All Questions
17
questions
3
votes
0
answers
184
views
How to select a CPU to buy for the best security?
Various versions of Spectre, Meltdown, Foreshadow and ZombieLoad make it quite the jungle trip to navigate which CPUs are affected, how to mitigate them.
Right now, my problem is that I need a new ...
0
votes
0
answers
154
views
Secure code makes exploitation easier with CPU vulnerabilities?
I researched CPU vulnerabilities in the past, such as Specter and Meltdown.
I read that one of those attacks is made easier if the code is a certain way. I cannot remember if it was related to being ...
1
vote
1
answer
214
views
are small SOC chips also affected by Meltdown and Spectre?
How can I find out, if given CPU is affected by the Meltdown and Spectre bugs ?
My CPU is relatively older, and it is a SOC chip:
AMD GX-412TC SOC
I was not able to find, whether these chips also ...
4
votes
1
answer
5k
views
Sacrificing 30% of my CPU performance (by disabling Hyper-Threading) to fully mitigate CPU vulnerabilities, necessary?
I used the spectre-meltdown-checker, version 0.42, without any option resulting in all-green results. But, in a help page, I found the --paranoid switch, which resulted in about a half of later CVEs ...
1
vote
0
answers
144
views
How would one compare Cache Allocating Technology against MIT's Dynamically Allocated Way Guard for prevention of the Spectre side-channel Attack?
Upon research, I'm finding it difficult to identify a way to compare each solution. Is it correct in saying both solutions are software based? Therefore, could I compare overall PC perfomance with ...
0
votes
1
answer
239
views
Do any speculative executation attacks affect ARMv7 CPUs?
Do we know if there are speculative execution attacks that affect ARMv7 CPUs at this time? Are there any theoretical risks that need further investigation?
16
votes
2
answers
3k
views
Are new AMD processors more secure than Intel ones?
Since the discovery of Meltdown and Spectre, CPU security has been compromised and trust to the main manufacturers reduced, particularly Intel. 8 months later I wonder, what CPUs are more secure at ...
5
votes
1
answer
2k
views
Can speculative execution on intel cpu be disabled?
In the light of all the recent Intel Vulnerabilities with speculative execution, can speculative execution be fully disabled to protect from all this vulnerabilities, from BIOS or OS kernel?
Maybe ...
3
votes
1
answer
414
views
How to fix Spectre variant 3a and variant 4?e
How I can fix CVE-2018-3640 [rogue system register read] aka 'Variant 3a' and CVE-2018-3639 [speculative store bypass] aka 'Variant 4'? My status for them is VULNERABLE. I have Intel CPU and using ...
-1
votes
2
answers
229
views
Extracting passwords from recycled machine using Spectre and Meltdown
With Spectre and Meltdown, hackers can extract your password from the CPU cache. If I give someone my computer without the hard drive, can he extract my passwords through the CPU?
1
vote
1
answer
152
views
Does Speculative Store Bypass Attack Require Assembly/Source Code Knowledge?
ok, so the gist of speculative store bypass attack to my understanding is that, cpu chooses the most frequent code path, bypass the if/else test and just assumes that it's true/false and then execute ...
1
vote
0
answers
275
views
What Spectre V2 patches fixes which vulnerabilties on Linux?
Let's assume I have a computer with a pre-Skylake Intel processor that doesn't have microcode mitigating the Spectre V2 attack. Then to my understanding, if the kernel and all user-space applications ...
9
votes
3
answers
526
views
How can CPU designers prevent information leaks from speculated execution?
We know about short-term measures to mitigate the Meltdown and Spectre vulnerabilities in certain microprocessors where speculative execution has measurable effects on cache timings (mainly patches to ...
8
votes
1
answer
1k
views
Intel firmware/microcode updates that make processors "immune" to both Spectre and Meltdown?
Recently Intel has claimed the following in a press release (emphasis added):
SANTA CLARA, Calif., Jan. 4, 2018 — Intel has developed and is rapidly issuing updates for all types of Intel-based ...
5
votes
2
answers
1k
views
Are VIA CPUs vulnerable to Spectre/Meltdown attacks?
I couldn't find any information about the recently published Spectre/Meltdown attacks affecting VIA CPUs.
Are they also affected by this vulnerabilities?