[FRIAM] Meltdown & Spectre
Marcus Daniels
marcus at snoutfarm.com
Thu Jan 4 23:23:53 EST 2018
Hah. That’s pretty much the end.
The out-of-order-execution machinery has a (poker) ‘give’ that can be exploited.
Of course it could. Probably has been in use for years. Wow.
Sent from my iPhone
On Jan 4, 2018, at 7:03 PM, Gillian Densmore <gil.densmore at gmail.com<mailto:gil.densmore at gmail.com>> wrote:
I don't pretend to have some of the tech reading skills to have followed that article well. Is what it saying is Intell CPU's are bad about making sure it has enough extra hands hands to make sure they can do something before doing so. And that basically it's possible to basically make a smart are program that tells your computers brain it can do something and not to bother checking, no really don't bother if it can do something
Question: How realisticly likely (or do able) is that? and isn't that quite a bit like many of the jerk fake websites wich spam Chrome/Chromium browsers trolling scripts that say: your computer has a bug a bajillion times so as the browers goes kaboom? On windows 10 almost all of them try to look like a fake patch or flash update or something and make an obnoxous beep or alert type of sound "your computer is infected! call MS tech Support " If that's oddly specific I have run into that. particular one. Their's probably others like it.
So if I read this right: a Meltdown/Spectre style aholery tells your computer a whoper of a story. Realy fast in the hopes, of burning through more brain power than it has? Didn't we have this in the 80's and 90's? Something like a DDOS and Ping of Doom and other similler issues? Didn't they fix that after Anonymous found out how to crash the whole Sony Network just bey changing their clocks?(and doing the same to Battlenet/D) many years ago? I know they crashed battle.net<http://battle.net> using a fake patch that basically told a whoper to blizzards (then) only clock, such that when people updated to a fake patch it kept doing so (9999999 times a second because the clock was lied to)
I don't know what was more impressive that they could make a fake patch, [and users didn't know it was fake including me]Or that no one at blizzard or activision checked , or that patch bassically sat in 2billion peoples cache for almost 3 months
Please correct me if I'm wrong. Spectre/Meltdown look to be in the same vane.but (possible) able to reak much more havoc.
The technique of lying to the computers memory is strangely similler how some game bots work. Is that for speed? or just a limitation of processors? if you know. I am genuinely curius^_^
et.worldofwarcraft.wikia.com/wiki/Warden_(software)<http://et.worldofwarcraft.wikia.com/wiki/Warden_(software)>
<https://www.google.com/search?source=hp&ei=zNlOWtDLKqrAjwSvvaDICA&q=wow+game+bots+warden&oq=wow+game+bots+warden&gs_l=psy-ab.3..33i22i29i30k1.405.7040.0.7446.21.20.0.0.0.0.128.1941.13j7.20.0....0...1.1.64.psy-ab..1.18.1791.0..0j35i39k1j0i131k1j0i20i264k1j0i131i20i264k1j0i20i264i46k1j46i20i264k1j0i22i30k1j33i160k1.0.bv_7I0k1L_0#>
1. <http://webcache.googleusercontent.com/search?q=cache:Vm9K23B41ZAJ:et.worldofwarcraft.wikia.com/wiki/Warden_(software)+&cd=1&hl=en&ct=clnk&gl=us>
2. <https://www.google.com/search?q=related:et.worldofwarcraft.wikia.com/wiki/Warden_(software)+wow+game+bots+warden&tbo=1&sa=X&ved=0ahUKEwiQ9Nva2r_YAhXWqYMKHYd1Dp0QHwgtMAA>
For example on the legit side:Warden (WarCrafts memory and saftey system) helps tell legit bots (called mobs and NPC's) what to do. It's possible to mis-lead Warden in a simillar way as spectre, Some scripting stunts (cache from LUA for example)
can at ask Warden what it's thinging about (IF ha ha haha the Warden+LuA key chained API hahahahah hasn't changed a running joke for LUA enthusiasts because it will )
On the good side that meens realy bad ass things like tweaking textures or how some stuff to just your computer looks, or adding nice quality of life things.
However some people use that to cheat well beyond what the company allows and I can't help but wonder if iSpectre/Meltdown use simillar tricks just because the way it looks to work to me is very simillar to how some game bots and Mobs work.
On Thu, Jan 4, 2018 at 5:10 PM, cody dooderson <d00d3rs0n at gmail.com<mailto:d00d3rs0n at gmail.com>> wrote:
Does anyone know if the Ethereum cryptocurrency is affected by these bugs? I think it has some sort of distributed scripting based on javascript.
Cody Smith
On Thu, Jan 4, 2018 at 3:26 PM, glen ep ropella <gepr at tempusdictum.com<mailto:gepr at tempusdictum.com>> wrote:
I'm sure you're all already aware... But just in case:
Reading privileged memory with a side-channel
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
--
glen
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://redfish.com/pipermail/friam_redfish.com/attachments/20180105/8aff0364/attachment.html>
More information about the Friam
mailing list