Godlike Productions - Discussion Forum
Users Online Now: 2,331 (Who's On?)Visitors Today: 439,577
Pageviews Today: 737,225Threads Today: 295Posts Today: 4,709
09:42 AM


Rate this Thread

Absolute BS Crap Reasonable Nice Amazing
 

Intel CPUs afflicted with simple data-spewing spec-exec vulnerability

 
Cartel™
Offer Upgrade

User ID: 77396057
Canada
03/05/2019 11:36 AM
Report Abusive Post
Report Copyright Violation
Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
Further demonstrating the computational risks of looking into the future, boffins have found another way to abuse speculative execution in Intel CPUs to steal secrets and other data from running applications.

This security shortcoming can be potentially exploited by malicious JavaScript within a web browser tab, or malware running on a system, or rogue logged-in users, to extract passwords, keys, and other data from memory. An attacker therefore requires some kind of foothold in your machine in order to pull this off. The vulnerability, it appears, cannot be easily fixed or mitigated without significant redesign work at the silicon level.

The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior.

"We have discovered a novel microarchitectural leakage which reveals critical information about physical page mappings to user space processes," the researchers explain.

[link to www.theregister.co.uk (secure)]

bigcruise
Imagine a group of people so disgusting they have to make laws preventing you from hating them
:candp2:
Roobit

User ID: 75520698
United States
03/05/2019 11:38 AM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
All by design, most likely.
The Abyss stares back...

Glp ping pong champ...
Anonymous Coward
User ID: 68025210
Canada
03/05/2019 11:56 AM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
I imagine you could mitigate risks by using a vm that emulates a different cpu, or another architecture completely. Use your intel cpu as a hypervisor and don't connect it to the internet, only connect the vm to the net.
Anonymous Coward
User ID: 74416189
United States
03/05/2019 12:09 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
Hmm I wonder where they're company is located.
Anonymous Coward
User ID: 76423614
United States
03/05/2019 12:19 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
Talpiot Program
Anonymous Coward
User ID: 77274529
Canada
03/05/2019 12:21 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
Well i switched to Ryzen for my current pc. Once its suitably aged i will see how the market looks, might well stick with AMD unless ARM has something better.
Anonymous Coward
User ID: 68025210
Canada
03/05/2019 12:52 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
risc-v is the future

[link to riscv.org (secure)]
Anonymous Coward
User ID: 77429521
United States
03/05/2019 12:53 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
No way that was an accident.
Anonymous Coward
User ID: 68025210
Canada
03/05/2019 01:06 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
[link to web.archive.org (secure)]

shitstir2
Anonymous Coward
User ID: 68025210
Canada
03/05/2019 01:08 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
they dont like risc-v
Anonymous Coward
User ID: 68025210
Canada
03/05/2019 01:12 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
[link to www.theregister.co.uk (secure)]

"Arm has taken offline its website attacking rival processor architecture RISC-V within days of it going live – after its own staff objected to the underhand tactic.

The site – riscv-basics.com – was created at the end of June, and attempted to smear open-source RISC-V, listing five reasons why Arm cores are a better choice over its competitor's designs. However, the stunt backfired, with folks in the tech industry, and within the company's own ranks, slamming the site as a cheap shot and an attack on open source.

That last part in particular made Arm bosses U-turn: the Softbank-owned CPU design house, responsible for billions of CPU cores in smartphones, tablets, smart cards and other embedded kit, is heavily reliant on an ecosystem of open-source code and developers. Thus laying into the RISC-V movement looked like a declaration of war on open-source technology."

threadhi
Anonymous Coward
User ID: 76111205
Estonia
03/05/2019 01:36 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
AMD more cost effective anyway. They may have backdoors as well though. Shit Intel probably works directly with the gov. Or the Chinese have secretly infiltrated it all lol.
Anonymous Coward
User ID: 76111205
Estonia
03/05/2019 02:01 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
I imagine you could mitigate risks by using a vm that emulates a different cpu, or another architecture completely. Use your intel cpu as a hypervisor and don't connect it to the internet, only connect the vm to the net.
 Quoting: Anonymous Coward 68025210


I think this could only work from a system that wasnt compromised. Being that this is built into the hardware, not so sure. If you ran a vm from the start and never connected to the internet directly its possible. Seems this is a multi facet exploit so avoiding one of those would prevent escalation and remote system access.
Anonymous Coward
User ID: 77336129
United States
03/05/2019 02:48 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
Cost effective < greater performance. AMD rates their ghz differently than Intel. A 3.8ghz processor by AMD will not compete with a 3.8ghz Intel. AMD is the under dog of processors and video cards for a solid amount of time. They do not also have anything to compete with nvidia ray tracing tech that they already have pushed a full generation of new cards with.


