# Security PortSmash attack punches hole in Intel's Hyper-Thread CPUs.



## rigoletto@ (Nov 3, 2018)

*PortSmash attack punches hole in Intel's Hyper-Thread CPUs, leaves with crypto keys*
Malware already on machines can exploit SMT with side-channel techniques to snatch secrets


----------



## ralphbsz (Nov 3, 2018)

Bad, but not that bad: the attacker has to already be running programs on the machine.  In a nutshell, it amounts to a privilege escalation: A non-privileged (user) process can read memory from a different user, or from root.  There are presumably worse problems around.

I'm so glad my home server is an Atom, which doesn't do speculative execution at all.


----------



## SirDice (Nov 5, 2018)

ralphbsz said:


> I'm so glad my home server is an Atom, which doesn't do speculative execution at all.





> "Intel received notice of the research," the chipmaker's spokesperson said. "*This issue is not reliant on speculative execution*, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault.


----------



## ralphbsz (Nov 5, 2018)

Oops.  Sorry about that.  Don't like it at all.


----------



## sko (Nov 6, 2018)

I've disabled HT on all our edge- or public facing machines for quite a while now. Given the corpses that still come out of intel's closet nearly every month, I think this was the right decision...

Nice bonus: I've got some extra budget to upgrade systems which can't handle their load without HT any more at all times. Although I'm still waiting for some more ARM-based solutions to be available though - I'll try to stay away from the intel can of worms for quite a while if possible...
I really wish there were something like the old Sparc64 machines available now - these things were properly fast without tons of opaque in-silicon-cheating for "muh' benchmark"   (and ldoms were amazing!)


----------



## rigoletto@ (Nov 6, 2018)

sko

You could have a look on some POWER9 hardware, FreeBSD seems to be reasonable stable already on it. FreeBSD on Cavium (AArch64) stuff is also supposedly to be very stable.


----------



## sko (Nov 6, 2018)

Rigoletto

Problem with both is the availability here in Germany: almost non-existent. _If_ you manage to find a reseller willing to order some kit for you, prices are extremely steep. Also they usually only offer the top-of-the-line variants for which we really don't have any use. I'd love to get some of the low-end Cavium ThunderX2 for Routing and Firewalling.
As said: ldoms were amazing - Just take a 128-thread behemoth and split it up into several machines of usable size without any virtualization overhead. I've played/tested with my old Sun T1000 and 4 OpenBSD ldoms for BGP routing the last few weeks. This little machine still easily maxes out all 8 1GBit links even with NAT and some Firewalling and with 2 ldoms ingesting full BGP tables.
Meanwhile in the virtualization world I'm still struggling to get >500MBit/s routing /w NAT out of a bhyve VM on smartOS on a Xeon-D 1528. So it seems we're back nowadays to using several smaller machines when real performance/throughput is needed...


----------



## rigoletto@ (Nov 6, 2018)

sko

You may find something _fitty_ in Avantek (UK). 
(just pay attention they have ThunderX and ThunderX2 hadware)


----------

