Not good. o_0. mudge posted this on birdsite. #Intel
On stage today, during the Cyber-ITL talk at ShmooCon, Patrick dropped a little 0day that speculative execution executed data (ignoring non-execute markings).
That’s r-x... for those keeping track.
(rowhammer for the write anyone?)
@akpoff this is not exactly surprising: within Intel processors it seems now safe to assume that all protection of any kind is ignored once speculative execution is initiated.
I suspect that, in the rush to get x86_64 out /and/ with better performance than AMD's amd64, several corners were cut. It is worthwhile remembering that the first x86_64 was, basically, 64-bit emulation on a 32-bit core written in microcode…
@cynicalsecurity Agreed. It was only a matter of time. Within days of the initial public disclosure I saw quite a bit of, er, speculation about the possibility of rowhammer attacks.
Looks like consumer groups, US states' AGs and perhaps in #AMD will have some serious opportunities to go after #Intel.
@akpoff This is the end of this era of computing. period... what comes next will be a setback, and a new way of processing data.
@thegibson I don't know. I hope you're wrong. At a minimum it appears to be a setback to #AMD performance levels.
Though perhaps there are other dragons lurking in AMD's implementation as well. :(
@akpoff every architecture is affected... Spectre is here to stay.
I am sure we will find more in the coming months...
I'm not even sure that behavioral detection can really do anything with this either... although i'm trying.
@akpoff Consider that this is the largest threat, and mitigation task (by volume) we have ever faced.
And now this...
https://www.theverge.com/2018/1/22/16919426/intel-advises-pause-deployment-of-spectre-patch
It is not world ending, but it is world-changing.
@akpoff welll fuck