#speculativeexecution

IT NewsThis Week in Security: DeepSeek’s Oopsie, AI Tarpits, And Apple’s Leaks - DeepSeek has captured the world’s attention this week, with an unexpected release ... - <a href="https://hackaday.com/2025/01/31/this-week-in-security-deepseeks-oopsie-ai-tarpits-and-apples-leaks/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://hackaday.com/2025/01/31/this-week-in-security-deepseeks-oopsie-ai-tarpits-and-apples-leaks/</a> <a href="https://schleuss.online/tags/speculativeexecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#speculativeexecution</a> <a href="https://schleuss.online/tags/thisweekinsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#thisweekinsecurity</a> <a href="https://schleuss.online/tags/hackadaycolumns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hackadaycolumns</a> <a href="https://schleuss.online/tags/securityhacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securityhacks</a> <a href="https://schleuss.online/tags/deepseek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#deepseek</a> <a href="https://schleuss.online/tags/tarpits" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tarpits</a> <a href="https://schleuss.online/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a>

Richi JenningsWant more <a href="https://vmst.io/tags/SpeculativeExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SpeculativeExecution</a> bugs? “You’re gonna be in a great mood all day.”<a href="https://vmst.io/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Apple</a>’s latest three generations of <a href="https://vmst.io/tags/ARM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ARM</a> ISA chips have a pair of <a href="https://vmst.io/tags/Spectre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spectre</a>-like vulnerabilities. But, unlike other <a href="https://vmst.io/tags/SpeculativeExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SpeculativeExecution</a> flaws, this one seems like the real deal: It could actually be exploited to steal your private info. “Four or five seconds—it’s done!”<a href="https://vmst.io/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Apple</a>’s known about at least one of the bugs for TEN months. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we wonder why Tim’s crew did nothing about it. @TheFuturumGroup @TechstrongGroup @SecurityBlvd: <a href="https://securityboulevard.com/2025/01/slap-flop-apple-silicon-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2025/01/slap-flop-apple-silicon-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a> $AAPL

IT NewsApple chips can be hacked to leak secrets from Gmail, iCloud, and more - Apple-designed chips powering Macs, iPhones, and iPads contain two newly d... - <a href="https://arstechnica.com/security/2025/01/newly-discovered-flaws-in-apple-chips-leak-secrets-in-safari-and-chrome/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/security/2025/01/newly-discovered-flaws-in-apple-chips-leak-secrets-in-safari-and-chrome/</a> <a href="https://schleuss.online/tags/speculativeexecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#speculativeexecution</a> <a href="https://schleuss.online/tags/a" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#a</a>-serieschips <a href="https://schleuss.online/tags/m" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#m</a>-serieschips <a href="https://schleuss.online/tags/sidechannels" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sidechannels</a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#biz</a>⁢ <a href="https://schleuss.online/tags/apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apple</a>

aegilops :github::microsoft:Speculative execution and other microarchitectural attacks never went away, and the research just keeps getting smarter.Pathfinder introduces new tools and two new types of speculative execution, affecting Intel and AMD CPUs.<a href="https://fosstodon.org/tags/Spectre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spectre</a> <a href="https://fosstodon.org/tags/SpeculativeExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SpeculativeExecution</a> <a href="https://fosstodon.org/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSec</a> <a href="https://fosstodon.org/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AppSec</a> <a href="https://fosstodon.org/tags/VU157097" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VU157097</a><a href="https://pathfinder.cpusec.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://pathfinder.cpusec.org/</a>

