NPM Technologies - IT For Dramatic Return On Investment

NPM Technologies

With over a decade of successfully delivering innovative IT and Business Solutions providing dramatic return on investment for its valued clients, NPM Technologies is uniquely positioned to empower your company, group or team to reach and exceed its goals.
NPM Technologies has unparalleled expertise in leveraging technology to maximize the profitability and scalability of business models in virtually every business vertical is validated by repeated million-dollar return on investment results.
NPM Technologies is particularly suited for facilitating corporate growth through the successful implementation of information technology systems, structures and business processes.
Contact NPM Technologies today and find out what IT for dramatic return on investment looks like for your enterprise, company, team or group.
Home  Technologies  Business Processes  Articles Payment Processing
Email: sales@npmit.com - Phone: 855-NPM-TECH - Office: 7900 Oak Lane, Suite 400, Miami Lakes, Florida 33016 - Office: 244 Fifth Avenue, Suite P203, New York, New York 10001
Contact NPM Technologies Now!  First Name:  Last Name:  Phone:  Email:
 

SPECTRE Mutant GhostRace Can Exploit All Software on All Chips

SPECTRE GhostRace Vulnerability A mutant SPECTRE harnesses the power of the word "IF".

Yes, the latest security threat rotates around the binary stars of both that troublesome two letter word "IF" and the IT vulnerability associated with the Number 1 global criminal organization SPECTRE.

Indeed, the SPECTRE exploit, which first raised its head in 2017, appears to have a mutation which has made itself liable to strike again.

Details, in a bit, but first, a tad bit of history to put into context the power of the word "IF" that this new exploit harnesses.

2,300 years ago, in the mid 300s B.C., the Greek or Macedonian kingdom rose to power under King Phillip II, father of world conquering Alexander the Great.

As a result, the city state everyone loves to discuss, the Spartans, once again found themselves threatened by a burgeoning empire.

Spartans of Laconia Reply to King Phillip II, 'IF' Greek King Phillip II’s infantry approached the heavily defended Spartan city of Laconia, warning the Spartans that, should they resist, all inhabitants of the city would be slain if the Spartans were defeated.

The Spartans, in true Spartan style, replied with a single word: “If….”

The sheer vastness of the uncertainty contained in the word "if" was sufficient to prevent the impending attack, and Sparta survived to fight another day.

The word "if" truly does have power, not only militarily, politically, and psychologically but also in the world of technology.

Indeed, the word "if", and the vast uncertainty that it brings with it carries almost as much power as is portrayed by the Bond Movies' Villian group Spectre and its Number 1: Ernst Stavro Blofeld.

SPECTRE's Number 1 It was, in fact, that very Villainous Group SPECTRE, whose name was given to a nasty exploit technique in 2017 which provided access to passwords, encryption keys and emails.

So dangerous was the threat of the exploitation of SPECTRE, that it caused untold chaos, consternation, and activity-one could even say it caused a meltdown-throughout enterprises around the world-some of which continues to this day.

Fast forward to this week, where it appears as though a mutant of SPECTRE has been devised.

Indeed, it certainly does seem as though sequels are pervasive, reaching even into the world of Information Technology Security.

This new mutant of SPECTRE, named GhostRace, harnesses the power of the word "IF" in the programming world.

In addition, it has coupled this with some, shall we say, speculative shortcuts made in recent years to increase the processing speed of computer chips.

The SPECTRE mutant GhostRace vulnerability extends to processing chips of all makes and models.

All Software on all Chips Affected What is more, the SPECTRE mutant GhostRace vulnerability extend to all software--from hexadecimal machine language to C-based operating systems, to HTML web sites, to Hypervisor based cloud servers, and even to latest GPTs.

So how does GhostRace work?

Well, how about this for some very precise, if incomprehensible technospeak: "All the common synchronization primitives can be microarchitecturally bypassed on speculative paths, turning all architecturally race-free critical regions into speculative race conditions".

I know, I know, clear as mud. In fact, it sounds as if we are listening to King Phillip and the Spartans speaking in their native Greek language.

Let's see if we cannot simplify this somewhat. You see, computer programs are like a list of instructions to build a piece of IKEA furniture.

Well, with one caveat, which is that for computers, instead of only one person building a single unit of IKEA furniture, there are thousands of people (instructions) building thousands of units of IKEA furniture, and they are all using the same toolbox (memory, disk space, etc.) and set of fasteners.

Race Condition Chaos As you can imagine, over time, chances are high that multiple people (computer instructions) will grab for the same hammer or nail (memory or disk space, etc.) at the same time.

What results is compared to what happens when two Formula 1 cars try to take the same spot on the racetrack at the same time.

Simply put, chaos is the result.

Which is why this scenario is called a "race condition".

In days gone by, chips would solve this "race condition" problem by locking everyone out of the toolbox until the first person (or portion of code) was completed with their step (accessing memory or disk, etc.) and had placed all the tools and unused fasteners (memory or disk, etc.) back in the Locking Resources Resolves Race Condition toolbox, swept the floor, put Band-Aids on all the wounds and returned from the hospital after receiving the necessary stitches from the personal injuries suffered from hitting your thumb with the hammer ten times too many.

To accomplish this, pristine sense of order, chips use something called an "IF" condition. This IF condition says IF someone (some part of the program) is using a resource, EVERYONE ELSE (all other programs running at the same time) are locked out or prevented from even looking at that resource until the first person (part of the program) is not only done but has completely cleaned everything up.

As one can imagine, this definitely creates pristine order and provides lock tight security.

IF Lock Is Tidy Nevertheless, it this process is not exactly the model of efficiency.

Locking everyone else out until the first person is finished dramatically slows down the computer.

In recent years, with the advance of the use of statistical estimation (similar to what AI does), chips have been able bypass this race condition.

In fact, with the new process, whenever there is a race condition, the chip provides partial access to the resource (memory or disk, etc.) to all who ask for it and from that partial access, each requestor is able to guestimate what the final value will be.

The result is no more waiting around for other operations to complete, which vastly increases computer speeds.

SPECTRE Mutant GhostRace The bad news is that this new SPECTRE Mutant, GhostRace, takes advantage of this optimization, by making the chip think there is always a race condition.

In doing so, the chip mistakenly gives this new malware the ability to ALWAYS see ANY memory location it wants at ANY time.

The security (or lack thereof) implications of this are, quite simply, tremendous.

And by tremendous, we mean tremendously bad.

All passwords, tokens, and all other sensitive information are able to be accessed at will.

All because recent optimizations have bypassed the absolute lockdown provided by the historic "IF" statement and replaced it with a speculative or fuzzy "IF" statement.

Chip Manufacturer Fix That being said, chip manufactures like AMD have provided instructions on how to prevent this from occurring.

However, the instructions provided by the chip manufacturers are intricate, to say the least.

In fact, some may say that the instructions make IKEA furniture assembly diagrams look like a kindergartener's paint by numbers picture by comparison.

Indeed, with its universal reach, with its ability to read every memory location, with its ability to compromise every computing device, the SPECTRE mutant known as GhostRace is most certainly something to keep an eye on in the days, weeks, months and years ahead.

Keep an eye on GhostRace As it was with the Spartans and King Phillip II 2,300 years ago, a major defeat can be created by exploiting a single word: "IF".

Would you like to dramatically INCREASE the security of your enterprise?

Contact us today!