Intel has been cutting corners for years to ensure top performance and it has finally come around to bit them in the ass
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
https://www.youtube.com/watch?v=sJzLsyJmu9E
The Core arc has a major flaw at it's core (all puns intended) deep down in the center of the arc the CPU's internal communication is NOT encrypted. With this an attacker can record ALL information that passes inside the CPU. This means that an attacker can collect literally all data every webpage, every credit card transaction, every keypress everything! This is the greatest vulnerability in CPU history!
The fix can't be done at the microcode level like the internal management chip flaw that was found a few months ago, this issue is physical. The repair has to be done at OS level and WILL cause a performance hit. Not to things like gaming but more for server side applications.
>is AMD vulnerable also?
NO AMD has a co-processor that encrypts and decrypts all info in the CPU
>when will this update come out
There is a patch for linux already but it's an early one as for windows and apple it is in development
/mlpol/ - My Little Politics
Archived thread
File (): 0F795D9822C975BAAE98D7824794A34E-373848.gif (365.1 KB, 2000x1153, damage control jew.gif)
AMD RYZEN IN A NUTSHELL
https://www.youtube.com/watch?v=4HERHZLFnqE
I7 8700K REVIEW
https://www.youtube.com/watch?v=qidpYHGpok4
https://www.youtube.com/watch?v=4HERHZLFnqE
I7 8700K REVIEW
https://www.youtube.com/watch?v=qidpYHGpok4
This is what happens when your company hires poo engineers.
File (): D831DF1D45A5588BB5EE5A564812EF57-286781.png (280.1 KB, 450x375, ork computer.png)
>TLDR
if you plan to buy a new computer or got the money to change processors, never buy Intel ever again for the foreseeable future.
Go AMD and spare yourself the bullshit.
if you plan to buy a new computer or got the money to change processors, never buy Intel ever again for the foreseeable future.
Go AMD and spare yourself the bullshit.
File (): CD9E5D37DBA94C53E1CD19D0895AE29B-94450.png (92.2 KB, 600x800, smile_insane_twilight_sparkle_by_grumbeerkopp-d4shxo0.png)
shid
For a vulnerability this low level though, wouldn't the attacker need physical access to the machine to exploit it?
Also, this whole thread feels suspiciously like a sales pitch for AMD.
Also, this whole thread feels suspiciously like a sales pitch for AMD.
Nitpicking here.
>>101075
>the CPU's internal communication is NOT encrypted.
Of course data isn't encrypted inside the CPU. How would you even work with data that is encrypted?
>AMD has a co-processor that encrypts and decrypts all info in the CPU
I don't see how this could be true. Even if it was, everything still has to be done in the clear when the code is being executed and it would make no difference in practice.
I don't know what's actually going on - as far as I know the full details have not been released yet - but from what people have been saying it seems to be possible to trick the CPU into running code in a privileged mode when it shouldn't and this makes it possible to bypass some or all security restrictions. It's a disaster for Intel.
>The repair has to be done at OS level and WILL cause a performance hit.
Yes, apparently it is possible to rewrite your operating system code to work around this thing, and a 30% performance hit on Mac and in Linux has been mentioned.
>>101075
>the CPU's internal communication is NOT encrypted.
Of course data isn't encrypted inside the CPU. How would you even work with data that is encrypted?
>AMD has a co-processor that encrypts and decrypts all info in the CPU
I don't see how this could be true. Even if it was, everything still has to be done in the clear when the code is being executed and it would make no difference in practice.
I don't know what's actually going on - as far as I know the full details have not been released yet - but from what people have been saying it seems to be possible to trick the CPU into running code in a privileged mode when it shouldn't and this makes it possible to bypass some or all security restrictions. It's a disaster for Intel.
>The repair has to be done at OS level and WILL cause a performance hit.
Yes, apparently it is possible to rewrite your operating system code to work around this thing, and a 30% performance hit on Mac and in Linux has been mentioned.
>>101075
>Intel has been cutting corners for years to ensure top performance and it has finally come around to bit them in the ass
Excuse me?
Amd was always better, and cheaper!
>Intel has been cutting corners for years to ensure top performance and it has finally come around to bit them in the ass
Excuse me?
Amd was always better, and cheaper!
File (): F7B57977E193E6EEC23234D14B36F93F-174636.jpg (170.5 KB, 1920x1080, amd intel.jpg)
Massive Cybersecurity breach exposed due to faulty Chip designs, easyly exploitable by amateur hackers.
https://twitter.com/nicoleperlroth/status/948684803628584960
Nicole Perlroth
@nicoleperlroth
>2. Christmas didn't come for the computer security industry this year. A critical design flaw in virtually all microprocessors allows attackers to dump the entire memory contents off of a machine/mobile device/PC/cloud server etc.
big crimE''
@b1gcr1me
>what in the world is going on?