cynicalsecurity :cm_2:You might by now have heard of "Downfall"¹, yet another speculative execution attack on Intel processors.The mitigations are going to cost another 50% performance on "selected workloads" which, by Murphy's, will inevitably be yours.I quote something I find really rather irritating:" [Q] Can I disable the mitigation if my workload does not use Gather?[A] This is a bad idea. Even if your workload does not use vector instructions, modern CPUs rely on vector registers to optimize common operations, such as copying memory and switching register content, which leaks data to untrusted code exploiting Gather. "No, you can freely decide to ignore microcode mitigations if you know what you are doing. There are thousands of reasons why you should not continue piling up Intel's microcode fixes on your machines and performance is indeed one of them.This attack is based on the "gather" part of the "scatter-gather" SIMD algorithms, these are pretty ubiquitous if you have ever done HPC and, well, if your HPC machine is one telnet away from the Internet then you have a bigger problem than microcode².Now, please understand, perhaps "for once and for all", that these attacks have a very simple "root cause": in the 1990s pretty much every processor manufacturer on the planet decided that performance trumped everything else and, therefore, went down (unprotected) speculative execution³. This means that it cannot be fixed within current architectures.<a href="https://bsd.network/tags/SpeculativeExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SpeculativeExecution</a> <a href="https://bsd.network/tags/NamedVulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NamedVulnerabilities</a> <a href="https://bsd.network/tags/Downfall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Downfall</a> <a href="https://bsd.network/tags/Hype" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hype</a> <a href="https://bsd.network/tags/MitigationsDoneWrong" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MitigationsDoneWrong</a>__ ¹ <a href="https://downfall.page" rel="nofollow noopener noreferrer" target="_blank">https://downfall.page</a> ² I used to manage an HPC network in the 1990s, I was hacked by, of all places, Intel in Israel (Haifa), no I cannot discuss this further, yes, I detected them. ³ If you read the literature you will discover that even IBM mainframe processors went down that route (hint, hint).

deltatux :donor:During this year's <a href="https://infosec.town/tags/BlackHat" rel="nofollow noopener noreferrer" target="_blank">#BlackHat</a> conference, security researcher Daniel Moghimi is set to present "Downfall", a new speculative execution vulnerability found in Intel processors from 2014-2023. This new speculative execution vulnerability if exploited could allow attackers steal encryption keys & passwords. Intel noted that they haven't seen this vulnerability being exploited in the wild and that detection is difficult. Moghimi stated that exploiting was relatively easy, he goes on to say:<blockquote>When I discovered this vulnerability, it took me maybe a couple of weeks to come up with attacks that work. I was just a one-person researcher without any resources, you can imagine if you have a team of black hat hackers, you can probably do a lot more with it.</blockquote>While the flaw exists in hardware, Intel has provided microcode updates & the <a href="https://infosec.town/tags/Linux" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> kernel maintainers have published mitigations for this flaw in today's kernel release. <a href="https://infosec.town/tags/infosec" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.town/tags/cybersecurity" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.town/tags/DOWNFALL" rel="nofollow noopener noreferrer" target="_blank">#DOWNFALL</a> <a href="https://infosec.town/tags/speculativeexecution" rel="nofollow noopener noreferrer" target="_blank">#speculativeexecution</a> <a href="https://infosec.town/tags/Intel" rel="nofollow noopener noreferrer" target="_blank">#Intel</a> <a href="https://infosec.town/tags/CPUBug" rel="nofollow noopener noreferrer" target="_blank">#CPUBug</a> - <a href="https://cyberscoop.com/downfall-intel-cpu-vulnerability/" rel="nofollow noopener noreferrer" target="_blank">https://cyberscoop.com/downfall-intel-cpu-vulnerability/</a> - <a href="https://www.bleepingcomputer.com/news/security/new-downfall-attacks-on-intel-cpus-steal-encryption-keys-data/" rel="nofollow noopener noreferrer" target="_blank">https://www.bleepingcomputer.com/news/security/new-downfall-attacks-on-intel-cpus-steal-encryption-keys-data/</a>

