More Intel leaks.. this one is not good though

[Tam3n]

1 hour ago, Stefan Payne said:

Oh nice.

So every Hacker can read your passwords now...

Sure. Seems like every Hacker can read my passwords yearly (and find out they are still the same), when some new type of exploid is published.

 

I bet they were already pretty close on this in 2016 when this happened https://thehackernews.com/2017/02/bypass-aslr-browser-javascript.html

[Mat1926]

2 hours ago, Bit_Guardian said:

Oh for crying out loud would you go away?

[heybengbeng]

https://www.anandtech.com/show/12214/understanding-meltdown-and-spectre

 

is this true that both meltdown and spectre only can be done locally? javascript is the only way to do it remotely?

 

i read other people comment in other website and someone said only intel can be exploited from anywhere while amd need local access and can't be exploited remotely. while the other comment said it differently again. anyone know which one is true

[MadyTehWolfie]

This has me looking at AMD CPU and Mobo on Newegg right now....

[Jito463]

4 hours ago, MadyTehWolfie said:

This has me looking at AMD CPU and Mobo on Newegg right now....

[LAwLz]

On 1/6/2018 at 7:12 PM, luigi90210 said:

Source for #1 where I heard that was Jayztwocents in his video and I think he heard it from industry insiders I would have to watch his video on it again but he does mention that iirc. 

Jay is not a reliable source.

 

On 1/6/2018 at 7:12 PM, luigi90210 said:

Source for #2 would be the Microsoft patch that was released. Meltdown isn't patched until Intel releases the microcode updates that work in conjunction with the windows update and that isn't being released until the 9th(so all the performance tests people are doing is useless). Spectre is patched afaik with the same patch. A lot of news sources are advising people about their AV blocking that patch and to allow it because it patches Spectre 

You got it the other way around. Meltdown is patched. Spectre is not (at least not fully).

 

 

On 1/6/2018 at 7:55 PM, luigi90210 said:

That's not what I have been hearing. I don't have a source for the claim though as it's been chatted about in the various discord servers I'm in as well as 4chan. 

Random Discord servers = Not reliable. It's the blind leading the blind.

4chan = Literally spreads FUD about Intel because they hate Jews, and Intel is based in Israel. You'd have to be a fool to take anything said on there as fact without double or triple checking it.

 

On 1/6/2018 at 7:55 PM, luigi90210 said:

This crap is so confusing with all the information being spread around, you don't know what's true or isn't true.

That's why I would appreciate it if people would just shut up if they didn't understand what they were talking about. I am so fed up with people just parroting something they read online, which was most likely written by some other clueless moron just parroting what they heard someone else say.

 

Here is a simple rule I think everyone should follow:

If you don't understand something, don't talk about it as if you do. Don't make comments about how good/bad something is, or how it works, if you don't understand it yourself.

This really shouldn't be a hard rule to follow, but for some reason people can't help spouting nonsense every chance they get.

 

 

5 hours ago, MadyTehWolfie said:

This has me looking at AMD CPU and Mobo on Newegg right now....

AMD is also affected.

The "Intel specific" vulnerability (seems like some ARM chips were vulnerable too) is fixed. The ones left to fix (assuming more aren't found) affect all brands including AMD.

[luigi90210]

24 minutes ago, LAwLz said:

Jay is not a reliable source.

 

You got it the other way around. Meltdown is patched. Spectre is not (at least not fully).

 

 

Random Discord servers = Not reliable. It's the blind leading the blind.

4chan = Literally spreads FUD about Intel because they hate Jews, and Intel is based in Israel. You'd have to be a fool to take anything said on there as fact without double or triple checking it.

 

That's why I would appreciate it if people would just shut up if they didn't understand what they were talking about. I am so fed up with people just parroting something they read online, which was most likely written by some other clueless moron just parroting what they heard someone else say.

 

Here is a simple rule I think everyone should follow:

If you don't understand something, don't talk about it as if you do. Don't make comments about how good/bad something is, or how it works, if you don't understand it yourself.

This really shouldn't be a hard rule to follow, but for some reason people can't help spouting nonsense every chance they get.

 

 

AMD is also affected.

The "Intel specific" vulnerability (seems like some ARM chips were vulnerable too) is fixed. The ones left to fix (assuming more aren't found) affect all brands including AMD.

1. jays sources are reliable, he links them in his video, im just using his video cause its sticking to the facts for the most part 
2. thanks for the clarification

3. i have been browsing 4chan since i was 13, i know what is an anti semitic rants and what isnt, still not claiming what is or isnt fact from there though as it isnt reliable but generally speaking, if people are talking about it, there is some relevance to it which is why i brought that up 

4. many official sources(cant name any specific sources but i have read that on a few sites now and i know jay linked some that claimed that in his video) have been saying AMD processors are only really vulnerable if you have physical access to the device, yes AMD is vulnerable to spectre, only a fool would deny that at this point but from a security standpoint if someone has physical access to a device, all bets are off so the fact that AMD need physical access in order for the exploit to be run says a lot 

[mr moose]

44 minutes ago, LAwLz said:

 The ones left to fix (assuming more aren't found) affect all brands including AMD.

