Skip to main content
Information Security

All Questions

Ask Question
Tagged with
17 questions
Newest Active Bountied Unanswered
3 votes
0 answers
184 views

How to select a CPU to buy for the best security?

Various versions of Spectre, Meltdown, Foreshadow and ZombieLoad make it quite the jungle trip to navigate which CPUs are affected, how to mitigate them. Right now, my problem is that I need a new ...
Teekin's user avatar
Teekin
  • 131
0 votes
0 answers
154 views

Secure code makes exploitation easier with CPU vulnerabilities?

I researched CPU vulnerabilities in the past, such as Specter and Meltdown. I read that one of those attacks is made easier if the code is a certain way. I cannot remember if it was related to being ...
user5623335's user avatar
user5623335
  • 713
1 vote
1 answer
214 views

are small SOC chips also affected by Meltdown and Spectre?

How can I find out, if given CPU is affected by the Meltdown and Spectre bugs ? My CPU is relatively older, and it is a SOC chip: AMD GX-412TC SOC I was not able to find, whether these chips also ...
Martin Vegter's user avatar
Martin Vegter
  • 1,731
4 votes
1 answer
5k views

Sacrificing 30% of my CPU performance (by disabling Hyper-Threading) to fully mitigate CPU vulnerabilities, necessary?

I used the spectre-meltdown-checker, version 0.42, without any option resulting in all-green results. But, in a help page, I found the --paranoid switch, which resulted in about a half of later CVEs ...
Vlastimil Burián's user avatar
Vlastimil Burián
  • 1,717
1 vote
0 answers
144 views

How would one compare Cache Allocating Technology against MIT's Dynamically Allocated Way Guard for prevention of the Spectre side-channel Attack?

Upon research, I'm finding it difficult to identify a way to compare each solution. Is it correct in saying both solutions are software based? Therefore, could I compare overall PC perfomance with ...
Chris's user avatar
Chris
  • 11
0 votes
1 answer
239 views

Do any speculative executation attacks affect ARMv7 CPUs?

Do we know if there are speculative execution attacks that affect ARMv7 CPUs at this time? Are there any theoretical risks that need further investigation?
user avatar
user115400
16 votes
2 answers
3k views

Are new AMD processors more secure than Intel ones?

Since the discovery of Meltdown and Spectre, CPU security has been compromised and trust to the main manufacturers reduced, particularly Intel. 8 months later I wonder, what CPUs are more secure at ...
user3770060's user avatar
user3770060
  • 163
5 votes
1 answer
2k views

Can speculative execution on intel cpu be disabled?

In the light of all the recent Intel Vulnerabilities with speculative execution, can speculative execution be fully disabled to protect from all this vulnerabilities, from BIOS or OS kernel? Maybe ...
user3604665's user avatar
user3604665
  • 153
3 votes
1 answer
414 views

How to fix Spectre variant 3a and variant 4?e

How I can fix CVE-2018-3640 [rogue system register read] aka 'Variant 3a' and CVE-2018-3639 [speculative store bypass] aka 'Variant 4'? My status for them is VULNERABLE. I have Intel CPU and using ...
user183433's user avatar
user183433
  • 31
-1 votes
2 answers
229 views

Extracting passwords from recycled machine using Spectre and Meltdown

With Spectre and Meltdown, hackers can extract your password from the CPU cache. If I give someone my computer without the hard drive, can he extract my passwords through the CPU?
justlinx69's user avatar
justlinx69
  • 53
1 vote
1 answer
152 views

Does Speculative Store Bypass Attack Require Assembly/Source Code Knowledge?

ok, so the gist of speculative store bypass attack to my understanding is that, cpu chooses the most frequent code path, bypass the if/else test and just assumes that it's true/false and then execute ...
Sajuuk's user avatar
Sajuuk
  • 291
1 vote
0 answers
275 views

What Spectre V2 patches fixes which vulnerabilties on Linux?

Let's assume I have a computer with a pre-Skylake Intel processor that doesn't have microcode mitigating the Spectre V2 attack. Then to my understanding, if the kernel and all user-space applications ...
arcus_mannen's user avatar
arcus_mannen
  • 125
9 votes
3 answers
526 views

How can CPU designers prevent information leaks from speculated execution?

We know about short-term measures to mitigate the Meltdown and Spectre vulnerabilities in certain microprocessors where speculative execution has measurable effects on cache timings (mainly patches to ...
Toby Speight's user avatar
Toby Speight
  • 1,226
8 votes
1 answer
1k views

Intel firmware/microcode updates that make processors "immune" to both Spectre and Meltdown?

Recently Intel has claimed the following in a press release (emphasis added): SANTA CLARA, Calif., Jan. 4, 2018 — Intel has developed and is rapidly issuing updates for all types of Intel-based ...
Alexander O'Mara's user avatar
Alexander O'Mara
  • 8,844
5 votes
2 answers
1k views

Are VIA CPUs vulnerable to Spectre/Meltdown attacks?

I couldn't find any information about the recently published Spectre/Meltdown attacks affecting VIA CPUs. Are they also affected by this vulnerabilities?
ml-'s user avatar
ml-
  • 153

15 30 50 per page
1
2