What is the risk level of those Intel/Amd cpu bugs?

[j2ee]

Those cpu bugs have been discovered recently, but how risky are these bugs? Someone has to be at least in the same machine with different virtual machine to use those bug to hack right? Even local network level is safe enough?

[Fasauceome]

Well, the Intel bugs Spectre and meltdown and the like can be run off any webpage. The reason that not every odd website is infected with programs to take advantage of these vulnerabilities is because it's apparently not easy to deploy such methods. And besides, the effort would be a bit wasted on regular web users. The scandal bugs like Ryzenfall from CTS labs are no longer relevant, before they were patched out they basically required administrator access to work.

[j2ee]

1 minute ago, Fasauceome said:

Well, the Intel bugs Spectre and meltdown and the like can be run off any webpage. The reason that not every odd website is infected with programs to take advantage of these vulnerabilities is because it's apparently not easy to deploy such methods. And besides, the effort would be a bit wasted on regular web users. The scandal bugs like Ryzenfall from CTS labs are no longer relevant, before they were patched out they basically required administrator access to work.

Then how can someone prevent hacking if even any site can apply hacking to any website visitor?

[Fasauceome]

2 minutes ago, j2ee said:

Then how can someone prevent hacking if even any site can apply hacking to any website visitor?

They can't really, that's why Intel put out security measures so severe that they reduced performance. 

[Stormseeker9]

.

[j2ee]

4 minutes ago, Fasauceome said:

They can't really, that's why Intel put out security measures so severe that they reduced performance. 

 

I am like most of the other people who don't use the latest hardware and there isn't any patch for motherboard

I am using 6100 cpu with B150M Pro4V motherboard, and don't look like there is any patch to fix any of these bugs.

Then basically I am taking super risk to go online everyday?

[Fasauceome]

12 minutes ago, j2ee said:

 

I am like most of the other people who don't use the latest hardware and there isn't any patch for motherboard

I am using 6100 cpu with B150M Pro4V motherboard, and don't look like there is any patch to fix any of these bugs.

Then basically I am taking super risk to go online everyday?

No you're not taking a risk, like I said it would be a waste of effort to target users like us. As of now it's extremely unlikely that we would have to worry about these bugs, they're targeted mostly at datacenters

[j2ee]

6 minutes ago, Fasauceome said:

No you're not taking a risk, like I said it would be a waste of effort to target users like us. As of now it's extremely unlikely that we would have to worry about these bugs, they're targeted mostly at datacenters

 

I understand the risk is low. But let's say a hacker knows my home IP, can he/she attack me through these cpu bugs?

[MadAnt250]

From what I have researched Microsoft has released patches in their updates a while ago, so if you are up to date then I would not worry if you have a Microsoft OS.

 

[j2ee]

14 minutes ago, MadAnt250 said:

From what I have researched Microsoft has released patches in their updates a while ago, so if you are up to date then I would not worry.  

 

You mean as long as my windows has latest update then I am safe?

[MadAnt250]

1 minute ago, j2ee said:

You mean as long as my windows has latest update then I am safe?

You are most likely safe from the Intel bug, I think the patches have been released by other OS's as well.

[j2ee]

Any known case that hacker use JS or other way to hack user through browser?

[j2ee]

Spectre has been a long journey and has highlighted the best in collaboration across vendors in the industry and academia. So far, white hats appear to be ahead of black hats. We still know of no attacks in the wild, outside of the curious tinkerers and professional researchers developing proof of concept gadgets. New variants of these vulnerabilities continue to trickle out, and may continue to do so for some time. We continue to track these threats and take them seriously.

https://v8.dev/blog/spectre

[j2ee]

Even for the latest cpu, AMD is more safe than Intel if these cpu bugs are concerned?

[j2ee]

By the way, does the latest intel/amd cpu come with these bugs and no fix?!

[j2ee]

I just did some google searches and yes latest cpu of both intel/amd just fix little bit of these cpu bugs and most of these bugs haven't been fixed and don't look like they would try to fix these bugs at all because
They sell faster and faster cpu speed forever and we all know fixing these bugs mean it could slow the cpu like 40%, 50%............

I look at some latest most expensive customer grade motherboard for latest cpu, don't look like they try to fix all of these bugs at all, ho yeah motherboard needs to show better speed for more sales, not security...