* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Friday, July 11, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Immersive sports and entertainment venue Cosm set to build its 5th location in Cleveland – WKYC

    Cosm Reveals Exciting Vision for Its 5th Immersive Sports and Entertainment Venue in Cleveland

    Monumental Sports & Entertainment’s Samantha Brady on the Power of the RSN’s Direct-to-Consumer Streaming Service Monumental+ – Sports Video Group

    Samantha Brady Reveals How Monumental+ is Transforming Sports Streaming with Direct-to-Consumer Access

    Moses Singer Welcomes Entertainment and Intellectual Property Partner Frederick Bimbler – Yahoo Finance

    Moses Singer Expands Team with New Entertainment and Intellectual Property Partner Frederick Bimbler

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

    Magicians and Battlebots light up Las Vegas entertainment scene – KSNV

    Magicians and Battlebots Take Las Vegas Entertainment by Storm

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Stallion Uranium Provides Update on Technology Data Acquisition Agreement – GlobeNewswire

    Stallion Uranium Announces Exciting Progress in Technology Data Acquisition Agreement

    2025 WE Local Prague Recap: Inspiring Women in Engineering and Technology – Society of Women Engineers

    2025 WE Local Prague Recap: Inspiring Women in Engineering and Technology – Society of Women Engineers

    SMPTE Opens Early Bird Registration for Media Technology Summit – TVTechnology

    SMPTE Launches Early Bird Registration for Exciting Media Technology Summit

    Google Fiber puts Nokia network slicing technology to the test – Fierce Network

    Google Fiber Puts Nokia’s Network Slicing Technology to the Ultimate Test

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Immersive sports and entertainment venue Cosm set to build its 5th location in Cleveland – WKYC

    Cosm Reveals Exciting Vision for Its 5th Immersive Sports and Entertainment Venue in Cleveland

    Monumental Sports & Entertainment’s Samantha Brady on the Power of the RSN’s Direct-to-Consumer Streaming Service Monumental+ – Sports Video Group

    Samantha Brady Reveals How Monumental+ is Transforming Sports Streaming with Direct-to-Consumer Access

    Moses Singer Welcomes Entertainment and Intellectual Property Partner Frederick Bimbler – Yahoo Finance

    Moses Singer Expands Team with New Entertainment and Intellectual Property Partner Frederick Bimbler

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

    Magicians and Battlebots light up Las Vegas entertainment scene – KSNV

    Magicians and Battlebots Take Las Vegas Entertainment by Storm

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Stallion Uranium Provides Update on Technology Data Acquisition Agreement – GlobeNewswire

    Stallion Uranium Announces Exciting Progress in Technology Data Acquisition Agreement

    2025 WE Local Prague Recap: Inspiring Women in Engineering and Technology – Society of Women Engineers

    2025 WE Local Prague Recap: Inspiring Women in Engineering and Technology – Society of Women Engineers

    SMPTE Opens Early Bird Registration for Media Technology Summit – TVTechnology

    SMPTE Launches Early Bird Registration for Exciting Media Technology Summit

    Google Fiber puts Nokia network slicing technology to the test – Fierce Network

    Google Fiber Puts Nokia’s Network Slicing Technology to the Ultimate Test

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Apple’s GoFetch silicon security fail was down to an obsession with speed

April 2, 2024
in Technology
Apple’s GoFetch silicon security fail was down to an obsession with speed
Share on FacebookShare on Twitter

Opinion Apple is good at security. It’s good at processors. Thus GoFetch, a major security flaw in its processor architecture, is a double whammy.

What makes it worse is that GoFetch is a class of vulnerability known about years before the launch of Apple Silicon processors. How did Apple’s chip designers miss it? A similar problem exists in Intel’s 13th Gen CPUs too. Spectre and Meltdown were discovered in 2018, after all. Is this a fundamental problem in modern processor design – an evolutionary misstep from which there’s no return? The answer is part Einstein, part paranoia, and part marketing. Oh yes.

Apple M1 Chip

Hardware-level Apple Silicon vulnerability can leak cryptographic keys

READ MORE

Let’s start with Einstein, who said one of the rules of reality is that the further away something is, the longer it will take to get to you. Chip designers have to deal with that and other factors by keeping copies of frequently used data in small high-speed caches close to the processor. Doing this efficiently is essential and complex. It makes a ton of assumptions about what data will be needed and when, and how to make the transfers into the cache system neither too small nor too big. It’s a huge engineering challenge, and absolutely vital to performance.

A lot depends on the details of the different memory technologies used in DRAM and on-chip cache alongside bus speed limitations, but even if all this were to be perfected, the basic physics of closer equals faster will never go away.

This is not only a rule of the universe, it’s a big problem in cryptography. Cryptographic software uses secrets to encode and decode data, and it needs to do it in private. Modern CPUs provide plenty of privacy through memory managers that limit access to properly privileged code.

Not good enough. If a cryptographic component takes a different amount of time to complete its task depending on inputs it can operate in perfect secrecy – but an attacker timing this from the outside can start to piece together what’s going on.

As a result of discovering this, the idea of constant-time coding evolved. No matter what happens within code, it will always finish its task at the same time. Even if it means twiddling its virtual thumbs for an electronic age. Constant-time is now a basic concept to prevent information leakage from a protected system.

This is at odds with caching. As the code component gets data from memory, it does so through caching – and a constant-time cache is no cache at all. It gives data fast if it’s got it, slowly if it has to fetch it. If the cache is shared between multiple processes or cores, as it always is, then an attacker can watch cache hits and misses by timing, and extract information.

