
Show this thread
-
#Meltdown works by exploiting the fact that CPUs will execute instructions ahead of the "current" instruction as means of optimisation. It's possible to observe the side-effects of instructions that were executed but never committed.1 reply 14 retweets 23 likesShow this thread -
Meltdown reads from kernel memory (an illegal op), then uses that read times the page size to make a second memory access. By observing cache hits and misses, you can infer the memory that was read by the invalid-and-discarded operation. Which means you can read kernel memory.
1 reply 11 retweets 34 likesShow this thread -
By use of some clever optimisations,
#Meltdown kernel dumping at a speed of 122KB/s is possible. On modern (Broadwell+) Intel CPUs, a speed of 502KB/s is achieved.1 reply 7 retweets 20 likesShow this thread -
In addition, because kernel memory usually maps the physical address space,
#Meltdown can read most (on unpatched Windows) or all (on unpatched Linux) physical memory. So it can and does break containers, virtual machines, and everything else we rely upon.2 replies 34 retweets 45 likesShow this thread -
The good news is that
#Meltdown can be defended against with a series of kernel patches. On Linux these are known as KPTI (formerly KAISER). These exist in Linux 4.15, 4.14.11, Windows 10 Build 17035, and OSX 10.13.2. Upgrade your systems if you haven't already done so.2 replies 33 retweets 69 likesShow this thread -
Both of these vulnerabilities are scary. Meltdown because lots of devices won't get patched. Spectre because patching at all seems to be extremely challenging to patch at all. It's named because it will "haunt us for some time".
3 replies 14 retweets 33 likesShow this thread -
We're seeing a lot more vulnerabilities exploiting flaws & artefacts of hardware. Rowhammer changes memory by using voltage fluctuations to flip bits. I've seen ssh sessions run over cache invalidation channels between VMs. I don't think spectre and meltdown will be the last.
5 replies 28 retweets 79 likesShow this thread -
Replying to @pjf @BrendanEich
Espionage has exploited hardware vulnerabilities for a century. Shameful we still stumble so. Good design anticipates.
2 replies 0 retweets 2 likes -
Replying to @BillDortch @pjf
Constant time all paths computers needed...
2 replies 2 retweets 2 likes
Y'all know they're going to solve this by giving us crappier clocks.
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
