Category Archives: Spectre

Peering Into a Running Brain: SDRAM Refresh Analyzed from Userspace

Over on the Cloudflare blog, [Marek] found himself wondering about computer memory, as we all sometimes do. Specifically, he pondered if he could detect the refresh of his SDRAM from within a running program. We’re probably not ruining the surprise by telling you that the answer is yes — with a little more than 100 lines of C and help from our old friend the Fast Fourier Transform (FFT), [Marek] was able to detect SDRAM refresh cycles every 7818.6 ns, lining right up with the expected result.

The “D” in SDRAM stands for dynamic, meaning that unless periodically refreshed by …read more

Continue reading

Posted in computer hacks, fft, Meltdown, refresh, Rowhammer, sdram, security hacks, Spectre | Leave a comment

Hacking Your Way to a Custom TV Boot Screen

More and more companies are offering ways for customers to personalize their products, realizing that the increase in production cost will be more than made up for by the additional sales you’ll net by offering a bespoke product. It’s great for us as consumers, but unfortunately we’ve still got a ways to go before this attitude permeates all corners of the industry.

[Keegan Ryan] recently purchased a TV and wanted to replace its stock boot screen logo with something of his own concoction, but sadly the set offered no official way to make this happen. So naturally he decided to …read more

Continue reading

Posted in Binwalk, bus pirate, dd, firmware, hardware, home entertainment hacks, Spectre, spi | Leave a comment

Foreshadow: The Sky Is Falling Again for Intel Chips

It’s been at least a month or two since the last vulnerability in Intel CPUs was released, but this time it’s serious. Foreshadow is the latest speculative execution attack that allows balaclava-wearing hackers to steal your sensitive information. You know it’s a real 0-day because it already has a domain, a logo, and this time, there’s a video explaining in simple terms anyone can understand why the sky is falling. The video uses ukuleles in the sound track, meaning it’s very well produced.

The Foreshadow attack relies on Intel’s Software Guard Extension (SGX) instructions that allow user code to allocate …read more

Continue reading

Posted in cpu, foreshadow, intel, intel CPU, Meltdown, news, security, security hacks, Spectre | Leave a comment

Spectre and Meltdown: Attackers Always Have The Advantage

While the whole industry is scrambling on Spectre, Meltdown focused most of the spotlight on Intel and there is no shortage of outrage in Internet comments. Like many great discoveries, this one is obvious with the power of hindsight. So much so that the spectrum of reactions have spanned an extreme range. From “It’s so obvious, Intel engineers must be idiots” to “It’s so obvious, Intel engineers must have known! They kept it from us in a conspiracy with the NSA!”

We won’t try to sway those who choose to believe in a conspiracy that’s simultaneously secret and obvious to …read more

Continue reading

Posted in intel, Meltdown, rants, security flaws, security hacks, Spectre | Leave a comment

Getting a Handle on Meltdown Update Impact, Stay Tuned for Spectre

When news broke on Meltdown and Spectre ahead of the original disclosure plan, word spread like wildfire and it was hard to separate fact from speculation. One commonly repeated claim was that the fix would slow down computers by up to 30% for some workloads. A report released by Microsoft today says that “average users” with post-2015 hardware won’t notice the difference. Without getting into specific numbers, they mention that they expect folks running pre-2015 hardware to experience noticeable slowdowns with the patches applied.

The impact from Meltdown updates are easier to categorize: they slow down the transition from an …read more

Continue reading

Posted in intel, Meltdown, microsoft, patch, security hacks, software hacks, Spectre, windows | Leave a comment

Speculative Execution Was A Troublemaker For Xbox 360

Part of why people can’t stop talking about Meltdown/Spectre is the fact that all the individual pieces have been sitting in plain sight for a long time. When everyone saw how it all came together last week, many people (and not even necessarily security focused people) smacked themselves on the forehead: “Why didn’t I see that earlier?” Speculative execution has caused headaches going way back. [Bruce Dawson] tells one such story he experienced back in 2005. (Warning: ads on page may autoplay video.)

It’s centered around Xbox 360’s custom PowerPC processor. Among the customization on this chip was the addition …read more

Continue reading

Posted in Meltdown, news, powerpc, Spectre, speculative execution, xbox 360, Xbox Hacks | Leave a comment

Hackaday Links: January 7, 2018

Whelp, Spectre and Meltdown are the tech news du jour right now, and everyone is wondering: what is the effect of this problem on real hardware in real server rooms? Epic Games patched their machines and found something shocking. The CPU utilization for one of their online services increased about 100%. We don’t know what this server is doing, or what this process is, but the Spectre and Meltdown patches will increase CPU load depending on the actual code running. This is bad for Epic — they now have to buy an entirely new server farm. This is doubly bad …read more

Continue reading

Posted in Meltdown, RDA5981, shmoocon, Spectre | Leave a comment

Lowering JavaScript Timer Resolution Thwarts Meltdown and Spectre

The computer security vulnerabilities Meltdown and Spectre can infer protected information based on subtle differences in hardware behavior. It takes less time to access data that has been cached versus data that needs to be retrieved from memory, and precisely measuring time difference is a critical part of these attacks.

Our web browsers present a huge potential surface for attack as JavaScript is ubiquitous on the modern web. Executing JavaScript code will definitely involve the processor cache and a high-resolution timer is accessible via browser performance API.

Web browsers can’t change processor cache behavior, but they could take away malicious …read more

Continue reading

Posted in intel, javascript, Meltdown, news, security hacks, slider, software hacks, Spectre, web browser | Leave a comment