cynicalsecurity :cm_2:Quite a long list this time spanning sophisticated semiconductor properties (generating electricity from heat), some "cyberspace" legal arguments, an interesting attack against automatic speaker verification, a design "fixing" speculative execution¹, a family of low-latency ciphers, randomness in Cisco ASA (yes!), anonymising stories with privacy guarantees (thought-provoking for sure), ChatGPT fun, malicious IPFS, and a little something about the perception of privacy (also thought-provoking).Here's the shortlist: * "Semiconductor Thermal and Electrical Properties Decoupled by Localized Phonon Resonances" * "On-chip wavelength division multiplexing filters using extremely efficient gate-driven silicon microring resonator array" * "Space Cybersecurity Norms" * "Malafide: a novel adversarial convolutive noise attack against deepfake and spoofing detection systems" * "SafeBet: Secure, Simple, and Fast Speculative Execution" * "Introducing two Low-Latency Cipher Families: Sonic and SuperSonic" * "Randomness of random in Cisco ASA" * "What If Alice Wants Her Story Told?" * "Check Me If You Can: Detecting ChatGPT-Generated Academic Writing using CheckGPT" * "What's inside a node? Malicious IPFS nodes under the magnifying glass" * ""My sex-related data is more sensitive than my financial data and I want the same level of security and privacy": User Risk Perceptions and Protective Actions in Female-oriented Technologies"<a href="https://bsd.network/tags/Photonics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Photonics</a> <a href="https://bsd.network/tags/SemiconductorEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SemiconductorEngineering</a> <a href="https://bsd.network/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://bsd.network/tags/AdversarialConvolutiveAttacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AdversarialConvolutiveAttacks</a> <a href="https://bsd.network/tags/SpeculativeExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SpeculativeExecution</a> <a href="https://bsd.network/tags/LowLatencyCiphers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LowLatencyCiphers</a> <a href="https://bsd.network/tags/Randomness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Randomness</a> <a href="https://bsd.network/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a> <a href="https://bsd.network/tags/Anonymity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Anonymity</a> <a href="https://bsd.network/tags/ChatGPT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ChatGPT</a> <a href="https://bsd.network/tags/IPFS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IPFS</a>__ ¹ to me it is just memory tagging "done wrong" but I am putting it forward just in case it is my unconscious bias talking.

cynicalsecurity :cm_2:The time has come to talk of many things… today's selection is again quite varied covering topics from ChatGPT security to CHERI allocators via near-ultrasound attacks on Alexa, issues with Signal groups and a fascinating "automatic repair" for speculative execution attacks with a smattering of Belgian remote voting!* "Beyond the Safeguards: Exploring the Security Risks of ChatGPT" * "DNN-Defender: An in-DRAM Deep Neural Network Defense Mechanism for Adversarial Weight Attack" * "ChargeX: Exploring State Switching Attack on Electric Vehicle Charging Systems" * "Picking a CHERI Allocator: Security and Performance Considerations" * "Analyzing and Improving Eligibility Verifiability of the Proposed Belgian Remote Voting System" * "Comprehensively Analyzing the Impact of Cyberattacks on Power Grids" * "NUANCE: Near Ultrasound Attack On Networked Communication Environments" * "Automatic and Incremental Repair for Speculative Information Leaks" * "Poster: No safety in numbers: traffic analysis of sealed-sender groups in Signal"<a href="https://bsd.network/tags/arXiv" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#arXiv</a> <a href="https://bsd.network/tags/ResearchPapers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ResearchPapers</a> <a href="https://bsd.network/tags/ChatGPT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ChatGPT</a> <a href="https://bsd.network/tags/SpeculativeExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SpeculativeExecution</a> <a href="https://bsd.network/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> <a href="https://bsd.network/tags/Alexa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Alexa</a> <a href="https://bsd.network/tags/PowerGrids" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PowerGrids</a> <a href="https://bsd.network/tags/CHERI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CHERI</a> <a href="https://bsd.network/tags/DNN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNN</a> <a href="https://bsd.network/tags/BelgiumRemoteVoting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BelgiumRemoteVoting</a>

