More Intel leaks.. this one is not good though

[jagdtigger]

6 hours ago, OreoCupcakes said:

The patch is already out for Windows 7 and 8.1. It'll show up in Windows Update next Tuesday, but if you want to patch it now you have to manually do it. The download links for the patches are here, in Microsoft's Update Catalog.

 

Individual Download Links:

Windows 7 (KB4056897)

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4056897

Windows 8.1 (KB4056898)

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4056898

Windows 10 1507 (KB4056893)

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4056893

Windows 10 1511 (KB4056888)

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4056888

Windows 10 1607 (KB4056890)

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4056890

Windows 10 1703 (KB4056891)

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4056891

Windows 10 1709 (KB4056892)

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4056892

Black box updates detected, ignoring... (not you but the updates OFC)

[Smoofie]

If I summarize it (hopefully) correctly  from a dutch post @Tweakers there is:

Spectre 1: Bounds check bypass variant.  AMD, Intel and ARM are vulnerable, but it isn't  very dangerous and it is a hard to use exploit;

Spectre 2: Branch target  Injection varisnt. Intel and maybe some AMD CPU's, but it seems ZEN is safe;

Meltdown: Intel only and the most dangerous and 'easy' to exploit. 

 

If Intel knew about this in the summer and still released there I9's and Coffee lake without communicating this...I think it will be sued.

 

I am anxious to see how Intel, Amazon, Google and AMD will respond to this in time. Hell, it could push the sales of Epyc.

 

I've also read that NVidia cards use quite a lot of syscalls..and newer AMD/GCN cards don't. Is this true?

 

 

 

[cj09beira]

2 minutes ago, Smoofie said:

If I summarize it (hopefully) correctly  from a dutch post @Tweakers there is:

Spectre 1: Bounds check bypass variant.  AMD, Intel and ARM are vulnerable, but it isn't a very dangerous and hard to use exploit;

Spectre 2: Branch target  Injection varisnt. Intel and maybe some AMD CPU's, but it seems ZEN is safe;

Meltdown: Intel only and the most dangerous and 'easy' to exploit. 

 

If Intel knew about this in the summer and still released there I9's and Coffee lake without communicating this...I think it will be sued.

 

I am anxious to see how Intel, Amazon, Google and AMD will respond to this in time. Hell, it could push the sales of Epyc.

 

I've also read that NVidia cards use quite a lot of syscalls..and newer AMD/GCN cards don't. Is this true?

 

 

 

it might be, as amd uses a hardware scheduler while nvidea uses software to do it so it might use more syscalls to do it, tests needed though

[ItsMitch]

2 minutes ago, Smoofie said:

If Intel knew about this in the summer and still released there I9's and Coffee lake without communicating this...I think it will be sued.

 

But to sue, you need to prove that Intel failed to disclose this and maliciously benefited from it and you need to prove that you have been personally affected beyond reasonable doubt, sure major companies like Amazon AWS and MS Azure could argue it but the average Joe, probably not unless you do a class action lawsuit (buncha people + buncha lawyers) 

 

3 minutes ago, Smoofie said:

I am anxious to see how Intel, Amazon, Google and AMD will respond to this in time. Hell, it could push the sales of Epyc.

 

All the companies did respond to it, Amazon published a security notice HERE, Google HERE, but I think a lot more companies will start to switch over to EYPC instead of Xeons. This will most likely haunt Intel for a while. 

[Jito463]

19 hours ago, leadeater said:

I also had a really hard time finding when PCID was introduced but managed to find similar dates for when.

According to an article I found on the Phoronix site, it looks like Sandy Bridge and later have PCID.