Avoid AMD at all costs. The environment required for all of these exploits is pretty involved and very unlikely to a personal computer. More scare tactics to shoot Intel down plz.
Anonymous Coward
User ID: 77194716
Canada
03/05/2019 02:48 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
I imagine you could mitigate risks by using a vm that emulates a different cpu, or another architecture completely. Use your intel cpu as a hypervisor and don't connect it to the internet, only connect the vm to the net.
 Quoting: Anonymous Coward 68025210


You can't do that because the hypervisor needs network to support the VM's connectivity. At some point, the hypervisor needs to access all VLANs associated with VMs
Crypto-Tard

User ID: 69359666
United States
03/05/2019 02:49 PM

Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
risc-v is the future

[link to riscv.org (secure)]
 Quoting: Anonymous Coward 68025210


Correct. True audited and opensource hardware.

No back doors, high performance.
When you are afraid of losing your life, you have already lost your life.

Don't be afraid.
Anonymous Coward
User ID: 68025210
Canada
03/05/2019 02:55 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
I imagine you could mitigate risks by using a vm that emulates a different cpu, or another architecture completely. Use your intel cpu as a hypervisor and don't connect it to the internet, only connect the vm to the net.
 Quoting: Anonymous Coward 68025210


You can't do that because the hypervisor needs network to support the VM's connectivity. At some point, the hypervisor needs to access all VLANs associated with VMs
 Quoting: Anonymous Coward 77194716


This isn't true. A virtual machine can operate a network independent of the hypervisor. You could have a hypervisor with no network connectivity at all with a guest that has network access.
Anonymous Coward
User ID: 75725052
United States
03/05/2019 02:59 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
This is news? They've reported on Intel's CPUs having some sort of backdoor since late 2017 via a “Management Engine”.

[link to www.techdirt.com (secure)]
Anonymous Coward
User ID: 76111205
Estonia
03/05/2019 03:01 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
Cost effective < greater performance. AMD rates their ghz differently than Intel. A 3.8ghz processor by AMD will not compete with a 3.8ghz Intel. AMD is the under dog of processors and video cards for a solid amount of time. They do not also have anything to compete with nvidia ray tracing tech that they already have pushed a full generation of new cards with.


Avoid AMD at all costs. The environment required for all of these exploits is pretty involved and very unlikely to a personal computer. More scare tactics to shoot Intel down plz.
 Quoting: Anonymous Coward 77336129


I dont need peak single core performance most of the time and AMD Ryzen 7 8 core performs exceptionally well for 3D rendering vs Intel. Gaming not so much but the difference isnt noticable in most cases. Many new generation games dont fully support multi cores yet. You havent given any valid reasons to Avoid. AMD at all costs.
Anonymous Coward
User ID: 68025210
Canada
03/05/2019 03:03 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
I imagine you could mitigate risks by using a vm that emulates a different cpu, or another architecture completely. Use your intel cpu as a hypervisor and don't connect it to the internet, only connect the vm to the net.
 Quoting: Anonymous Coward 68025210


I think this could only work from a system that wasnt compromised. Being that this is built into the hardware, not so sure. If you ran a vm from the start and never connected to the internet directly its possible. Seems this is a multi facet exploit so avoiding one of those would prevent escalation and remote system access.
 Quoting: Anonymous Coward 76111205


Yes and no. Having a completely offline install is definitely the safest way to go if possible. If not possible, connecting temporarily shouldn't cause you any problem if you aren't exploited in the process. Since there is no way to be 100% sure with a sophisticated attacker, neither is foolproof.
Truth Reaper

User ID: 75955494
United States
03/05/2019 03:03 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
How does AMD stand up or are they compromised also?
I lost my apathy.
Anonymous Coward
User ID: 77194716
Canada
03/05/2019 03:06 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
I imagine you could mitigate risks by using a vm that emulates a different cpu, or another architecture completely. Use your intel cpu as a hypervisor and don't connect it to the internet, only connect the vm to the net.
 Quoting: Anonymous Coward 68025210


You can't do that because the hypervisor needs network to support the VM's connectivity. At some point, the hypervisor needs to access all VLANs associated with VMs
 Quoting: Anonymous Coward 77194716


