Mitigate Speculative Side-Channel Attack Techniques

[kevopa]

Chrome and Firefox are removing SharedArrayBuffer and limiting the precision of performance.now() to reduce the effect of Meltdown/Spectre:

https://www.chromium.org/Home/chromium-security/ssca
https://blog.mozilla.org/security/2018/ ... ng-attack/

Resources on Meltdown/Spectre:
https://spectreattack.com/spectre.pdf
https://meltdownattack.com/meltdown.pdf
https://googleprojectzero.blogspot.com/ ... -side.html
https://cyber.wtf/2017/07/28/negative-r ... user-mode/

Can the same mitigations be implemented in Pale Moon?

[[DarKwiN]]

And how about first party isolation, too (just in case it isn't already there, or isn't impossible to integrate in PM)?
Thank you!

[JustOff]

As far as I understand, SharedArrayBuffer implementation in Pale Moon is incomplete, so it is not enabled at all. As for performance.now(), currently it has 10µs resolution, but this can be easily reduced, like it's going to do in other browsers.

[dark_moon]

Removing SharedArrayBuffer and limiting the precision of performance.now() & first party isolation are importand stuff and need fast implementation

[palemon]

Any update on this?

[Nigaikaze]

Any update on this?

Yeah, according to yesterday's announcement:

viewtopic.php?f=1&p=131437#p131437

[HaroldA]

Per the abstract of Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript:

Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable.

We demonstrate the ineffcacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.

3 of the 4 authors of the above paper are also authors of the Meltdown and Spectre papers, the first two of the "Resources on Meltdown/Spectre:" listed by kevopa in the opening comment of this topic.

- Harold

[tcaud]

Some years ago canvas tainting was implemented for no other reason than the fact that performance.now could be used to measure the screen draw time and thus could be used to infer the numbers on a virtual bank card. I suggested to Moz staff then that they scrap performance.now or at least decrease its resolution. They resisted because Google. Now we see that it's a liability yet again. Realistically I can't think of a single average consumer necessity for peformance.now.

Since 57.0.4, Firefox Quantum has been crash happy like never before. Mozilla says the entire patch was dedicated to nothing but Spectre and Meltdown.

You may be asking why I'm using Quantum instead of Pale Moon. That's because in latest version of Pale Moon, Facebook and numerous other sites are acting up.

[lefty]

Per the abstract of Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript:

Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable.

We demonstrate the ineffcacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.

3 of the 4 authors of the above paper are also authors of the Meltdown and Spectre papers, the first two of the "Resources on Meltdown/Spectre:" listed by kevopa in the opening comment of this topic.

- Harold

So then, since Pale moon relies on making the timer less accurate to defeat meltdown/spectre, does that mean it's still open to attacks?

[Moonchild]

So then, since Pale moon relies on making the timer less accurate to defeat meltdown/spectre, does that mean it's still open to attacks?

No, it isn't, and it hasn't been.
If you still need to ask this question at this point then I suggest you go back and read everything once more that has been posted on the matter.

[dark_moon]

Did you guys already found this great tool?:
https://www.grc.com/inspectre.htm