 Here it is, May of 2019, and we have yet another flaw in the processors. And hardware is a really tricky business, it's very, very complicated to build processors. It is even more complicated to build secure hardware, secure processors. And Intel's in the news because of the new MDS attacks. And the news magazines are super excited to have something to talk about that makes people go into panic because panic makes people read. On the floor, let's hackers crack almost every Intel chip back to 2011. Why is it being downplayed? Well, it's not really being downplayed. It's the attack and vector that makes it a little bit harder to do and a little bit difficult to implement. Also the proof of concepts, they even talk about them for those that don't want to read salacious headlines that when they did extract, for example, they have an example of extracting a root password. This demonstration shows a 24 hours of running their attack on a local machine. I wish they would have shown the processor load, but my guess would be under very heavy load doing this, but 24 hours to extract it. And this is even being played at real time here. But as you can see, it takes quite a bit of time. They broke it down to five minutes, but this recording was over 24 hours to show this attack. And what this means in terms of for you, you would have to run, find their code, provided someone else hasn't already discovered this as well, because it was discovered by a series of security researchers not by Intel themselves. Then have that code executing a computer for 24 hours with a known target. This target particularly was the shadow encrypted password for root, so they weren't able to extract the encrypted password. And we know these attacks only get better. But obviously from a standpoint of running this on your local computer, how likely is it? Not very. And there's also been patches of mitigations that help against this, and they're running it in the perfect scenario, a lab environment. What does this look like when you have a machine under heavy load with lots of things going on so one process can't focus on extracting data out of the processor? Well, that's going to be the bigger part of the research, is what it looks like in the real world. Because what we see in the lab and what they're showing us is only a small amount of detail because we're waiting for people to get all the patches out for all the different operating systems to make sure everything is up to date before they release a little bit more detail about how to actually run this code. And we know these attack vectors only get better, but they talk about this being attacked on a brand new, very fast processor. The slower your processor, the longer it's going to take to extract that data out of there. And if someone has access to a local coding computer, they're going to probably look for a more effective way of getting persistence on your computer and getting information and actual trading it off, then the slow methodical process that this is. Don't get me wrong. I'm not trying to downplay or say that you should just go to sleep on this, but it's not the end of the world, like the article had said. It's not the end of all processors. It's not the end of shared data systems and all the other panic I've seen across many, many articles. But boy, that gets a lot of clicks and clicks or dollars. So that's how that goes. The MDSattacks.com website has a great guide to interactive guides to speculative execution attacks. Now, this is cool because they kind of show some of the pieces and what they're attacking on each part of the architecture as it relates to the research paper that they have published as well. And processor designs are amazingly complex and which is why these attacks are also very complex. The code is very complicated to write. And due to the fact that the processor switches back and forth between each of these pieces here, you are waiting for a processor to have the piece of information you want and switch it out and then speculate as in speculate which piece of data we need and do some comparisons. They detail this out. And like I said, it's just a very complicated. These were some brilliant researchers. It takes brilliant people to write these processors and equally brilliant researchers to start taking them apart. So the big question is, how does this affect me or you? How are you affected by this? Is your machine affected? Well, besides it running local code, there are other ways to get local code on your computer. For example, our browsers are essentially very complicated and very powerful themselves. Being able to run code in the browser could eventually lead to leaking of that CPU data provided it had enough time to do so. The web page had enough running and we leave web pages up. And it would have to be well-crafted. It once again, not as likely of a problem. Because once again, these all require almost local access to the computer or the program to be running locally on your computer. So it's not a thing that you need physical access. You could be the one downloading and putting an attack factor on there. So from a home user or a standard user standpoint, you're not likely the attack factor. Like I said, there's better ways to exploit you if that's the goal of an attacker. Now, if you run a cloud hosting place where you let people rent to your VM time, rent to your processor time in the form of a VM, that is a bigger risk. Because when you're doing it for strangers, for example, I'm not. I have my cloud instance, so to speak. I have my XCPNG server. And then I run code that I installed on each of these and each one of the VMs, not as likely of an attack factor that someone would be able to side-channel over to the other VMs. And we haven't proven that there's a full VM escape on here. Because as the processors are doing more and more complicated things, there's more and more to sift through to try to discover this. So the cores in my machine, it's not like there's a core dedicated to a specific VM, and there's another thread dedicated to another VM. It is switching out between all the VMs that are running. Hence, there's a lot of noise, so to speak. So it makes it that much more challenging to get the processors and figure out the state that they're in and exactly which piece of information I need to extract from. So it's not an easy attack. It's not a push button, run this code, and you're pwned. So let's talk a little bit more, though, about the patches. That is