This isn't true. A virtual machine can operate a network independent of the hypervisor. You could have a hypervisor with no network connectivity at all with a guest that has network access.
 Quoting: Anonymous Coward 68025210


Tell me how you pass the network to a VM running on an hypervisor that has no connectivity?
Anonymous Coward
User ID: 68025210
Canada
03/05/2019 03:08 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
I imagine you could mitigate risks by using a vm that emulates a different cpu, or another architecture completely. Use your intel cpu as a hypervisor and don't connect it to the internet, only connect the vm to the net.
 Quoting: Anonymous Coward 68025210


You can't do that because the hypervisor needs network to support the VM's connectivity. At some point, the hypervisor needs to access all VLANs associated with VMs
 Quoting: Anonymous Coward 77194716


This isn't true. A virtual machine can operate a network independent of the hypervisor. You could have a hypervisor with no network connectivity at all with a guest that has network access.
 Quoting: Anonymous Coward 68025210


Tell me how you pass the network to a VM running on an hypervisor that has no connectivity?
 Quoting: Anonymous Coward 77194716


google it
Anonymous Coward
User ID: 68025210
Canada
03/05/2019 03:09 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
or erhm i mean search for it
Anonymous Coward
User ID: 68025210
Canada
03/05/2019 03:09 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
old habits die hard
Anonymous Coward
User ID: 77194716
Canada
03/05/2019 03:12 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
...


You can't do that because the hypervisor needs network to support the VM's connectivity. At some point, the hypervisor needs to access all VLANs associated with VMs
 Quoting: Anonymous Coward 77194716


This isn't true. A virtual machine can operate a network independent of the hypervisor. You could have a hypervisor with no network connectivity at all with a guest that has network access.
 Quoting: Anonymous Coward 68025210


Tell me how you pass the network to a VM running on an hypervisor that has no connectivity?
 Quoting: Anonymous Coward 77194716


google it
 Quoting: Anonymous Coward 68025210


You can't. The host needs network so VMs (that have no hadrware) can have connectivity too.

You can have VMs with different VLANs but your host needs to access all those VLANs.
Anonymous Coward
User ID: 68025210
Canada
03/05/2019 03:15 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
How does AMD stand up or are they compromised also?
 Quoting: Truth Reaper


Since the exploits would be based on speculative execution, AMD would still be vulnerable, they do however allow to disable the exploitable instruction set, intel does not (that i am aware of)
Anonymous Coward
User ID: 68025210
Canada
03/05/2019 03:15 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
...


This isn't true. A virtual machine can operate a network independent of the hypervisor. You could have a hypervisor with no network connectivity at all with a guest that has network access.
 Quoting: Anonymous Coward 68025210


Tell me how you pass the network to a VM running on an hypervisor that has no connectivity?
 Quoting: Anonymous Coward 77194716


google it
 Quoting: Anonymous Coward 68025210


You can't. The host needs network so VMs (that have no hadrware) can have connectivity too.

You can have VMs with different VLANs but your host needs to access all those VLANs.
 Quoting: Anonymous Coward 77194716


You are wrong.
Anonymous Coward
User ID: 68025210
Canada
03/05/2019 03:16 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
A virtual machine can have it's own dedicated hardware.
Anonymous Coward
User ID: 77194716
Canada
03/05/2019 03:17 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
...


Tell me how you pass the network to a VM running on an hypervisor that has no connectivity?
 Quoting: Anonymous Coward 77194716


google it
 Quoting: Anonymous Coward 68025210


You can't. The host needs network so VMs (that have no hadrware) can have connectivity too.

You can have VMs with different VLANs but your host needs to access all those VLANs.
 Quoting: Anonymous Coward 77194716


You are wrong.
 Quoting: Anonymous Coward 68025210


You don't know what you are talking about.
Anonymous Coward
User ID: 68025210
Canada
03/05/2019 03:18 PM
Report Abusive Post
Report Copyright Violation
Re: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
...


google it
 Quoting: Anonymous Coward 68025210


You can't. The host needs network so VMs (that have no hadrware) can have connectivity too.

You can have VMs with different VLANs but your host needs to access all those VLANs.
 Quoting: Anonymous Coward 77194716


You are wrong.
 Quoting: Anonymous Coward 68025210


You don't know what you are talking about.
 Quoting: Anonymous Coward 77194716


I know exactly what I am talking about. Read up on pci passthrough and sriov and come back educated, or shutup.





GLP