Questions tagged [spectre]
A side-channel vulnerability from 2018, affecting modern microprocessors that perform branch prediction (such as Intel, AMD, ARM, Sparc and PowerPC), allowing user processes to read memory belonging to other processes. Affects Linux, OS X, and Windows.
96
questions
2
votes
1
answer
46
views
How can a timing/cache side-channel attack be performed? How can attack know the time of which certain instructions are performed by the victim?
About timing my question is:
How can attack know the time of which certain instructions are performed by the victim?
And about the cache, how can attacker know which cache line is being accessed by ...
- 356
3
votes
1
answer
870
views
Mitigation of Spectre and Meltdown affecting host OS from guest OS (Virtualbox)
I don't know all the details of Spectre and Meltdown, but the way I understand it is that they allow reading from memory, not writing to it. Also, I read that at least Spectre can get out of the ...
CommunityBot
- 1
2
votes
1
answer
825
views
Does enabling SharedArrayBuffers via service worker headers create Spectre vulnerability?
In browsers, use of SharedArrayBuffer is restricted to sites with the following HTTP headers because otherwise it exposes vulnerabilities to Spectre and Meltdown.
Cross-Origin-Embedder-Policy: require-...
- 125
4
votes
1
answer
375
views
What does COEP do that CSP doesn't already do?
Both Cross-Origin-Embedder-Policy and Content-Security-Policy seem to do pretty similar things: they restrict the document from loading certain types of subresources (e.g. cross-origin subresources). ...
- 204k
5
votes
1
answer
848
views
Reducing resolution of timers as mitigation against Meltdown and Spectre
I have read that Firefox' current mitigation against Meltdown and Spectre (from 57.x) consists of the following:
The resolution of performance.now() will be reduced to 20µs.
The ...
- 67k
16
votes
2
answers
3k
views
Are new AMD processors more secure than Intel ones?
Since the discovery of Meltdown and Spectre, CPU security has been compromised and trust to the main manufacturers reduced, particularly Intel. 8 months later I wonder, what CPUs are more secure at ...
- 67k
1
vote
2
answers
535
views
Are Haswell CPUs still secure? Do they still get microcode updates?
I have a Dell laptop with a Haswell CPU, and the recent Retbleed vulnerabilities made me think how vulnerable it is in general. The whitepaper implies Haswell quite a lot, but it wasn't tested. I keep ...
- 131k
0
votes
1
answer
958
views
COOP and COEP: Is there an advantage to enabling COOP / COEP if I don't need to use the sharedArrayBuffer or other features?
COOP: cross origin opener policy
COEP: Cross origin embedder policy
Most of the articles on the web, related to COOP / COEP, point to the fact that by enabling COOP / COEP , your web page can use the ...
- 121
3
votes
0
answers
184
views
How to select a CPU to buy for the best security?
Various versions of Spectre, Meltdown, Foreshadow and ZombieLoad make it quite the jungle trip to navigate which CPUs are affected, how to mitigate them.
Right now, my problem is that I need a new ...
- 131
1
vote
1
answer
216
views
Are CPU side-channel attacks still a concern on VPSs
I've been looking into getting a VPS to run an OpenVPN server on and a few other things. I've been speaking to a hosting company and they have sent me this screenshot to show they are protected ...
- 135k
1
vote
1
answer
509
views
Is protecting against Meltdown and Spectre on virtual servers actually possible?
I've been reading into the Meltdown and Spectre bugs recently and the issues they cause for virtualised servers, as memory in one VM can potentially be accessed by another user in a separate VM with ...
- 135k
2
votes
2
answers
266
views
What is the impact and threat of Spectre in Javascript?
If you have looked into this demo of Spectre in JavaScript: Did I get it right that only current site memory can be accessed, due to site isolation etc? I saw there is also an addon to detect attackts ...
CommunityBot
- 1
0
votes
1
answer
304
views
Are there any class of systems where it is safe to disable spectre and meltdown patches
I was not able to find a definite answer to the question whether it is safe to disable spectre and meltdown vulnerabilities but i could articles that suggests the defaults might be revisited & ...
- 204k
2
votes
1
answer
1k
views
Privacy implications of Intel CPU backdoors [closed]
I didn't follow all the episodes about backdoors in Intel CPUs
What can intelligence or law enforcement agencies potentially do on a computer equipped with a vulnerable Intel CPU (connected to the ...
- 67k
1
vote
0
answers
307
views
Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR
I'm trying to understand and perform the Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR. The author have released the proof-of-concept code.
I'm trying to run the attack on my Intel ...
- 111