important. And not downplaying the fact you need patches on this. I'm not downplaying that this is not a serious attack. But there are going to be patches. They may come with some performance hits. And they are working on this with the Linux kernel. And they're working on this with the Windows kernel. I believe Windows and Linux both already have issued all the patches as of now. So update your machines if you haven't already. But there's still going to be more potential microcode updates because the microcode updates affect how the processor works. And I've seen people complain about the potential performance hits. We're not exactly sure in the real world how much of a performance hit. And I had a great discussion. It's on the last decimal podcast with someone who runs very, very large data center level systems only dedicated towards big data machine modeling. So they have their own data center dedicated to that. And they actually, over the last Spectre Meltdown, had seen very, very little in terms of performance because of the way they use their system. So even though they're a large company using a large set of data, you would think they would see a performance hit with Spectre Meltdown they did not. Another company said they did. They were using very different weather data models. And they said they did see some problems. So your use case is going to really drive whether or not this is a major effect on your performance of your system and whether or not you want to load these patches right away. Some companies have actually opted when they run their own code only and they're not running anything from third parties and no one else rents their machines or they use them for some specific task where they're controlling the code top to bottom. They're not as worried about patching. So they may hold off because of the performance hit because performance matters when you're doing large data set modeling and you're not running arbitrary codes. You're not running a browser on these large data servers on one of them where someone could side chain all their way in. So the attack factor really complicated. The amount of data can be extracted at any given time is relative to the speed of your computer and obviously even with the fast processor as they demoed here not very fast. So definitely should patch but it's not the end of the world and it's not a remote code execution. So my firewalls are not going to be popped by this because my firewall pretty much just runs code given to me from the firewall vendor. So it's not like it's that is an attack factor. My local computer it's not like they can remote in and see it because they need to see inside the processor to do this. And if they did run something in a browser there's mitigations between the browser between the processor that are being deployed and it's also really difficult because well I don't just leave one tab open in a lab style environment with my computer running very quietly with nothing else. I would probably notice and this is the same way we notice many things. The sudden spike in CPU usage that makes you go why is that webpage needing all my CPU resources is it trying to extract something out of the kernel? Should I just leave it running for the next well this is an i5 versus the i9 so there's a difference on my laptop. How many days would I have to leave my CPU processing to extract any real data out? And like I said when you look at that demo they extracted a very critical piece of data but look how long it took to do 24 hours to extract a single hashed key out of memory. Great demo, very concerning but this is also why these CVE scores were assigned in the mid range and not the highest because of the nature of the complexity of the attack. So definitely patch but don't worry as much about this. I mean I'm going to patch all my client machines we have been already obviously but I'm not worried that this is like the next attack and all of my machines will get boned and we'll just halt to go be farmers and not use technology anymore it's not quite that bad. And for those of you who run AMD for now sleep easy. So far this does not affect the AMD processors which is wonderful but it also could be partly because the researchers have not focused their attention on it so AMD did implement things differently so this exact attack will not work on AMD but someone out there may poke away with the concept of these attacks and that's how any of this gets built some aspiration and inspiration from other researchers. So once they started digging in Spectre Meltdown someone said well if they can do it what else can be done what's next? And that's a lot of what these researchers and they even admit. The RDL and fallout are related to and inspired by previous speculative execution attacks including Spectre and Meltdown and contrast to previous attacks MDS attacks do not need to make assumptions about the memory layout of the victim and do not depend on the processor cache. And that's always something fascinating. Once someone proves something can be done that was previously thought impossible like breaking the boundaries of symmetric multi-threading other researchers will start going well if it can be done what else can be done? So we are gonna see more of this and it's great that more companies are doing it. I like researchers doing it versus finding out in the wild in reverse engineering how a bad actor was using this. So hats off to these security researchers. I'll leave links to everything including all the CVEs so you can take a look at them yourself but do get patching but don't panic that would be my best advice to this. All right, thanks. Thanks for watching. If you liked this video, give it a thumbs up. If you wanna subscribe to this channel to see more content, hit that subscribe button and the bell icon and maybe YouTube will send you a notice when we post. If you wanna hire us for a project that you've seen or discussed in this video head over to LawrenceSystems.com where we offer both business IT services and consulting services and are excited to help you with whatever project you wanna throw at us. Also, if you wanna carry on the discussion further head over to forums.lauranceystems.com where we can keep the conversation going. And if you wanna help the channel out in other ways we offer affiliate links below which offer discounts for you and a small cut for us that does help fund this channel. And once again, thanks again for watching this video and see you next time.