Quote

- Reiterating from yesterday's article, systems having PCID (Process Context ID) should lessen the impact of PTI being enabled. (Those interested can check for the presence of "pcid" in their "/proc/cpuinfo" output.) PCID has been present on Intel hardware since the Westmere days, so basically any Sandy Bridge era system or newer should be in better shape. I did manage to pull out an old Lenovo ThinkPad W510 with an Intel Core i7 720QM Clarksfield that is from 2009 and lacks PCID but is affected by this cpu_insecure issue.

https://www.phoronix.com/scan.php?page=article&item=linux-more-x86pti&num=1

8 hours ago, Stefan Payne said:

Have you already forgotten the Managment Engine Exploit?!
ANd now that?!
And you still think that Intel is the best of the best and secure?! 

Don't forget the AMT exploit.

8 hours ago, SC2Mitch said:

Where's the preach emoji when you need it

If you insist. 

[Smoofie]

3 minutes ago, SC2Mitch said:

But to sue, you need to prove that Intel failed to disclose this and maliciously benefited from it and you need to prove that you have been personally affected beyond reasonable doubt, sure major companies like Amazon AWS and MS Azure could argue it but the average Joe, probably not unless you do a class action lawsuit (buncha people + buncha lawyers) 

 

All the companies did respond to it, Amazon published a security notice HERE, Google HERE, but I think a lot more companies will start to switch over to EYPC instead of Xeons. This will most likely haunt Intel for a while. 

I meant the major companies, not the average consumer, sorry I didn't make that more clear.

 

If it can be proven  and that's a big if, that Intel knew about this before releasing there latest CPU's, one can argue that they wouldn't have bought the CPU if the performance was lower as it is with the patch. Thus Intel had an unfair advantage. But I am not a lawyer and it's different in Europe as well. 

 

They did respond to it, but not about the possible consequences for their business, or did they? 

[FeralWombat]

There is a lot of arguing here which I'm going to skip and ask/ mention (if it was before)...CES 2018 is just around the corner, no doubt this coming Monday Intel will speak about their Intel x AMD venture for a new chip I would say no doubt as well the press will bring the issue of their last two decades of chips, very curious to know what happens and what will be said.

Intel already made a statement on their CEO's sale of stocks to just enough to remain as CEO, probably he will be challenged again with this.

[just_dave]

Guys so whats the situation now? Shintel affected by all, AMD only by spectre v1?

[Filthyscum]

Oh ho ho ho ho..

 

Edit: also this;

https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/

 

[ItsMitch]

5 minutes ago, dave_k said:

Guys so whats the situation now? Shintel affected by all, AMD only by spectre v1?

 Better breakdown on what's affected on the AMD side

[just_dave]

6 minutes ago, SC2Mitch said:

 Better breakdown on what's affected on the AMD side

Thanks a lot  !

[Hellion]

On 1/2/2018 at 10:57 PM, mr moose said:

I am damn sure no one posting in this thread could even come close to engineering a cpu let alone perfectly avoiding every single exploit/bug you might encounter in doing so.

 

What difference does this make?

 

Just because an individual doesn't have the credentials to design/manufacture a processor doesn't mean that they aren't entitled to criticize a company for it's short comings. Having reasonable or even excessively high standards isn't an excuse for negligence. Wanting your machine secure isn't unreasonable by any means.

 

There may not be conclusive evidence at this point in time that indicates intel had prior knowledge of this exploit but when the highest ranking employee of the company dumps as much stock as possible prior to the public being made aware of the problem, that's highly suspect behavior that would warrant suspicion as it’s a move that had motive.

 

Or are you one of those blind, brand loyal. consumer tools that will always accept lip service from a corporation regardless of how severely they have wronged you?

 

 

[ItsMitch]

Law firms on behalf of Intel's investors have commenced an investigation into Intel and whether or not they have violated federal security laws.

 

[.spider.]

2 hours ago, Jito463 said:

According to an article I found on the Phoronix site, it looks like Sandy Bridge and later have PCID.

 

PCID is not enough you also need INVPCID at the was introduced with Haswell

[Taf the Ghost]

4 hours ago, PCGuy_5960 said:

Benchmarks comparing performance with the patch/without the patch:

TL;DW:

• NVMe SSD read/write performance is affected (up to 20% in some cases)
• CPU performance in everyday tasks is not affected
• Gaming performance is not affected

So most users aren't going to be affected by this patch. Thank goodness!