WeWuzMetokur
@WeWuzMetokur
>Shit is hitting the fan in real time.
https://twitter.com/nicoleperlroth/status/948684803628584960
Nicole Perlroth
@nicoleperlroth
>2. Christmas didn't come for the computer security industry this year. A critical design flaw in virtually all microprocessors allows attackers to dump the entire memory contents off of a machine/mobile device/PC/cloud server etc.
big crimE''
@b1gcr1me
>what in the world is going on?
WeWuzMetokur
@WeWuzMetokur
>Shit is hitting the fan in real time.
File (): CC484DAFE2A34D443105FA5BA7F161E8-143503.png (140.1 KB, 300x315, ernie hacks.png)
Government manipulation suspected.
https://twitter.com/WeWuzMetokur/status/948695954978459648
WeWuzMetokur
@WeWuzMetokur
>Thank you corporate America. At first I didn't think I was fucked over enough by Equifax giving away my SSN, Name, Address, and Credit History but now with every computer on Earth getting fucked I am most assuredly bent over. Would you like to come piss in my face now?
https://twitter.com/WeWuzMetokur/status/948695954978459648
WeWuzMetokur
@WeWuzMetokur
>Thank you corporate America. At first I didn't think I was fucked over enough by Equifax giving away my SSN, Name, Address, and Credit History but now with every computer on Earth getting fucked I am most assuredly bent over. Would you like to come piss in my face now?
>>101133
This will do a better job explaining it
https://www.anandtech.com/show/6007/amd-2013-apus-to-include-arm-cortexa5-processor-for-trustzone-capabilities
The tech was put into AMD CPUs back in the Beema/Mullins Era and was baked into Zen. AMD has confirmed this is not able to affect AMD
https://www.cnbc.com/2018/01/03/amd-rebukes-intel-says-flaw-poses-near-zero-risk-to-its-chips.html
This is a big thing for AMD and a chance for a non kikey company to actually have a solid chance!
This will do a better job explaining it
https://www.anandtech.com/show/6007/amd-2013-apus-to-include-arm-cortexa5-processor-for-trustzone-capabilities
The tech was put into AMD CPUs back in the Beema/Mullins Era and was baked into Zen. AMD has confirmed this is not able to affect AMD
https://www.cnbc.com/2018/01/03/amd-rebukes-intel-says-flaw-poses-near-zero-risk-to-its-chips.html
This is a big thing for AMD and a chance for a non kikey company to actually have a solid chance!
>>101075
Well this is going to be a test on how good the consumer rights are in Norway. I am going to try to RMA my little under a year old Intel CPU and move to AMD.
Well this is going to be a test on how good the consumer rights are in Norway. I am going to try to RMA my little under a year old Intel CPU and move to AMD.
So I have to change my motherboard AND my i5, best for Ryzen 7 now? Gonna fucking sue their asses...
all you horsefucking niggers are retarded. intel and amd have integrated coprocessors and 3g modems integrated into all chips. This won't bite them in the ass, ring 0 vulnerabilities have been around for years
>>101327
>silicon are under wraps: an embargo on the specifics is due to lift early this month
>this is what we know
> It allows normal user programs to discern to some extent the layout or contents of protected kernel memory areas.
It is speculated that Intel processors are running codes whitin the kernel whitout proper security checks.
This is really dangerous, as a tiny bit of malicious code is enough to shut up your computer, but it's not as bad as people put it, as long as you stay keep your security in check nothing bad should happen.
Of course, if this is truth tho, you can say goodbye at your computer the second you run that Sony Vegas crack since this would mean it can run code directly on kernel whitout administrator not system privileges and the processor will just run the code like a blind motherfucker.
(If you don't get why this is bad, buffer overflow is a nice example of how a tiny string can fuck up your pc)
>silicon are under wraps: an embargo on the specifics is due to lift early this month
>this is what we know
> It allows normal user programs to discern to some extent the layout or contents of protected kernel memory areas.
It is speculated that Intel processors are running codes whitin the kernel whitout proper security checks.
This is really dangerous, as a tiny bit of malicious code is enough to shut up your computer, but it's not as bad as people put it, as long as you stay keep your security in check nothing bad should happen.
Of course, if this is truth tho, you can say goodbye at your computer the second you run that Sony Vegas crack since this would mean it can run code directly on kernel whitout administrator not system privileges and the processor will just run the code like a blind motherfucker.
