Mitigate Speculative Side-Channel Attack Techniques
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Mitigate Speculative Side-Channel Attack Techniques
Chrome and Firefox are removing SharedArrayBuffer and limiting the precision of performance.now() to reduce the effect of Meltdown/Spectre:
https://www.chromium.org/Home/chromium-security/ssca
https://blog.mozilla.org/security/2018/ ... ng-attack/
Resources on Meltdown/Spectre:
https://spectreattack.com/spectre.pdf
https://meltdownattack.com/meltdown.pdf
https://googleprojectzero.blogspot.com/ ... -side.html
https://cyber.wtf/2017/07/28/negative-r ... user-mode/
Can the same mitigations be implemented in Pale Moon?
https://www.chromium.org/Home/chromium-security/ssca
https://blog.mozilla.org/security/2018/ ... ng-attack/
Resources on Meltdown/Spectre:
https://spectreattack.com/spectre.pdf
https://meltdownattack.com/meltdown.pdf
https://googleprojectzero.blogspot.com/ ... -side.html
https://cyber.wtf/2017/07/28/negative-r ... user-mode/
Can the same mitigations be implemented in Pale Moon?
Re: Mitigate Speculative Side-Channel Attack Techniques
And how about first party isolation, too (just in case it isn't already there, or isn't impossible to integrate in PM)?
Thank you!
Thank you!
Re: Mitigate Speculative Side-Channel Attack Techniques
As far as I understand, SharedArrayBuffer implementation in Pale Moon is incomplete, so it is not enabled at all. As for performance.now(), currently it has 10µs resolution, but this can be easily reduced, like it's going to do in other browsers.
Re: Mitigate Speculative Side-Channel Attack Techniques
Removing SharedArrayBuffer and limiting the precision of performance.now() & first party isolation are importand stuff and need fast implementation
-
- Board Warrior
- Posts: 1322
- Joined: 2014-02-02, 22:15
- Location: Chicagoland
Re: Mitigate Speculative Side-Channel Attack Techniques
Yeah, according to yesterday's announcement:palemon wrote:Any update on this?
viewtopic.php?f=1&p=131437#p131437
Nichi nichi kore ko jitsu = Every day is a good day.
Re: Mitigate Speculative Side-Channel Attack Techniques
Per the abstract of Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript:
- Harold
3 of the 4 authors of the above paper are also authors of the Meltdown and Spectre papers, the first two of the "Resources on Meltdown/Spectre:" listed by kevopa in the opening comment of this topic.Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable.
We demonstrate the ineffcacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.
- Harold
Re: Mitigate Speculative Side-Channel Attack Techniques
Some years ago canvas tainting was implemented for no other reason than the fact that performance.now could be used to measure the screen draw time and thus could be used to infer the numbers on a virtual bank card. I suggested to Moz staff then that they scrap performance.now or at least decrease its resolution. They resisted because Google. Now we see that it's a liability yet again. Realistically I can't think of a single average consumer necessity for peformance.now.
Since 57.0.4, Firefox Quantum has been crash happy like never before. Mozilla says the entire patch was dedicated to nothing but Spectre and Meltdown.
You may be asking why I'm using Quantum instead of Pale Moon. That's because in latest version of Pale Moon, Facebook and numerous other sites are acting up.
Since 57.0.4, Firefox Quantum has been crash happy like never before. Mozilla says the entire patch was dedicated to nothing but Spectre and Meltdown.
You may be asking why I'm using Quantum instead of Pale Moon. That's because in latest version of Pale Moon, Facebook and numerous other sites are acting up.
Re: Mitigate Speculative Side-Channel Attack Techniques
So then, since Pale moon relies on making the timer less accurate to defeat meltdown/spectre, does that mean it's still open to attacks?HaroldA wrote:Per the abstract of Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript:3 of the 4 authors of the above paper are also authors of the Meltdown and Spectre papers, the first two of the "Resources on Meltdown/Spectre:" listed by kevopa in the opening comment of this topic.Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable.
We demonstrate the ineffcacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.
- Harold
-
- Pale Moon guru
- Posts: 35647
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Mitigate Speculative Side-Channel Attack Techniques
No, it isn't, and it hasn't been.lefty wrote:So then, since Pale moon relies on making the timer less accurate to defeat meltdown/spectre, does that mean it's still open to attacks?
If you still need to ask this question at this point then I suggest you go back and read everything once more that has been posted on the matter.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Mitigate Speculative Side-Channel Attack Techniques
Did you guys already found this great tool?:
https://www.grc.com/inspectre.htm
https://www.grc.com/inspectre.htm