New CPU attacks: RIDL and Fallout

Dakota Tebaldi

Well-known member
VVO Supporter 🍦🎈👾❤
Joined
Sep 19, 2018
Messages
2,125
Location
Gulf Coast, USA
Joined SLU
02-22-2008
SLU Posts
16791
Now being made public: new kinds of attacks against Intel MDS vulnerabilities have been discovered by computer researchers.

Our attacks can leak confidential data across arbitrary security boundaries in real-world settings (cloud, browsers, etc.). The reason our attacks are impervious to all the existing defenses against speculative execution attacks is that they can leak in-flight data. Unlike other recent attacks such as Spectre, Meltdown, and Foreshadow which are based on vulnerabilities leaking data from the CPU caches, RIDL and Fallout collect data from internal CPU buffers (Line Fill Buffers, Load Ports, Store Buffers). Intel describes the exploited vulnerabilities as "Microarchitectural Data Sampling" (MDS) - where "sampling" is another way of saying that we can leak in-flight (or "sampled") data from many of these microarchitectural buffers.

Most importantly, our research shows that what last year appeared to be exceptional one-time speculative execution bugs are actually systemic, and the problems in modern CPUs may go much deeper than we initially thought. If CPUs have become so complex that chip vendors cannot keep their security under control, hardware vulnerabilities will be the new hunting ground for sophisticated attackers. And we may have no idea how many zero-day hardware vulnerabilities are still up for grabs. If we can no longer trust our hardware, the foundation on which we build all security solutions is crumbling away.
That last paragraph is extremely important. The new kinds of vulnerabilities being discovered over the last couple of years involve chip architecture, not software. Running iOS or Linux instead of Windows can't save you from these sorts of attacks.

These specific announced attacks only work on Intel CPUs; AMD chips aren't vulnerable to them. But that does not mean that AMD chips don't have their own vulnerabilities that could be exploited by future attack methods, or ones currently known not to computer security analysts but to malicious parties.
 

Clara D.

FOR PRESIDENT 2020!
Joined
Dec 24, 2018
Messages
954
Location
Phoenix, AZ, USA
SL Rez
2006
Joined SLU
Back in the day.
SLU Posts
100000000
Oh lovely o_O

At least Lenovo still supports this vintage thing security--wise.
 

Katheryne Helendale

🐱 Kitty Queen🐱
Joined
Sep 20, 2018
Messages
2,488
Location
Right... Behind... You...
SL Rez
2008
Joined SLU
October 2009
Oh, bloody wonderful! Both my laptops are sporting first-generation i7 processors, and my desktop has a Core 2 Duo. Ain't no fix for any of them.
 

Clara D.

FOR PRESIDENT 2020!
Joined
Dec 24, 2018
Messages
954
Location
Phoenix, AZ, USA
SL Rez
2006
Joined SLU
Back in the day.
SLU Posts
100000000
Microsoft put out update KB4494441 today.

Notable fixes:
  • Enables “Retpoline” by default if Spectre Variant 2 (CVE-2017-5715) is enabled. Make sure previous OS protections against the Spectre Variant 2 vulnerability are enabled using the registry settings described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions). For more information about “Retpoline”, see Mitigating Spectre variant 2 with Retpoline on Windows.
  • Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions).
  • Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Graphics, Windows Storage and Filesystems, Windows Cryptography, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server .
 

Clara D.

FOR PRESIDENT 2020!
Joined
Dec 24, 2018
Messages
954
Location
Phoenix, AZ, USA
SL Rez
2006
Joined SLU
Back in the day.
SLU Posts
100000000
One should listen to the Indian callcenters, when they call for the Windows from the Microsoft. :)
Oh I always do that, and they don't get it that I'm on a Mac!
I've never gotten one of those calls, but I'd have to reboot using my emergency utilities USB stick (Puppy Linux) just for them.
 
Joined
Sep 19, 2018
Messages
881
Location
Portland, OR
SL Rez
2003
SLU Posts
4494
I had a big disagreement with my friend and my laptop may be lost forever at her place so I guess I'm safe.
 
  • 1Hug
Reactions: Brenda Archer

Katheryne Helendale

🐱 Kitty Queen🐱
Joined
Sep 20, 2018
Messages
2,488
Location
Right... Behind... You...
SL Rez
2008
Joined SLU
October 2009
I think (I hope?) I'm safe from this now, at least on my Linux machine. I had a bunch of updates today, and one of them was a microcode update for Intel processors. Here's to hoping!
 

Kara Spengler

Queer OccupyE9 Sluni-Goon
Joined
Sep 20, 2018
Messages
2,659
Location
SL: November RL: DC
SL Rez
2007
Joined SLU
December, 2008
SLU Posts
23289
One should listen to the Indian callcenters, when they call for the Windows from the Microsoft. :)
If you want to laugh out loud look for vids of people owning the scammers. Typically they play dumb, run a virtual machine (so it is isolated from their real stuff) and do things like wipe the scamming network. Scammers often run a connection program that leaves their computer open because it is cheeper than paying for something more robust.
 

Kara Spengler

Queer OccupyE9 Sluni-Goon
Joined
Sep 20, 2018
Messages
2,659
Location
SL: November RL: DC
SL Rez
2007
Joined SLU
December, 2008
SLU Posts
23289
I've never gotten one of those calls, but I'd have to reboot using my emergency utilities USB stick (Puppy Linux) just for them.
I have avoided them so far but get other tech novices. I had betaed hooking my area up to DSL years ago. Later on the company (comcast?) tried to get me to sign up and I said no. They wanted more info ("but most people LIKE faster") and eventually I said they really did not want to know but basically I did not like how their network was set up. They kept on pushing for a more concrete answer so eventually I sighed and fully answered the question.

Do NOT push for detail from someone in their own field when they are trying not to go into detail. I wound up summarizing several years of classes on networks into a few minutes. I can just IMAGINE how that call was explained in the break room or on her form!
 
  • 1LOL
Reactions: Clara D.

Kara Spengler

Queer OccupyE9 Sluni-Goon
Joined
Sep 20, 2018
Messages
2,659
Location
SL: November RL: DC
SL Rez
2007
Joined SLU
December, 2008
SLU Posts
23289
I've gotten one of those calls once. They never caught on that I was running Linux when they called. Had them going for a good half-hour before they finally gave up and hung up on me.
I am going to guess they would plain rethink their life choices if I was hacking away at my haiku laptop. :)
 
  • 1Like
Reactions: Katheryne Helendale