(If you don't get why this is bad, buffer overflow is a nice example of how a tiny string can fuck up your pc)
>>101206
>trustzone
>>101327
>intel and amd have integrated coprocessors and 3g modems integrated into all chips. This won't bite them in the ass, ring 0 vulnerabilities have been around for years
This bug has nothing to do with the coprocessors, and it seems to be remotely exploitable, which those aren't (as easily).
Breaking into systems is all about using flaws and vulnerabilities as Lego bricks, parts you can combine in order to build an exploit and gain control. It is not about "X system has Y security problem, so now it's 100% unsafe".
>trustzone
>>101327
>intel and amd have integrated coprocessors and 3g modems integrated into all chips. This won't bite them in the ass, ring 0 vulnerabilities have been around for years
This bug has nothing to do with the coprocessors, and it seems to be remotely exploitable, which those aren't (as easily).
Breaking into systems is all about using flaws and vulnerabilities as Lego bricks, parts you can combine in order to build an exploit and gain control. It is not about "X system has Y security problem, so now it's 100% unsafe".
File (): E7900C41DBC7D0247B4A4C4FE84969CA-44579.jpg (43.5 KB, 300x300, bruce-schneier-3.jpg)
Schneier finally posted about it:
https://www.schneier.com/blog/archives/2018/01/spectre_and_mel.html
Lots of links in the post and comments for anyone whose desire to know more has intensified.
Copypasting a quick rundown from a 4/pol anon:
>Spectre (affects many classes of processors incl. AMD) and Meltdown (exclusive to Intel processors, will take up to 30% performance hit after security patch) are two totally different things.
>Meltdown is a way to bypass protections on protected memory. Code that is running without privilege (unprivileged) can exploit into finding the full address space, including other unprivileged code from other processes and the kernel. Imagine if you could find out the combo to the vault to your bank's vault standing at the counter looking at your cell phone, and then break into the vault without any teller noticing. Fixing it is like tying a brick to your car; they know a fix, but under certain conditions, your car will be 30% slower.
>Spectre (which affects AMD, Intel, ARM, etc.) is like noticing that the random number generator on the lottery isn't totally random (parts of other processes may be part of a reply from the processor). It's not 100% reliable, but it's way harder to patch. Imagine if I had to process a stream of garbage and I might find part of a sensitive document you had in it. That's basically what spectre is. If you game the predictiveness of the processor to give you the info you want, you can leak sensitive info out to exploit a system or gain sensitive info out of it covertly.
>Meltdown fucks anyone using intel. That's why the performance gimping fix is coming out. Imagine that I could dump money from a certain model of ATM by touching it. That's meltdown.
>AMD, ARM, Intel, everyone are subject to Spectre, but it requires a lot more specific knowledge. It's useful to people with tons of nerds who can pick a target (like the Iranian nuclear program), get info on their exact software environment, test against it, find the weakness, and then use it. It's more like having to find out the mother's maiden name of the guy who serviced the ATM 3 years ago. It's harder. Modern intelligence, not impossible. But way harder than the intel bug.
https://www.schneier.com/blog/archives/2018/01/spectre_and_mel.html
Lots of links in the post and comments for anyone whose desire to know more has intensified.
Copypasting a quick rundown from a 4/pol anon:
>Spectre (affects many classes of processors incl. AMD) and Meltdown (exclusive to Intel processors, will take up to 30% performance hit after security patch) are two totally different things.
>Meltdown is a way to bypass protections on protected memory. Code that is running without privilege (unprivileged) can exploit into finding the full address space, including other unprivileged code from other processes and the kernel. Imagine if you could find out the combo to the vault to your bank's vault standing at the counter looking at your cell phone, and then break into the vault without any teller noticing. Fixing it is like tying a brick to your car; they know a fix, but under certain conditions, your car will be 30% slower.
>Spectre (which affects AMD, Intel, ARM, etc.) is like noticing that the random number generator on the lottery isn't totally random (parts of other processes may be part of a reply from the processor). It's not 100% reliable, but it's way harder to patch. Imagine if I had to process a stream of garbage and I might find part of a sensitive document you had in it. That's basically what spectre is. If you game the predictiveness of the processor to give you the info you want, you can leak sensitive info out to exploit a system or gain sensitive info out of it covertly.
>Meltdown fucks anyone using intel. That's why the performance gimping fix is coming out. Imagine that I could dump money from a certain model of ATM by touching it. That's meltdown.