Yup, most Desktop tasks were likely to be unaffected. However, I'm curious about X299 systems, which will take time to get to testing. Does the Mesh vs Ring Bus issue crop up here as well?

[jagdtigger]

1 hour ago, Filthyscum said:

Oh ho ho ho ho..

 

Edit: also this;

https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/

 

Talking about the devil geeze...

[Ryujin2003]

8 hours ago, RorzNZ said:

Looks like Apple has come top once again.

It's readier for them since they have very specific hardware and short service life. They don't touch what they don't support, aka Legacy.

 

So their right group in hardware and software control really helps out with this.

[Techicolors]

pretty brief benchmark

tl;dr no massive changes for desktop users, but he'll test older Intel chips later. and retests when patch is 100% complete 

[Zodiark1593]

2 hours ago, Filthyscum said:

Oh ho ho ho ho..

 

Edit: also this;

https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/

 

Yeah, a cpu replacement for myself isn't happening anytime soon...

[Bouzoo]

Just an FYI on performance from Guru3D.

 

Quote

Preliminary conclusion

Given what I am currently seeing, desktop users and PC gamers should not be worried about significant performance drops. Most test results do show a negative effect on performance, but we're really talking in a realm of 2% differentials here. The file IO tests didn't worry me either, and we used the fastest consumer NVME SSD on the globe to be able to see a bigger effect when measured. We did see a bit of a drop off in 4K performance, mostly reads up-to 4%. That's the worst I have been able to find out of all tests though we had an issue with write perf (not related to the patches), we'll look into this but that likely is the newly updated Samsung NVMe driver. Now my remark here needs to include this, there probably will be some firmware updates and perhaps new patches, these all can have an effect on performance. However, if you have a reasonably modern PC and IF this patch is all there is to it, you'll be hard-pressed to notice any difference, if at all. Again I would like to re-iterate that the effect on older dual and quad-core processors with a lower frequency could be far worse, the truth here is that I do not know the effect on that just yet. But on your average modern PC, this doesn't seem to be that worrying at all. That said - I'll need to test older processors, if there's a need performance differences wise, we'll certainly report back on that. 

This article is aimed at gamers and Windows 10 desktop users, the results in the server segment might look and be rather different. In the end, please do get yourself patched up okay?

 

[AresKrieger]

Quote

Meltdown: "Rogue Data Cache Load".

 

This vulnerability is potentially useful to a local attacker. It can obtain secret data from a privileged address space, such as cryptographic tokens or the location of a viable Rowhammer target.

Wait so meltdown is only vulnerable to local attack? That is incredibly useless as a hacking tool in the real world as anyone who has direct access to a machine can already hack into the machine at will, if it were remote then it would be a major problem potentially allowing for all kinds of stolen data but without that it is basically meaningless.

Edit: @SC2Mitch that reddit post appears to be incorrect with regards to meltdown according to info provided by @jagdtigger

[jagdtigger]

1 minute ago, AresKrieger said:

Wait so meltdown is only vulnerable to local attack? That is incredibly useless as a hacking tool in the real world as anyone who has direct access to a machine can already hack into the machine at will, if it were remote then it would be a major problem potentially allowing for all kinds of stolen data but without that it is basically meaningless.

 

Nope:

 

 

 

[AresKrieger]

Just now, jagdtigger said:

 

Nope:

Its says it right in what you just posted, I'm not talking about Spectre as that is a different exploit.

[jagdtigger]

1 minute ago, AresKrieger said:

Its says it right in what you just posted, I'm not talking about Spectre as that is a different exploit.

https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/

Quote

Mozilla Confirms Web-Based Execution Vector for Meltdown and Spectre Attacks

 

[AresKrieger]

1 minute ago, jagdtigger said:

https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/

 

Well then AMD's reddit is useless, and should not be on here as if it were factual it is clearly incorrect