Jump to content
Science Forums

The Meltdown And Spectre Bugs For Dummies


Recommended Posts

All my non-tech or even tech-but-not-InfoSec-literate friends have been asking me about the "bug" announced this week by Intel and AMD (and others!) and what it means for them. I wrote up the following and thought I'd share it.

 

Note this includes some unconfirmed and reaching-into-conspiracy-theory speculation that may not be true, but I've attempted here to provide a non-tech explanation for why so many InfoSec people are buzzing about the possibilities....

 

I'm happy to dive into tech explanation too in this thread, so ask away, but I thought I'd start with the non-tech version.

 

It’s not something you’re going to have to worry much about directly, as it’s complicated to use and not very good for attacking large numbers of targets indiscriminately.

 
What IS disturbing about it, and that the InfoSec community has been buzzing about the most is that the nature of the problem does NOT look like a “bug” but rather very much like the sort of thing that the NSA would actually ask the chip manufacturers to put in their chips to allow them to spy on literally everyone. As I said, it’s not good for loading on a million computers to steal millions of passwords, but it is good for targeting a specific set of computers that are set up in a specific way (like computers in the Kremlin that are all configured the same way with sophisticated security protections, or centrifuges in an Iranian uranium processing plant), and gaining control of them. This “flaw” has literally been there for 20 years, and smart people finally figured it out, so now that the chip manufacturers have been caught (and it’s all of them, not just Intel), they’re having to close up the security hole and pretend they’re not putting a new one in at the same time.
 
So, bottom line is that you don’t have to worry about it for yourself, but it’s bad news for NSA targets, and that’s not a problem unless the fascists complete their takeover of the government!
 
The semi-technical explanation is this: 
  • In order to make processors run faster, they grab a bunch of information that is near what they’re currently working on in anticipation that you might want it.
  • To make the “grabbing” faster, it doesn’t bother checking to make sure that the program that’s currently running has a right to look at the info it grabbed.
  • The info it grabbed goes into very fast memory inside the chip as a copy of the data (this is called a “cache”)
  • To protect security, when the processor finally gets around to asking for info, it does check to see if the program is allowed to access it, and prevents access to that “cached data” if it’s not allowed. This part all works fine.
  • If the data that was grabbed isn’t asked for as expected, the processor removes it from the cache, so that it isn’t accessed from any other programs, also for security’s sake.
  • What researchers found was that the processor *starts* to erase the info it grabbed at this point, but if it guessed you wanted a lot of info and it pulled it all in, it *stops* before all of it is erased. That’s the “flaw”. 
  • It does this in a very repeatable and consistent way, thus providing a way for programs to be written that can go through and access anything in memory, simply by making requests “near” sensitive data, for example your password or the security key that lets protected files be read.
So what this means is that it looks like the “flaw” was actually purposely built into the processors, and it’s been there for a very, very long time.
 
 
The real rulers of a nation are undiscoverable. :phones:
Buffy
Link to post
Share on other sites

 

All my non-tech or even tech-but-not-InfoSec-literate friends have been asking me about the "bug" announced this week by Intel and AMD (and others!) and what it means for them. I wrote up the following and thought I'd share it.

 

Note this includes some unconfirmed and reaching-into-conspiracy-theory speculation that may not be true, but I've attempted here to provide a non-tech explanation for why so many InfoSec people are buzzing about the possibilities....

 

I'm happy to dive into tech explanation too in this thread, so ask away, but I thought I'd start with the non-tech version.

 

It’s not something you’re going to have to worry much about directly, as it’s complicated to use and not very good for attacking large numbers of targets indiscriminately.

 
....
  • It does this in a very repeatable and consistent way, thus providing a way for programs to be written that can go through and access anything in memory, simply by making requests “near” sensitive data, for example your password or the security key that lets protected files be read.
So what this means is that it looks like the “flaw” was actually purposely built into the processors, and it’s been there for a very, very long time.
 
 

 

Lol, I wouldn't worry about that, there are much easier ways than that to steal passwords look up a "RAT" Program or another one being Remote Packet Sender which can cook processors and send commands in HEX.

 

For Instance send this program through a remote packet sender in a packet and see what happens..... it will physically melt the processor. 

 

[* Easily searchable script kiddie program deleted for brevity and to avoid breaking several laws *]

 

Which [* Hex binary code deleted, ibid *] says SPEED+ SPEED+ SPEED+ SPEED+ Divide by Zero 
 
 
 
When you are hit by Medvil's Null Void Loop, you get a very specific sound, which sounds like a audio glitch "BUZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT"
 
 
as it repeatedly speed up and stacks your processor until it melts.
Edited by Buffy
for boring legal reasons.
Link to post
Share on other sites

Lol, I wouldn't worry about that, there are much easier ways than that to steal passwords look up a "RAT" Program or another one being Remote Packet Sender which can cook processors and send commands in HEX.

 

 

Sure, but that's not the point. Targeted security info on protected machines requires additional, more complicated approaches, especially if you're trying to cover your tracks or remain hidden even after the initial theft.

 

Anyone can use script kiddie stuff, but it doesn't get you much on really protected systems.

 

And re: your PM to me, yes, this flaw has been exploited for a very long time, just not many people knew about it.

 

And THAT shows that these kinds of things that our security services do actually make us LESS safe and secure, and they should stop! :oh_really:

 

 

When a spy sells something entirely new, all he needs to do is recount something you could find in any second-hand book stall, :phones:

Buffy

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...