Intel security bug
- Started
- Last post
- 15 Responses
- monNom
Seems like a big deal: Intel CPUs have a security bug in how they handle memory that is hard coded on the silicon (un fixable) Mitigating the bug in software can reduce system performance upwards of 30%
we are all getting the patches shortly, which is good for security, but this will kill performance. If your computer starts to feel really slow soon, you know why.
More info:
https://www.theregister.co.uk/20…Some speculation on this and how it might effect cloud services:
http://pythonsweetness.tumblr.co…
- drgs1
https://twitter.com/grsecurity/s…
GPR Security measured 63% loss
- Bennn1
I may go with AMD for my next computer. I will change my computer in 208 probably.
- *2018Bennn
- i'm surprised Intel's stock has not plummeted yetdrgs
- Apparently Intel CEO Brian Krzanich has been dumping stock since November 2017
- maybe time to short Intel?spot13 - AMD has a bug too BTW so does exynostrooperbill
- detritus0
Although the details are a bit inscrutable at the moment, losses are apparently only relevant in a percentage of operation types, particularly in those related to how Virtual Machines work - hence the panic in cloud operations and AMD's apparent stock price rise.
The effect on the likes of us will be a small percentage of the stated percentage range - ie. your processor won't suddenly become 30% slower.
If this isn't the case, then Intel's truly fucked as it may be open to a massive class action suit - the sort here they have to either replace your chip, or refund a significant percentage of the cost, as per the Pentium FPU fuck up back in the 90s.
- monNom2
- makes a good points about cloud storage providers not patching :=| ...meltdown effects nearly every processor since 1995, nuts.kingsteven
- Yeah, this is brutal for both cloud providers, and companies using their services if not patched. 30% performance drop must eat up all profit marginmonNom
- monNom1
Sorry. The Intel bug is actually called "meltdown".
"Spectre" is a related bug that evidently effects all modern CPU architectures from intel but also AMD and ARM (mobile devices).
More info:
https://mobile.nytimes.com/2018/…
- monNom1
Turns out many ARM processors are affected as well. Definitive list here on ARM's site, along with mitigations:
- To be clear, ARM chips seem to be affected by both "Meltdown" and "Spectre". The former seemingly possible through javascript in browser.monNom
- Ah, so none of the M's? That's good.section_014
- aaaaand Apple's iOS chips also vulnerable. Yikes.monNom
- detritus1
Comments here are ... worrisome:
- pablo281
- Turns out my system isn't vulnerable. Which is nice.face_melter
- monNom1
^ that tool is for a different bug dealing with the Intel management engine. I think that mostly affects servers and workstations/corporate laptops. Things you would remotely administer.
Everyone is vulnerable to meltdown / spectre if unpatched.
(Meltdown only on intel and recent ARM chips)
- monNom1
To be clear why spectre is so worrisome: it can steal sensitive information right out of your CPU memory as though it were plain text.
ie: If you log into online banking, you might be behind https, but the credentials you type in are plain text from the perspective of your CPU. Malware or javascript in another tab or hidden window/iframe can use this bug to read that data from your CPU and send it to an attacker. Basically your computer is untrustworthy now unless patched.
For users with older computers who can't update OS, or don't want to update for some reason, you should probably disconnect that machine from the Internet all together and use it only for off line work from now on. Get a cheap new computer for Internet things and use a sneaker network to move files between them.
- BabySnakes0
- < Intel was aware of the chip vulnerability when its CEO sold off $24 million in company stockBabySnakes
- google told them about the issue in June of last yearpockets
- futurefood1
f'n hell! where does it end?!
mobile chip designer ARM Holdings said its chips were also affected and that it was working with Intel and AMD on a fix.
http://fortune.com/2018/01/03/in…
- plash0
Here's a fantastic write up to fix this.
How to Check and Update Windows Systems for the Meltdown and Spectre CPU Flaws
> https://www.bleepingcomputer.com…Microsoft Windows January 2018+ antivirus security update compatibility Matrix
> https://docs.google.com/spreadsh…
- plash0
Intel’s post-patch performance results on “best-case”https://newsroom.intel.com/edito…
expect a 5 to 30 percent performance loss post-patch, depending on processor generation.
- monNom0
The webkit team give some very detailed info on exactly how an attack might have been performed within their browser, and their stop-gap remediation (lowering javascript timer precision to 1ms), while they work to better secure things.
https://webkit.org/blog/8048/wha…
A note on performance:
I did a before/after on a computationally intensive 3d render. My performance was actually very slightly better post-update. (WIn10 i7 6700k)As I understand it, it's the Disk IO related tasks that are most serverely really hurt (3d render is basically all CPU), so I can see how servers would suffer for this. I don't notice a difference.
- MSI (my native MoBo) did a great firmware patch that actually made my system preform better as well.plash