Time to examine the anatomy of the British Library ransomware nightmare

The last mile’s at risk in our hostile environment. Let’s go the extra mile to fix it

How to Netflix Oracle’s blockbuster audit model

The federal bureau of trolling hits LockBit, but the joke’s on us

Crypto code knows this and is designed to avoid it. The GoFetch bug happens because a feature of the Apple processor called a Data Memory Prefetcher (DMP) monitors the cache and tries to detect not just requests for memory access, but requests for memory locations that contain pointers to to memory locations. This is invisible to and uncontrollable by code, with the result that an attacker can fashion inputs to the crypto component that forces the DMP to leak information about the code’s operation. The computer goes faster, as it must, while breaking a basic tenet of modern cryptographic information hiding.

If this is a clash of two fundamental aspects of computing, how did it happen and why did nobody pot it until now? The clash is between speed and secrecy, mirrored in the very philosophy of high-end chip makers. It’s this philosophical element that makes the physical version so dangerous.

Chip makers obsess over speed, not only for its own sake but as the most important market differentiator. The industry is drenched in benchmarks where slower shows up, safer does not. The DMP side effect that gives us GoFetch is subtle, but perhaps nobody was looking too hard for it in the first place.

As to what makes things faster, well, that’s a secret. The DMP idea does speed up normal operations, but Apple has disclosed very few details of its cache management systems. Instead, it took a massive cross-institution effort to reverse engineer what was going on then build and test proofs of concept.

This paranoid need for security by silence is universal among chipmakers. Only the paranoid survive, as Intel’s spiritual leader and CEO Andy Grove said. You will not get more than a handful of marketing slides out of any big chipmaker. Try talking to Qualcomm, whose chips not only embody cutting-edge computer design but the massive security burden of wireless data processing, about how all that works. 404 all day long.

Why? The only outfit who could use this information to commercially harm a big chip company is another chip company, and they’ve all got the tools and expertise to work out what each other is doing anyway. If every detail of an Apple M3 chip was public, nobody could make an M3 competitor before the M4 came out, if then.

Yet if more details were available then two good things would happen. Security flaws would be caught earlier – no waiting three generations to get a DMP killswitch – and design decisions would be safer across the industry. Most deliciously, that first obsession – speed – would be far better served.

A corollary of very fast, very complex cache systems is that the better coders understand them, the more finely tuned the code can be to make best use of the system – and avoid doing things that trips it up. The better a compiler understands data segmentation and flow, what behaviors trigger what results, the more efficient and speedier the results. You can’t do this if you don’t know what’s going on.

Secrecy and speed are incompatible in some ways, mutually beneficial in others. Engineering this fact for best results will always be a compromise, but that’s what engineering’s all about. Chip companies would be doing everyone a huge favor if they re-engineered their philosophy, not just their chips, to recognize this. ®

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : The Register – https://go.theregister.com/feed/www.theregister.com/2024/04/02/apple_gofetch_opinion/

Tags: Apple’sGoFetchtechnology
Previous Post

VMware by Broadcom plots pair of Cloud Foundation releases that will show off its strategy

Next Post

Intel courts devs with open arms and exotic hardware

Stallion Uranium Provides Update on Technology Data Acquisition Agreement – GlobeNewswire

Stallion Uranium Announces Exciting Progress in Technology Data Acquisition Agreement

July 11, 2025
Angel Reese’s rebounding greatness summed up in one wild statistic – Yahoo Sports

Angel Reese’s rebounding greatness summed up in one wild statistic – Yahoo Sports

July 11, 2025
International call for freedom for environmentalist Onur Yılmaz – ANF English

International call for freedom for environmentalist Onur Yılmaz – ANF English

July 11, 2025
This week in science: a comet, plastic-eating bugs, and how altitude changes smell – KUOW

This week in science: a comet, plastic-eating bugs, and how altitude changes smell – KUOW

July 11, 2025
Science Museum of Minnesota cutting more than 40 full-time employees – CBS News

Science Museum of Minnesota to Cut More Than 40 Full-Time Jobs

July 11, 2025
Doctors say we’ve been misled about weight and health – ScienceDaily

Doctors Reveal the Truth About Weight and Health That You’ve Been Misled About

July 11, 2025
Sierra Club breaks record for world’s largest display of origami fish to protest Line 5 – News From The States

Sierra Club Creates Giant Origami Fish to Break World Record and Protest Line 5

July 11, 2025
Senate Democrat: Trump economy full of ‘uncertainty,’ ‘chaos’ – The Hill

Senate Democrat Warns of ‘Uncertainty’ and ‘Chaos’ in Trump Economy

July 11, 2025
Arts and entertainment events happening July 10th-13th across the Mid-Ohio Valley – WTAP

Unmissable Arts and Entertainment Events Happening July 10th-13th in the Mid-Ohio Valley

July 11, 2025
World’s Premier Cancer Institute Faces Crippling Cuts and Chaos – KFF Health News

World’s Leading Cancer Institute Grapples with Devastating Cuts and Turmoil

July 11, 2025

Categories

Archives

July 2025
MTWTFSS
 123456
78910111213
14151617181920
21222324252627
28293031 
« Jun    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (715)
  • Economy (738)
  • Entertainment (21,626)
  • General (15,827)
  • Health (9,775)
  • Lifestyle (745)
  • News (22,149)
  • People (740)
  • Politics (748)
  • Science (15,956)
  • Sports (21,237)
  • Technology (15,724)
  • World (721)

Recent News

Stallion Uranium Provides Update on Technology Data Acquisition Agreement – GlobeNewswire

Stallion Uranium Announces Exciting Progress in Technology Data Acquisition Agreement

July 11, 2025
Angel Reese’s rebounding greatness summed up in one wild statistic – Yahoo Sports

Angel Reese’s rebounding greatness summed up in one wild statistic – Yahoo Sports

July 11, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version