Intel x86 HW KPTI bug ~20-30% SlowDown Coming to ur PC Soon!

[Zebuddi123]

'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign -- Intel Processor Performance hits loom ~20-30%

Viva la AMD ? so does this affect AMD if not Who`s the Daddy Now

https://www.theregister.co.uk/2018/01/0 ... sign_flaw/

[HanPBF]

Just have read about it in a well known German magazine.
That story will make it into TV and then hopefully you have no investment done in Intel stocks...

As far as I understood it's a security problem on CPU level.
As long as my smartphone is 100% secure...

[Zebuddi123]

Hi HanPBF apparently it does affect Android and IOS too, But AMD is not affected "AMD said it is not affected. The wording of that message, though, rather gives the game away as to what the underlying cockup is"

Intel CEO sells 1/4 million stock for $11,000,000 keeping the the bare 250,000 shares he has to keep. To me smacks of Intel seniors Knew. This is what my former CEO did but in a different industry, 10,000 staff redundant and £6,000,000 in shares sold with bare minimum kept prior to the company going under.I`m not saying intel will go under but it`s certainly serious business.

https://www.fool.com/investing/2017/12/ ... stock.aspx

Zebuddi.

[skywalk]

This will drive increasing orders for next gen microprocessors. INTEL will be fine after a stock pullback. This was not a secret to Wall Street. It is up to AMD, QCOM, NVIDIA, ARM, IBM, etc. to deliver faster, cheaper, error-free processors to the market.

[DarkDragon]

https://security.googleblog.com/2018/01 ... -need.html

"Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM"

[Joris]

Volkswagen became punished hard for there CO2-affaire, what about Intel now ?

[Zebuddi123]

I wonder if/how many Military Systems, Nuke`s, ICBM`s, missiles affected. Whom provides their chips\SOC`s. What about Validation of chip design for these, if the aforementioned were true ~5-50% slow down when patched (in and out of user/kernel mode how many 1000+ times a millisecond system wide)

For me I`m running a x5650 orig($1000) 7 years old cpu and still brilliant, as fast as I need soon to be possibly turned into a L5420

And yes like "Diesel Gate" how long have they known! if the Armed Forces and 5eyes are patched? (and how long) then its defiantly an IntelGate.

Zebuddi.

[Zebuddi123]

Wow Just a thought (yes that`s 2 today ) I should be able to buy a "Core i9-7980XE" for a couple of squid (£) in 6-12 months still be faster than mine patched.


Thats because they are saying it`s not microcode fixable.

[Zebuddi123]

The researchers have created a website with more details on Meltdown and Spectre - https://meltdownattack.com/. Its FAQ, like many security-related FAQs, is simultaneously comforting and hair-raising. It starts with “Am I affected by the bug? Most certainly, yes.” It notes that there are patches for Meltdown for Windows, Linux, and macOS. It also notes that that Spectre, though harder for a hacker to implement, is more problematic: “As it is not easy to fix, it will haunt us for quite some time.”

[tj1010]

Funny thing is Zen and I think even last Bulldozer has a ARM co-processor. This vuln should be able to dump the Trustzone micro-kernel over SMC or even main MMU on Zen ARM and Apple, Qualcomm, and Nvidia ARM chips which means all PKI keystore and all the other features like SME can be defeated over time by mapping page table dumps from memory leaks..

Even PS4 and Xbox One security is mostly build on Trustzone micro-kernel. On the PS4 it's used for validated ELF binaries through SMC(don't ask me how I know this it's not on the internet). Xbox One and PS4 use it for chain of trust by loading a encrypted micro kernel from custom silicon ROM.

Everyone now are at the mercy of peoples laziness to prevent jailbreaks and privilege escalation.

[HanPBF]

First day in office day after tomorrow and many questions will have to be answered.

Beside "all is broken", "nothing is 100% secure", etc. is there a probability for attacks that changed?

Web applications are safer than executables as things are hosted and "virtualized" through browsers?
Or vice versa, a local special exe is safer because attacks are done to known programs?
.NET and Java are safer, because they are JIT and not direct executables?

I know that everything is unsafe; but what needs the most effort to be attacked.
At the moment, I can not answer for myself; yes .NET/Java is separated from direct memory access but so wide spreaded used that I guess the situation is either lose-lose...
For me, everything was attackable before with more or less effort, but now attackers have a good base or universal key to attack what they want.

When I read tj1010 post I feel more and more sick... a desaster, isn't it?

[tj1010]

First day in office day after tomorrow and many questions will have to be answered.

Beside "all is broken", "nothing is 100% secure", etc. is there a probability for attacks that changed?

Web applications are safer than executables as things are hosted and "virtualized" through browsers?
Or vice versa, a local special exe is safer because attacks are done to known programs?
.NET and Java are safer, because they are JIT and not direct executables?

I know that everything is unsafe; but what needs the most effort to be attacked.
At the moment, I can not answer for myself; yes .NET/Java is separated from direct memory access but so wide spreaded used that I guess the situation is either lose-lose...
For me, everything was attackable before with more or less effort, but now attackers have a good base or universal key to attack what they want.

When I read tj1010 post I feel more and more sick... a desaster, isn't it?

To put it simply: Supposedly ring 0 memory has been read/wrote from v8 JS engine in a sandbox. Which means it can be done anywhere.

It's a bug in speculative execution algorithm which is in all modern chips. Except in-order(some Atoms like my 330 etc..) chips I think.

[blueznl]

Strictly speaking, it's not a bug per se, it's a design flaw I think (a rather stupid one at that). It also affects AMD, ARM, and what not...

Speculative data in the cache is accessible from the client thread, even if that data belongs to some other part of the system that would require access rights elevation.

Still waiting for the final impact on all (still to be patched older) systems...

(If we're talking about Spectre and Meltdown here, I assume...)

[Zebuddi123]

Hi blueznl.

Yes true, as since been reported and to be honest Ive not checked to see if patches have been released or even installed. If anyone did hack me and my bank account, they would have to deposit some first to steal it, all my money has been invested in shares "Son & Daughter Inc" shocking returns and I have just installed a (pcie x1 gen 2) to sata 3 controller card and an crucial 275gb ssd so the old dell t3500 is running to notch and at the moment not to sure if I would notice as its all been hushed and dampened down to make me want to do some tests.

zebuddi