>AMD, ARM, Intel, everyone are subject to Spectre, but it requires a lot more specific knowledge. It's useful to people with tons of nerds who can pick a target (like the Iranian nuclear program), get info on their exact software environment, test against it, find the weakness, and then use it. It's more like having to find out the mother's maiden name of the guy who serviced the ATM 3 years ago. It's harder. Modern intelligence, not impossible. But way harder than the intel bug.
We all know how this works, right?
http://news.softpedia.com/news/intel-ceo-sold-off-24m-in-stock-after-google-reported-chip-vulnerability-519222.shtml
So in June Google tells Intel about it, in November Intel CEO sells all but minimum stock, January public learns about it.
http://news.softpedia.com/news/intel-ceo-sold-off-24m-in-stock-after-google-reported-chip-vulnerability-519222.shtml
So in June Google tells Intel about it, in November Intel CEO sells all but minimum stock, January public learns about it.
>>101667
I think the CEO of Intel can look forward to seeing how insider trading laws work. Well at least if the prosecutor and other stock holders have any sense.
I think the CEO of Intel can look forward to seeing how insider trading laws work. Well at least if the prosecutor and other stock holders have any sense.
>>101670
So right around the time the world wide web is emerging, CPUs become insecure. Then for 22 years the eggheads failed to notice this through numerous CPU redesigns. Then Google (a part of the deep state according to Assange's book) "discovers" this flaw with a plan to have it announced 6 months later. What was happening for 6 months? But this gets upped by 1 whole week. A conspiracy minded person might see a conspiracy here to take advantage for as long as possible.
This is a perfect spying tool, it can't be used to disrupt the computer just spy, so hackers discovering it is low risk.
I would expect the CEO of Intel to have some nice cosy chats with the Deep State and have double checked his situation before selling $24 million in shares. I expect he got the all clear.
So right around the time the world wide web is emerging, CPUs become insecure. Then for 22 years the eggheads failed to notice this through numerous CPU redesigns. Then Google (a part of the deep state according to Assange's book) "discovers" this flaw with a plan to have it announced 6 months later. What was happening for 6 months? But this gets upped by 1 whole week. A conspiracy minded person might see a conspiracy here to take advantage for as long as possible.
This is a perfect spying tool, it can't be used to disrupt the computer just spy, so hackers discovering it is low risk.
I would expect the CEO of Intel to have some nice cosy chats with the Deep State and have double checked his situation before selling $24 million in shares. I expect he got the all clear.
>>101731
The early release was due to linux kernel coders also had discovered the fault and were working on a fix so the genie was out of the bottle sort of speak. But the fact that Google kept quiet about it is raising some red flags. All other flaws they discover, or is made aware of, they give 90 days to fix it or they will reveal the flaw it no matter what.
The CEO probably will be able to keep all the money, and Intel will continue to decline in value while he is serving one year in house (mansion) arrest.
The early release was due to linux kernel coders also had discovered the fault and were working on a fix so the genie was out of the bottle sort of speak. But the fact that Google kept quiet about it is raising some red flags. All other flaws they discover, or is made aware of, they give 90 days to fix it or they will reveal the flaw it no matter what.
The CEO probably will be able to keep all the money, and Intel will continue to decline in value while he is serving one year in house (mansion) arrest.
>ring-3 processes can read ring-0
>patch slows down performance
>ME is still not removed
Guess it's time to switch back to i586 for good
>patch slows down performance
>ME is still not removed
Guess it's time to switch back to i586 for good
Rumours via https://www.youtube.com/watch?v=Fn3eIKB8-qw
Zack, one of the 4 Qanon's states that these bugs were used to extract deep state secrets. If we add in the Alphabet CEO retiring… did these Google-found flaws get used by the good guys to take all the bad guys secrets and that is why there was a 6 months delay?
Yes, I do like a good conspiracy theory, don't you?
Zack, one of the 4 Qanon's states that these bugs were used to extract deep state secrets. If we add in the Alphabet CEO retiring… did these Google-found flaws get used by the good guys to take all the bad guys secrets and that is why there was a 6 months delay?
Yes, I do like a good conspiracy theory, don't you?
>>104687
I also got the notion that the flaws was used to extract info from the bad guys by the good guys. I think they used both Meltdown although it is more complex and mostly useful in an targeted attack, and the more generic Spectre Intel CPU flaw. And hopefully they got all the information they needed before the flaw was made known and was patched.
I also got the notion that the flaws was used to extract info from the bad guys by the good guys. I think they used both Meltdown although it is more complex and mostly useful in an targeted attack, and the more generic Spectre Intel CPU flaw. And hopefully they got all the information they needed before the flaw was made known and was patched.
27 replies | 7 files | 16 UUIDs | Archived