Discover and read the best of Twitter Threads about #spectre

Most recents (11)

1. A year after Jamal Khashoggi’s murder in Saudi Arabia, the US seems to be returning to business as usual there
businessinsider.com/jamal-khashogg… MbS has not taken responsibility or been held accountable for Jamal Khashoggi’s murder. #FII #FII2019 #SPECTRE
2. Pessimism and optimism one year on from Jamal Khashoggi’s death
cjr.org/the_media_toda… Global leaders, tycoons to attend Saudi ‘Davos in desert’
24matins.uk/topnews/int/gl… Wall Street returns to 'Davos in the desert' a year after Khashoggi killing
mysanantonio.com/news/article/W… #FII
3. Investors still cautious on Saudi Arabia a year since Khashoggi's murder, analysts say
cnbc.com/2019/10/02/inv… a rather generous take!

Influencers Face Criticism for Saudi Arabia Travel #Ads
nytimes.com/2019/10/03/sty… are the influencers less cautious than investors? #FII2019
Read 56 tweets
1.So, ages ago I did an enormous amount of research in an attempt to convince folks I admired to not take Jeffrey Epstein’s 💰or collaborate with him. Background/prior thread: bobbin.herokuapp.com/thread/1164745…
last tweet:
2.But first: a prolly silly attempt to offer a bias & conflict check. It is crushing to me how many men (& institutions) I like & admire are featured in these links. Thus, I’m sure who I call out specifically evidences these biases?
3 In terms of conflicts: sharing this completely conflicts with my self interest, but I guess this is overridden by a naïve attachment to the idea of justice & progress—and an expectation that these men & institutions stop obfuscating & do better NOW.

Or my stupidity? Or trauma?
Read 58 tweets
Speculative Side-Channel Attacks is misleading terminology and usually used incorrectly. We should all avoid using it and @intel, you should avoid using it too. Not only because it is misleading, but because it hinders successful communication on mitigations.
Let me elaborate:
A side-channel attack uses measurements of side effects to gather enough *meta data* (power consumption, runtime, cache state, etc) to *infer* secret information.
#meltdown #spectre #zombieload and related attacks and variants do not leak meta data. They leak the actual data.
There is no need to infer secret information from meta data, there is no meta data involved. Hence, they are *no side-channel attacks*.

"But they use flush+reload". Sure, but that doesn't make the attack a side-channel attack. Let's assume the following:
Read 11 tweets
From what I understand, the latest #OpenBSD vs #Intel thing went a little bit like that:
- OpenBSD: Can we be a part of this rumored Intel bug embargo?
- Intel: No. Go away.
- OpenBSD: dev do their homework, fix FPU bug, publish patch.
- Theo (at @BSDCan): we are worried, we don't have access to info. Please help us.
- Intel: publishes official advisory: intel.com/content/www/us…
Now everybody and their dogs are going crazy over #OpenBSD developpers doing their jobs , correcting stuff and "violating"an embargo... That they were *never* a part of. Because Intel did not want them to receive information!
Read 7 tweets
Quotable Quotes on #SoftwareTesting from this talk by @dakami at the inaugural DEF CON China. 1/?
"The goal of this talk is to connect a series of thoughts that you may never have thought were linked...Anything can be linked." 1:15
Read 44 tweets
The assumption "bug collisions are so common in all software that everyone should assume that for any bug disclosed, it's probably been found by attackers & exploited already" contrasts how scientific research works. Security research is no exception.
Bug & research "collisions" can happen due to lots of low-hanging fruit. It can also occur when researchers pay attention to reach other's work. I've discussed researcher "swarming" for years, & recently on stage at BlackHat this summer.
Bug collision or correlation rates for software that has a lot of bugs (bug dense, say, because of not being well-tested) will generally model higher bug collision rates than in software with low bug density. See slides #23-27 from my RSA talk in 2015.
rsaconference.com/writable/prese…
Read 17 tweets
Thread time! Why can't they just quickly patch #meltdown or #spectre and push out another cpu? Why could it possibly take years? Why don't they use AGILE or x/y/z? Lots of reasons:
(note: my goal is not to criticize chip manufacturers - it's to defend the constraints they have)
Let's start with a standard software product many are familiar with and work off that. First, every time you hit 'build' it's called a 'stepping', costs millions of dollars & takes several months. If you want a profitable product, you may only get 10 chances to press 'build'.
On top of that, half those 'builds' are not 'full layer steppings' meaning you can't change any logic gates, just how they're connected. Even with a full layer stepping you can't shuffle stuff around anywhere like you can with library files and whatnot.
Read 15 tweets
Here's my layman's not-totally-accurate-but-gets-the-point-across story about how  #meltdown & #spectre type attacks work:

Let's say you go to a library that has a 'special collection' you're not allowed access to, but you want to to read one of the books. 1/10
You go in and go to the librarian and say "I'd like special book #1, and the Sue Grafton novel that corresponds to the first letter of page 1 of that book." 2/10
The librarian dutifully goes and gets special book #1, looks at page 1, sees 'C', and also grabs 'C is for Corpse', and comes back to the desk, but does not show you the books. 3/10
Read 10 tweets
Here are a few insights on the #Meltdown and #Spectre vulnerabilities based on my recent @RANDCorporation research. /1 rand.org/pubs/research_…
First, this is yet another reminder that vulnerabilities can last a long time (our data showed vulnerabilities lasted 6.9 years before being publicly disclosed) and have a low chance of being discovered (5.7% per year). /2
But the #Meltdown / #Spectre news also has me thinking about a "swarm mentality" among hackers of all stripes after a vulnerability is disclosed. /3
Read 8 tweets
Explainer on #Spectre & #Meltdown:

When a processor reaches a conditional branch in code (e.g. an 'if' clause), it tries to predict which branch will be taken before it actually knows the result. It executes that branch ahead of time - a feature called "speculative execution".
The idea is that if it gets the prediction right (which modern processors are quite good at) it'll already have executed the next bit of code by the time the actually-selected branch is known. If it gets it wrong, execution unwinds back and the correct branch is executed instead.
What makes the processor so good at branch prediction is that it stores details about previous branch operations, in what's called the Branch History Buffer (BHB). If a particular branch instruction took path A before, it'll probably take path A again, rather than path B.
Read 28 tweets
Some of you might be hearing about #Spectre and #Meltdown today, which allow memory from other processes and the kernel itself to be read. They exploit CPU designs.

I'm still doing my reading, but a good place to start if you're technically inclined is spectreattack.com
Spectre involves training the CPU to speculatively run invalid code in the victim's address space, and then using a side-channel (such as cache timings) to infer details about the victim's memory.

It affects at least AMD, Intel and ARM CPUs

The sample exploit reads 10KB/s.
Spectre also includes sample code for breaking out of the JavaScript sandbox on chrome.

It's very, very clever.
Read 10 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!