MALTDOWN! Major chip flaws affect billions (Pretty much all) devices!!

OK. So, here is the deal. Most OS's do not protect memory for READING. The potential has always been there for other programs to read memory.

Now, the danger becomes if the program is rogue (spyware, malware, trojan, whatever). It can read memory ("snapshot" it, so to speak) and send it off.

This "flaw" is no more of a security risk that a file, on your hard drive, that is unencrypted. Secure programs have always scramble (encrypted) data files if they felt the need. Memory storage is similar but more difficult to encrypt. But, the memory will remain after the program has quit. Security programs will always do a buffer/wipe of all the memory when they can. Most programs don't care.

So, whats the REAL danger? Having malware that reads the memory, periodically, looks for interesting data and sends it off. But, you have to load the malware. Its really no different that having a disk file with data in it. A rogue program could do the same to the file. The NSA can't break into your system from remote and read your memory.

I am just shocked that this is some kind of "big news". Water is wet. Salt is salt. Memory can be read by programs. These are not new concepts.

Individual BitCoin and crypto holders could be hacked if they are not patched.
...and then you take the 35%-50% CPU power loss.

You're both paranoid lowtechs that don't understand but just enough to be all hysterical. Stop. Just stop.

Downplay....downplay....downplay...old news....old news....old news....lol

Keep up the good work Shillbert.

No. This is not a danger. The blockchain is already encrypted, even in memory. Maybe your small portion could be seized but it would be like searching for a needle in a haystack that only existed for a few milliseconds before it got wipe.

I remember when some government agency called the OPM sent me a letter telling me that my military records had been exposed. Yet, another fail from a disgraced administration. Thanks Obama!

Maybe the blockchain is...but people's passwords are not.
Remember what Snowden said...they attack the endpoints....not the encryption.

Its not even news! Its like my valve core example. Its just the way things have always worked and now SUDDENLY, OH SCARY SCARY SCARY. Such bullshit. An you people are just pushing the hysteria button over and over and over. I'm a 30 year IT veteran. This is less than a nothing burger. This is not even the wrapper of a nothing burger. Get over it.

When I was running my ISP I worried a little about this kind of thing. I had people logging onto linux machines back i the late 90s using vi and emacs to edit HTML code. Yes, you could look at the memory and see some of the stuff. (...also in the swap file.) But its really just a problem on multi-user systems. Maybe like a larger terminal services Windo$e server would open the possibility for one to read other users data right out of memory. Individuals? Nah. No worries. Who's gonna read it? I don't know much about Java but maybe some rogue java could do it? Doubtful, but maybe. On window$ systems its gonna take a native object code program running on the machine to read it.

Relax. The sky is NOT falling.

You do realize that it's Intel's Israeli Design Center (IDC) that designed and developed Intel's Management Engine, including their encryption engine.

yep - and, somehow i am betting being 'replaced or fixed' means a legal way of by-passing any privacy laws in order to hack/download/infect your data etc...

Make strong crypto
Get patent
Try to export it
MIB's show up
Give them backdoor, or
Patent seized

Clintard 42 seized shitloads of crypto and energy patents.

Try it yourself and see. Keeps us "safe".

its not so much the flaws, but the "patches" will cause massive degradation to corporate servers, hypervisors, etc...

this is pretty big...

There is that possibility, but, the other end is going to ahve to have a rogue program on there to do it (or a dishonest admin or owner). And, believe me, if you've got dishonesty in the administration you've got a lot more to worry about than them reading memory. But, the password should be in memory for a few seconds to be validated, then wiped. It would be irresponsible to do it any other way.

More Russian complicity with our Moslem overlords we need him confiscation our guns and flags pronto

Exactly.
Sure it can be patched now that the CIA backdoor has been revealed....but at what cost?
35%-50% computing power loss on places like Amazon, Google, Ebay, Boeing, McDonell Douglass, Microsoft....on and on...and on.

Class action lawsuits are going to be flying from every company who invested in Intel hardware.

