Intel srsly seems to have lost it


#43

It’s amazing how well Intel PR response carpet bombed AMD and ARM. Going by many data points (the latest of which is https://www.reddit.com/r/Amd/comments/7o2i91/technical_analysis_of_spectre_meltdown/) no one is as exposed and flawed as Intel products, yet media in so many places report that every CPU is at risk… amazing.

Good work, Intel. The FUCKWIT problem (or IS_CPU_INSECURE, and I don’t know which I prefer but both are amazing names) looks better on other people plates.


#44

Good thing this pretty much affects everyone, means that specific groups won’t be targeted :stuck_out_tongue:


#45

The proof of Russian-North Korean American Trump election meddling will be there.
There is simply no way to keep the (alt-) truth hidden :stuck_out_tongue_winking_eye:


#46

To follow up on all the calls on the Team etc, it seems that Intel are now releasing updates for Spectre:

I am curious as to what these fixes will do, exactly.


#47

Well, hopefully they’ll issue an update floor Meltdown. The most dangerous flaw. Hopefully with enough pressure Intel won’t be dicks and won’t continue to say that it is an OS fix


#48

Firefox has pushed a new patch in response to this situation:

https://www.mozilla.org/en-US/firefox/57.0.4/releasenotes/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=whatsnew

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/


#49

This is an easy way to provide backdoor. It wasn’t discovered until last year which I would say, goes to show that they were able to hide this from the public for so long.

Because of the nature of this security flaw, it’s easy to see that Intel intentionally designed this flaw into their CPU products. There are not one but three different ways that attackers could get malicious code onto a system that could read memory data such as passwords with only normal user privileges.

This was clearly designed to bypass and defeat encryption which means that most, if not all consumer encrypted computers are not safe even despite being heavily encrypted. Luckily, I am paranoid enough to beef the security to the nines that my computer is still relatively impenetrable…for the moment.

But it’s events like these that makes you wonder just how long ago crooked, rogue intelligence agencies started spamming National Security Letters to all the major companies like Google, Microsoft, Intel, Linux etc in an attempt at compliance to provide backdoors which allow mass surveillance. If I had to guess, about 20 years ago.


#50

Lets take a closer look at OS/firmware/microcode updates.

Google mention suggested mitigations in the following blog post:

As you can see, microcode or firmware updates for Meltdown are not appropriate - the problem is with the hardware itself.

To mitigate Variant 1, which allows an application to read its own memory, we’re seeing updates to specific applications for which this would be an issue. Specifically, applications that run third-party code. For instance your web-browser. Edge (from Windows Update) and Firefox ( from 57 onwards) will adjust (degrade) the resolution of their timers. Google are cooking up an update to Chrome as well, from 64 onwards, though they have not outlined their methodology. In the meantime it’s recommended to turn on whatever enhanced process separation features your browser has, but be warned this will absolutely devour your RAM.
I can also see this affecting applications that use plugins, perhaps even Office files that use VBA. So as usual, be careful what you run.
Remember that Variant 1 affects all out-of-order CPUs, period.

To mitigate Variant 2, which is harder to execute but allows an application to pull in data from other applications or even the kernal, Google suggests either a microcode update or the usage of Retpoline, a software technique they pioneered. Retpoline is a per-app fix, and is baked in on compile. Amusingly, however, we have this:
https://twitter.com/never_released/status/948996493280731139
Which is to say that no matter what, even if every app ever decided to adopt Retpoline immediately, to mitigate Variant 2 on Intel, you will need a firmware update. Luckily it seems Intel have already released the update for every processor released in the past 5 years, and at least the Surface devices have already been patched. AMD have promised an update but none has been provided as of yet.
Variant 2 affects Intel, and may affect some AMD processors, but no working exploit has successfully compromised AMD.

Variant 3, Meltdown, is the one that affects only Intel (and some ARM, apparently), and requires kernel pagetable isolation. This has been applied by Linux and Windows, and importantly, on both OSes, AMD processors are exempt from the feature. There has been speculation that the Windows fix isn’t similar to the Linux one, that it uses different methodology that doesn’t hit performance as much, but this seems unlikely to me.

Microsoft weighs in here:
https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Upshot: We will need a combination of app updates, firmware updates, and in the case of Intel processors, OS updates.
Eek.

@Team, when can we expect the Intel firmware update to make its way to us?


#51

To sum up what catonkatonk is saying, ‘Meltdown is fixable, but a hefty chunk of your CPU performance will nosedive no matter how fine-tuning the microcode or firmware is’.

‘Spectre is not fixable, period! To do so would require a complete re-design of the CPU’s silicon hardware architects as well as an update to the instruction set architectures. It’s virtually impossible to fix.’

People seem to think that Spectre is not as dangerous as Meltdown however, what they don’t understand is that the exploit can target JavaScript which almost every website virtually uses.

Online banking, TV/Movie streaming, Youtube, Porn and every other site you visit every day is a potential risk on an order of magnitude that you have never seen before.

Frankly, I think there should be a mass recall of every Intel CPU that dates back to 10 years ago, but we know Intel is NEVER going to do that…because that would bankrupt the company to the ground. Everyone is going to have to wait 5 years for new CPU’s to hit the market that have had redesigned architectures…5 years is too long so this is a catastrophic mistake they made designing these backdoors for intelligence agencies with the assumption that they could get away with it.

Intel needs to own up for what it did because this is a severe violation, even if it means going bankrupt recalling their CPU’s.


#52

If Spectre is affecting all CPUs made in the last decade or so, thats a good way to literally end the digital era.


#53

Pretty much. They (CPU companies) have got the power through mistakes, blunders and hidden backdoors to push civilization back to the stone age. Given their track record, well…let’s just say that it’s more likely to happen than winning the lottery.

What I am really concerned about is the tens of thousands of lines of hidden instructions in x86 CPUs which is perfect for a rogue AI. It’s literally a portentous precedent, in which greedy companies setup the conditions to which a civilization can fall, all in the name of money…should a rogue AI infiltrate every computer in the world.


#54

except that intel didn’t design the protocol at all… they used someone elses lol


#55

looks like your solution is not stop using every form of technology then.


#56

My solution would be to become a billionaire and build my own company and ensure there’s no backdoors in my products, but that’s likely not going to happen :sweat_smile::rofl:


#57

I like that plan too :smiley:


#58

Ooops. “After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown.” And now some AMD systems are unbootable after installing the update.


#59

How does he know? :stuck_out_tongue_winking_eye:


#60

I’m not in this situation, as I haven’t had an AMD system for a number of years now, but I’m guessing this means that WINDOWS doesn’t boot, not the computer? A windows update isn’t screwing with the firmware, is it?


#61

@Eriol_Ancalagon I’m not in this situation either, fortunately. Sounds like it’s the Athlon chips that are affected. According to some other articles, reinstalling windows (and immediately disabling updates) is working for some people, so I would assume the update isn’t touching firmware.


#62

yep only old AMD CPUs are affected like: Athlon, Opteron, Sempron, Turion