IT NewsThis Week in Security: Session Puzzling, Session Keys, and Speculation - Last week we briefly mentioned a vulnerability in the Papercut software, and more ... - <a href="https://hackaday.com/2023/04/28/this-week-in-security-session-puzzling-session-keys-and-speculation/" rel="nofollow noopener noreferrer" target="_blank">https://hackaday.com/2023/04/28/this-week-in-security-session-puzzling-session-keys-and-speculation/</a> <a href="https://schleuss.online/tags/speculativeexecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#speculativeexecution</a> <a href="https://schleuss.online/tags/thisweekinsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#thisweekinsecurity</a> <a href="https://schleuss.online/tags/hackadaycolumns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hackadaycolumns</a> <a href="https://schleuss.online/tags/securityhacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securityhacks</a> <a href="https://schleuss.online/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a> <a href="https://schleuss.online/tags/rdp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rdp</a>

cynicalsecurity :cm_2:G. Hu and R. Lee, "Protecting Cache States Against Both Speculative Execution Attacks and Side-channel Attacks"¹ Cache side-channel attacks and speculative execution attacks that leak information through cache states are stealthy and dangerous attacks on hardware that must be mitigated. Unfortunately, defenses proposed for cache side-channel attacks do not mitigate all cache-based speculative execution attacks and vice versa. Since both classes of attacks must be addressed, we propose comprehensive cache architectures to do this. We show a framework to analyze the security of a secure cache. We identify same-domain speculative execution attacks, and show they evade cache side-channel defenses. We present new hardware security mechanisms that address target attacks and reduce performance overhead. We design two Speculative and Timing Attack Resilient (STAR) caches that defeat both cache side-channel attacks and cache-based speculative execution attacks. These comprehensive defenses have low performance overhead of 6.6% and 8.8%.<a href="https://bsd.network/tags/arXiv" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#arXiv</a> <a href="https://bsd.network/tags/ResearchPapers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ResearchPapers</a> <a href="https://bsd.network/tags/SideChannelAttacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SideChannelAttacks</a> <a href="https://bsd.network/tags/Microarchitecture" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microarchitecture</a> <a href="https://bsd.network/tags/SpeculativeExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SpeculativeExecution</a> __ ¹ <a href="https://arxiv.org/abs/2302.00732" rel="nofollow noopener noreferrer" target="_blank">https://arxiv.org/abs/2302.00732</a>

cynicalsecurity :cm_2:For those interested in the number of ways Intel's SGX has been broken there is now a fine site:<a href="https://sgx.fail" rel="nofollow noopener noreferrer" target="_blank">https://sgx.fail</a>The introduction to the site reads:Intel's Software Guard Extension (SGX) promises an isolated execution environment, protected from all software running on the machine. In the past few years, however, SGX has come under heavy fire, threatened by numerous side channel attacks. With Intel repeatedly patching SGX to regain security, we set out to explore the effectiveness of SGX's update mechanisms to prevent attacks on real-world deployments.More specifically, we survey and categorize various SGX attacks, their applicability to different SGX architectures, as well as the information they leak. We then explored the effectiveness of SGX's update mechanisms in preventing attacks on two real-word deployments, the SECRET network and PowerDVD. In both cases, we show that these vendors are unable to meet the security goals originally envisioned for their products, presumably due to SGX's long update timelines and the complexities of a manual update process. This forces vendors to make a difficult security vs. usability trade off, resulting in security compromises.<a href="https://bsd.network/tags/SGX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SGX</a> <a href="https://bsd.network/tags/TrustedEnclaves" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TrustedEnclaves</a> <a href="https://bsd.network/tags/SpeculativeExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SpeculativeExecution</a> <a href="https://bsd.network/tags/Intel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Intel</a> <a href="https://bsd.network/tags/PowerDVD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PowerDVD</a> #