Kids, this guy ^^^ ABOVE ^^^ is what you call a government shill. His main agenda is to distract you from the truth and downplay the facts.

The FACT is that all major computer companies were called to the table to release customer data. Most companies played ball... In the interest of national security of course! Others who fought the FED bit the big Apple and wound up dead.

...and I just wonder...

Wouldn't *THIS* be the time for NSA/CIA/WHOEVER to add a little extra code in there? Then, possibly, they COULD just access it from remote just by passing a certain sequence through the IP stack.

You people may be paranoid about this ability to read memory which has been around forever, but I'm paranoid about patched. I've caught malware in patch before. Not OS patches but application patches. no, the patching is what worries me. I've got $2 million dollars worth of Cisco UCS hardware and VMware that all this fuckery is going to be FORCED on me (even though its not a problem and never has been). The Administration, who is far more ignorant and far more arrogand is going to demand I do this and then bitch because its taking so long and bitch because they can't get to their virtual desktop. This is NOT gonna be fun.

If ifs ands and buts were candy and nuts, oh what a party we'd have.

It only takes a millisecond for it to be read....if that is what they are looking for.
They may target you....they may not....but will you take that chance or take the 35%-50% power hit?

Hahaha. Oh! You caught me! Oh no! My cover is blown.

Fuck you, asshole.

Actually, I do work for "The Government". (A large K12 school corp.)

You people need to take off the tinfoil hats. The aluminum is way more harmful that the alien rays you're afraid of.

and now western digital is caught [link to gulftech.org]

I'm sure if you look at the "WikiLeaks CIA hacking tools" that were released, you will find the tools they WERE using.

On chip CPU tools/backdoors are tough to beat though....and to patch....hence the 35%-50% performance loss.

I will not pesonally patch any of my own stuff. This is all just bullshit to me. But, as in my previous msg, I will be forced to at work. Hell, I don't even run any virus protection. Don't need it. Never been infected. (Well, at least not un-intentionally. I've don't my share of virus research so I'd be lying if, well, you get the idea...)

Yep.
Note that is all AC71906519 has been doing on this thread.

"...it's yesterday's news....old news.....nothing new....you're all dumb.....old news....you're paranoid" ....etc etc...on and on.....ad nauseum.

Shillbag for sure.



Last Edited by Useless Cookie Eater on 01/06/2018 12:01 AM

Blockchains do not work in the way being described here. Third-party validation is being conspicuously ignored.

What if posts were full of distorting information?
What if assertions glossed over major details?
What if that was intentional?
Who would do this?

Whats going to happen is they are going to start handling blocks of memory like the do disk files. They'll have to have the OS OK each read with some time of security tokens.

My prediction is they will leave some other flaw open that will open up a whole, much more easily, exploitable software flaws. Not good. Sucking up CPU, making things, in the end, less secure. Histeria is a bad thing and always results in us,the engineers getting screwed. Here we go again...

Yep, most of the retards here don't really understand what the crap does it mean. But they choose to be retardedly paranoid without really knowing what they're paranoid about.

Dude....I'm not going to go into the weeds on this.
Do some research yourself.
As far as I can see, and have read, this CIA CPU backdoor allows FULL ACCESS to ALL SYSTEMS and SUB-SYSTEMS.

I would say they FULLY own anything you are doing.
So that means anyone who now has the CIA Intel tool-set can get into your system too.
I wouldn't even CONSIDER taking a chance on what may or may not happen.
Just consider the entire thing COMPROMISED and act accordingly.

No, just no! There will be NO LAWSUITS AGAINST THE FEDERAL GOVERNMENT because all these companies mentioned above were directly involved in creating backdoors in their processors to spy on the American people... Namely disgruntled Patriots and Veterans. Remember this was done during an administration that sold us out to the Muslims, Chinese & Russians.

And you thought Mark Zuckerberg met with the United Nations to sell Girlscout cookies? Get real!

Who do you think is behind all this, the Easter Bunny?