Fluxoid

Welcome to Fluxoid. Wanting to join the rest of our members? Feel free to sign up today!

Intel CPU Security Issues

nodle

Cheesemonger
Administrator
So I don't know how many of you have already heard about this, but it really is large news. AMD processors are not vulnerable to this type of attack.

AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.
All computers with Intel chips from the past 10 years appear to be affected. The fix for it? A 30% slower computer! Get ready for some major slow downs.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – specifically, PCID – to reduce the performance hit.
There is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case, the software fix causes huge slowdowns in typical workloads.
Findings

 
Last edited by a moderator:

nodle

Cheesemonger
Administrator
Microsoft has confirmed the Windows update in a statement:

We're aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.
AMD Official Statement

Intel's Statement (they don't want to admit they dun goofed)
 

nodle

Cheesemonger
Administrator
That's practically everything in existence for Intel. Not many out there past 10 years.
Yup your correct, it actually is very HUGE, and lets face it almost everything has an Intel chip in it. They are just trying to downplay it. There are already posts demonstrating before and after with Microsoft's patch for it showing slower results in gaming etc. I guarantee there will be a class action lawsuit coming.
 

ryanator

Mathematical
Members
Unfortunately, every industry known to man since the beginning of time will try to make passive statements to defend their product. Apple blames the whole slow cpu fiasco on looking out for the best interests of the consumer's battery.  Big Tobacco used to market their stuff as a healthy, etc....  Intel just doesn't want to sink, and our current society will allow them to bend us over and do what they want.
 

C Pav

Codename: GB6
Members
Effing Intel...Loved them, LOVED..but now not so much. This is BAD, just bad bad. I remember in college how we learned that they were sort of poorly designed in how then handled floating point integers, stack, and some other ways of handling code and instead of remaking their chips to work more efficiently they just found workarounds to perform better. Something like that.
 

nodle

Cheesemonger
Administrator
Intel just doesn't want to sink, and our current society will allow them to bend us over and do what they want.
Valid point. Think about if they just said "Ya we messed up so what?". What would all the businesses and people do around the world do, quit using their computers.? That is the problem when you only have two chip makers out there. You have no choice, it's a monopoly.
 

C Pav

Codename: GB6
Members
Well nobody wants Intel to sink. It would be bad if no competition for AMD. They just need to not "lie" and make things right.
 

nodle

Cheesemonger
Administrator
Anyone else not seeing the patch push though. My work computer brought it up right away, but on my home computer I have checked two days now with no push. Anyone else not getting it?
 

Davidc

Caulk Sucker
Members
Read this - Secret 3G Radio in Every Intel vPro CPU Could Steal Your Ideas at Any Time

news.softpedia.com/news/Secret-3G-Radio-in-Every-Intel-vPro-CPU-Could-Steal-Your-Ideas-at-Any-Time-385194.shtml

This is not Meltdown. This is not Spectre. This is another Intel design "feature" that is in reality a spying opportunity. If you buy a dual processor from Intel, you really bought a triple processor. The 3rd processor is the Intel Management Core. It sees all. It is not visible to any operating system. You can shutdown and turn off your device yet it still can run if you have battery or did not unplug your device. You can turn off your router. No problem. It calls home on it's own dedicated 3G connection. It can write to your device. Hello kiddie porn. Check it out. Not science fiction. A designed in 3rd party access for Intel and friends. I had a better link before. I'll look for it. 

Among other potential exploits, Intel and friends can collect your cryptos whenever they want unless they're in a paper wallet only or in a faraday cage.

A better link. 

https://popularresistance.org/new-intel-based-pcs-permanently-hackable/
From Zerohedge comment section on: https://www.zerohedge.com/news/2018-01-05/meltdown-story-how-researcher-discovered-worst-flaw-intel-history
 

Davidc

Caulk Sucker
Members
That is why China, India, Russia and EU want to see their own chips in the future.

US tech industry has zero credibility left.

They are just fronts to NSA/NRO/CIA spying programs, all of them, not just Facebook, MSFT, Apple, Amazon and Google.
 

Davidc

Caulk Sucker
Members
And here’s the kicker: AMD has minimal if any exposure and said so, despite Intel saying it is at risk. Even though AMD came up with 64-bit extensions, which Intel licenses, the two firms implemented their 64-bit architectures in completely different ways.

The difference is AMD’s chips don’t do speculative loads if there is the potential for memory access violations. They don’t load data beyond the branch point, so no predicting is done. Intel does the exact opposite. It’s more aggressive in its use of branch prediction and it bit them.

https://www.networkworld.com/article/3245766/virtualization/intels-processor-flaw-is-a-virtualization-nightmare.html
 

nodle

Cheesemonger
Administrator
I haven't posted this but let get out our tin foil hats for a few moments. So apparently this has just made light of day a week ago, but it was discovered awhile back with enough time for the CEO of Intel to dump his stock. Let's think a different way for a second, lets say this was no accident. I have talked about hardware back doors in all hardware before, not only created by other countries like China, but our own as well. China might hide back doors in some chips on their electronic hardware, while we supply all the CPUs, we hide our hardware backdoor on the CPUs themselves. Maybe this was an accident, maybe these were purposely put there and someone found out an blurted it out? Now they have to come clean, but maybe the holes was there on purpose the entire time. Think about it all chips from the past ten years, including MACs as well. It's not really crazy to think about it that way. It was always a backdoor out government wanted there, but someone not working for them found out and the gig was up.
 
Top