cynicalsecurity :cm_2:H. Xiao and S. Ainsworth, "Hacky Racers: Exploiting Instruction-Level Parallelism to Generate Stealthy Fine-Grained Timers"¹Side-channel attacks pose serious threats to many security models, especially sandbox-based browsers. While transient-execution side channels in out-of-order processors have previously been blamed for vulnerabilities such as Spectre and Meltdown, we show that in fact, the capability of out-of-order execution itself to cause mayhem is far more general. We develop Hacky Racers, a new type of timing gadget that uses instruction-level parallelism, another key feature of out-of-order execution, to measure arbitrary fine-grained timing differences, even in the presence of highly restricted JavaScript sandbox environments. While such environments try to mitigate timing side channels by reducing timer precision and removing language features such as SharedArrayBuffer that can be used to indirectly generate timers via thread-level parallelism, no such restrictions can be designed to limit Hacky Racers. We also design versions of Hacky Racers that require no misspeculation whatsoever, demonstrating that transient execution is not the only threat to security from modern microarchitectural performance optimization. We use Hacky Racers to construct novel backwards-in-time Spectre gadgets, which break many hardware countermeasures in the literature by leaking secrets before misspeculation is discovered. We also use them to generate the first known last-level cache eviction set generator in JavaScript that does not require SharedArrayBuffer support.<a href="https://bsd.network/tags/arXiv" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#arXiv</a> <a href="https://bsd.network/tags/ResearchPapers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ResearchPapers</a> <a href="https://bsd.network/tags/OutOfOrderExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OutOfOrderExecution</a> <a href="https://bsd.network/tags/Spectre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spectre</a> <a href="https://bsd.network/tags/Meltdown" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Meltdown</a> <a href="https://bsd.network/tags/SpeculativeExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SpeculativeExecution</a>__ ¹ <a href="https://arxiv.org/abs/2211.14647" rel="nofollow noopener noreferrer" target="_blank">https://arxiv.org/abs/2211.14647</a>

IT NewsNew working speculative execution attack sends Intel and AMD scrambling - Enlarge Some microprocessors from Intel and AMD are vulnerabl... - <a href="https://arstechnica.com/?p=1865795" rel="nofollow noopener noreferrer" target="_blank">https://arstechnica.com/?p=1865795</a> <a href="https://schleuss.online/tags/speculativeexecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#speculativeexecution</a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#biz</a>&it <a href="https://schleuss.online/tags/intel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#intel</a> <a href="https://schleuss.online/tags/cpus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cpus</a> <a href="https://schleuss.online/tags/amd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#amd</a>

IT NewsNew Spectre attack once again sends Intel and AMD scrambling for a fix - Enlarge (credit: Intel) Since 2018, an almost endless series of attacks broadly... - <a href="https://arstechnica.com/?p=1762393" rel="nofollow noopener noreferrer" target="_blank">https://arstechnica.com/?p=1762393</a> <a href="https://schleuss.online/tags/centralprocessingunit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#centralprocessingunit</a> <a href="https://schleuss.online/tags/speculativeexecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#speculativeexecution</a> <a href="https://schleuss.online/tags/spectre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spectre</a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#biz</a>&it <a href="https://schleuss.online/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tech</a> <a href="https://schleuss.online/tags/cpus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cpus</a>

IT NewsUndocumented x86 Instructions Allow Microcode Access - For an old CPU, finding all the valid instructions wasn’t very hard. You simply tried them all. Sure... - <a href="https://hackaday.com/2021/03/26/undocumented-x86-instructions-allow-microcode-access/" rel="nofollow noopener noreferrer" target="_blank">https://hackaday.com/2021/03/26/undocumented-x86-instructions-allow-microcode-access/</a> <a href="https://schleuss.online/tags/undocumentedinstructions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#undocumentedinstructions</a> <a href="https://schleuss.online/tags/speculativeexecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#speculativeexecution</a> <a href="https://schleuss.online/tags/computerhacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#computerhacks</a> <a href="https://schleuss.online/tags/softwarehacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#softwarehacks</a> <a href="https://schleuss.online/tags/microcode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#microcode</a> <a href="https://schleuss.online/tags/x86" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#x86</a>

Dr. Roy Schestowitz (罗伊)<a class="hashtag" href="https://pleroma.site/tag/security" rel="nofollow noopener noreferrer" target="_blank">#Security</a> Holes: <a class="hashtag" href="https://pleroma.site/tag/speculativeexecution" rel="nofollow noopener noreferrer" target="_blank">#SpeculativeExecution</a> Mitigation, <a class="hashtag" href="https://pleroma.site/tag/crosstalk" rel="nofollow noopener noreferrer" target="_blank">#CrossTalk</a> / <a class="hashtag" href="https://pleroma.site/tag/srbds" rel="nofollow noopener noreferrer" target="_blank">#SRBDS</a> and More <a href="http://www.tuxmachines.org/node/138580" rel="nofollow noopener noreferrer" target="_blank">http://www.tuxmachines.org/node/138580</a>

