How the Spectre and Meltdown Hacks Really Worked We’re used to thinking of computer processors as orderly machines that proceed from one simple instruction to the next with complete regularity. But the truth is, that for decades now, they’ve been doing their tasks out of order and just guessing at what should come next. They’re very good at it, of course. So good… Read More
Google and Microsoft Reveal New Spectre Attack Both Google and Microsoft researchers discovered the bug independently. The bugs work similarly to the Meltdown and Spectre bugs, a reason why they were classified as ‘variant 3a’ and ‘variant 4’ instead of separate vulnerabilities altogether. Variant 3a is a variation of the Meltdown flaw, while Variant 4 is a new Spectre-like attack. The most… Read More
Second wave of Spectre-like CPU security flaws won’t be fixed for a while The new bunch of Spectre-like flaws revealed last week won’t be patched for at least 12 days. German outlet Heise, which broke news of the eight Spectre-like vulnerabilities last week has now reported that Intel wants disclosure of the flaws delayed until at least May 21. Last week, Heise noted that one participant in the… Read More
Intel Admits It Won’t Be Possible to Fix Spectre (V2) Flaw in Some Processors Some Intel processors will not receive security patches for the Spectre (variant 2) side-channel analysis attack. Source: thehackernews… Read More
Meltdown, Spectre, and the Costs of Unchecked Innovation Both attacks rely on using high-speed timing measurements to detect sensitive information, so somewhat counterintuitively, the patches had to decrease the speed of seemingly mundane computations. The first change was to slow down the performance API for web browsers, which had previously been able to analyze the behavior of a page at speeds fast enough… Read More
How Intel Is Moving From Software Fixes to Hardware Redesigns to Combat Spectre and Meltdown The problem that night for Singhal, who oversees the development of the architecture for all of Intel’s processors, was that something was wrong with the patches. Among all the millions and millions of computers in use around the world running Intel CPUs, one of the patches for Spectre was causing some computers to freeze up… Read More
Researchers Point to an AMD Backdoor—And Face Their Own Backlash When the Spectre and Meltdown vulnerabilities were revealed in millions of processors earlier this year, those deep-seated vulnerabilities rattled practically the entire computer industry. Now a group of Israeli researchers is outlining a new set of chip-focused vulnerabilities that, if confirmed, would represent another collection of flaws at the core of computer hardware, this time… Read More
Exploits in C/C++ to compiled JavaScript / WebAssembly The Meltdown and Spectre vulnerabilities in modern CPUs from Intel/AMD/ARM revealed surprising attack vectors in computing. Everything from low level Operating System Kernel components to JavaScript running in Billions of browsers could be exploited by using Spectre variants 1 and 2. Source: react-etc… Read More
SgxSpectre Attack Can Extract Data from Intel SGX Enclaves A new variation of the Spectre attack has been revealed this week by six scientists from the Ohio State University. Named SgxSpectre, researchers say this attack can extract information from Intel SGX enclaves. Intel Software Guard eXtensions (SGX) is a feature of modern Intel processors that allow an application to create so-called enclaves. This enclave… Read More
Spectre exploit demo In this demo, we will dump user data without reading it. If you translate the code into Javascript, you could dump IE browser data. Source: github… Read More