ClaudioMAlright sir.... 😕 <a href="https://mastodon.xyz/tags/linux" class="mention hashtag" rel="tag">#linux</a> <a href="https://mastodon.xyz/tags/speculativeexecution" class="mention hashtag" rel="tag">#speculativeexecution</a> <a href="https://mastodon.xyz/tags/mitigations" class="mention hashtag" rel="tag">#mitigations</a><a href="https://make-linux-fast-again.com/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://make-linux-fast-again.com/</a>

Semi news bot of the FediInstall updates now to address a vulnerability in most Intel CPUs <a href="https://www.engadget.com/2019/05/15/intel-mds-exploit/" rel="nofollow noopener noreferrer" target="_blank">https://www.engadget.com/2019/05/15/intel-mds-exploit/</a> <a href="https://mstdn.foxfam.club/tags/speculativeexecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#speculativeexecution</a> <a href="https://mstdn.foxfam.club/tags/personalcomputing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#personalcomputing</a> <a href="https://mstdn.foxfam.club/tags/personalcomputing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#personalcomputing</a> <a href="https://mstdn.foxfam.club/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vulnerability</a> <a href="https://mstdn.foxfam.club/tags/zombieload" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#zombieload</a> <a href="https://mstdn.foxfam.club/tags/meltdown" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#meltdown</a> <a href="https://mstdn.foxfam.club/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mstdn.foxfam.club/tags/exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#exploit</a> <a href="https://mstdn.foxfam.club/tags/fallout" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fallout</a> <a href="https://mstdn.foxfam.club/tags/spectre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spectre</a> <a href="https://mstdn.foxfam.club/tags/mobile" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mobile</a> <a href="https://mstdn.foxfam.club/tags/intel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#intel</a> <a href="https://mstdn.foxfam.club/tags/patch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#patch</a> <a href="https://mstdn.foxfam.club/tags/gear" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gear</a> <a href="https://mstdn.foxfam.club/tags/ridl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ridl</a> <a href="https://mstdn.foxfam.club/tags/mds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mds</a>

Semi news bot of the FediNew speculative execution bug leaks data from Intel chips’ internal buffers <a href="https://arstechnica.com/?p=1504973" rel="nofollow noopener noreferrer" target="_blank">https://arstechnica.com/?p=1504973</a> <a href="https://mstdn.foxfam.club/tags/speculativeexecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#speculativeexecution</a> <a href="https://mstdn.foxfam.club/tags/meltdown" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#meltdown</a> <a href="https://mstdn.foxfam.club/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mstdn.foxfam.club/tags/spectre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spectre</a> <a href="https://mstdn.foxfam.club/tags/intel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Intel</a> <a href="https://mstdn.foxfam.club/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tech</a>

Bob JonkmanThat also gives a good explanation of modern chip architecture: #<a href="https://gs.jonkman.ca/tag/pipelining" rel="nofollow noopener noreferrer" target="_blank">Pipelining</a>, #<a href="https://gs.jonkman.ca/tag/scalar" rel="nofollow noopener noreferrer" target="_blank">Scalar</a> vs. #<a href="https://gs.jonkman.ca/tag/nonscalar" rel="nofollow noopener noreferrer" target="_blank">NonScalar</a>, OutOfOrderProcessing, #<a href="https://gs.jonkman.ca/tag/speculativeexecution" rel="nofollow noopener noreferrer" target="_blank">SpeculativeExecution.</a> #<a href="https://gs.jonkman.ca/tag/spectre" rel="nofollow noopener noreferrer" target="_blank">Spectre</a> #<a href="https://gs.jonkman.ca/tag/meltdown" rel="nofollow noopener noreferrer" target="_blank">Meltdown</a> #<a href="https://gs.jonkman.ca/tag/security" rel="nofollow noopener noreferrer" target="_blank">Security</a>

Recent searches

Search options

Administered by:

Server stats:

#speculativeexecution