And that's why I am blowing the dust of my C64.   hero, last ninja and outrun here I come.  

[Jito463]

2 hours ago, LAwLz said:

and Intel is based in Israel

One point of clarification, Intel isn't based in Israel, they just have a division there.  Their HQ is in Santa Clara, CA.

[LAwLz]

2 hours ago, luigi90210 said:

1. jays sources are reliable, he links them in his video, im just using his video cause its sticking to the facts for the most part 

Haven't watched his video, but considering you still haven't linked me to a source I find it hard to believe it is reliable.

From what I have read, a local attack was shown to work, but I have not found any evidence that it is only possible to do locally. Maybe Jay read that it was a local attack somewhere and jumped to the conclusion that just because this particular one was local, it is impossible to do remotely?

 

2 hours ago, luigi90210 said:

4. many official sources(cant name any specific sources but i have read that on a few sites now and i know jay linked some that claimed that in his video) have been saying AMD processors are only really vulnerable if you have physical access to the device, yes AMD is vulnerable to spectre, only a fool would deny that at this point but from a security standpoint if someone has physical access to a device, all bets are off so the fact that AMD need physical access in order for the exploit to be run says a lot 

Here is the thing though, mainstream media (I'd bundle youtube channels together with that) are also spreading misinformation. Most people have no idea what the fuck they are talking about right now, and are pushing out garbage articles/videos to get clicks and views. If you see or read something which doesn't have a direct link to a security researcher or white paper, then chances are it is wrong. You have to remember that most people have no idea how any of this works. Have you ever played that game where you whisper a word, and it passes from person to person? That's basically what happens with info right now.

Person 1 says something accurate.

Person 2 hears it, and retells it to other people, using slightly modified words.

Person 3 hears what person 2 says, doesn't fully understand it but decides to retell it anyway using their own words.

Person 4 listens to person 3, but don't understand it fully, but feels like repeating it anyway (although the parroting is not 100% accurate).

Person 5 now gets info from person 4, but the info is completely warped and twisted compared to what person 1 said.

 

That's why there is so much misinformation going around. Because none of person 2 to 5 stopped and though "maybe I shouldn't talk about things I don't understand".

 

 

41 minutes ago, Jito463 said:

One point of clarification, Intel isn't based in Israel, they just have a division there.  Their HQ is in Santa Clara, CA.

Well, that's true but here is a quote from Intel:

Quote

We think of ourselves as an Isreali company as much as a US company.

And I mean, just go to any Intel related thread on 4chan and you will see a bunch of jew-related images get posted.

There are a lot of people on there who says Intel is bad because they have ties to Israel.

Believing something written on there (or Reddit for that matter) without any evidence which can be checked or backed up by other sources, is foolish.

[Jito463]

3 minutes ago, LAwLz said:

We think of ourselves as an Isreali company as much as a US company.

Probably because the Israeli division saved Intel's bacon after the P4 Netburst fiasco.  Their chips were hot, slow and power hungry.  The Core architecture was a massive shift in design that they've been milking for years since.  I'd be more surprised if they weren't especially proud of that division.

4 minutes ago, LAwLz said:

There are a lot of people on there who says Intel is bad because they have ties to Israel.

It's 4chan, what more needs to be said?  I make it a point to avoid 4chan, even more than I make it a point to avoid social media.

4 minutes ago, LAwLz said:

Believing something written on there (or Reddit for that matter) without any evidence which can be checked or backed up by other sources, is foolish.

On this we can both agree (though technically that applies to anywhere, not just those sites).

[MadyTehWolfie]

4 hours ago, Jito463 said:

When I get the money I'm thinking of getting top tier thread ripper hopefully it's better then my 6700k. I'm sure it is but I haven't kept up with and CPUs as I haven't wanted one ever till now.

3 hours ago, LAwLz said:

Jay is not a reliable source.

 

You got it the other way around. Meltdown is patched. Spectre is not (at least not fully).

 

 

Random Discord servers = Not reliable. It's the blind leading the blind.

4chan = Literally spreads FUD about Intel because they hate Jews, and Intel is based in Israel. You'd have to be a fool to take anything said on there as fact without double or triple checking it.

 

That's why I would appreciate it if people would just shut up if they didn't understand what they were talking about. I am so fed up with people just parroting something they read online, which was most likely written by some other clueless moron just parroting what they heard someone else say.

 

Here is a simple rule I think everyone should follow:

If you don't understand something, don't talk about it as if you do. Don't make comments about how good/bad something is, or how it works, if you don't understand it yourself.

This really shouldn't be a hard rule to follow, but for some reason people can't help spouting nonsense every chance they get.

 

 

AMD is also affected.

The "Intel specific" vulnerability (seems like some ARM chips were vulnerable too) is fixed. The ones left to fix (assuming more aren't found) affect all brands including AMD.

Think Jay said that hackers couldn't do anything with the amd CPU unless they have physical access to my PC. Since my PC is in my house fat chance of that happening.

[mr moose]

47 minutes ago, MadyTehWolfie said:

 

Think Jay said that hackers couldn't do anything with the amd CPU unless they have physical access to my PC. Since my PC is in my house fat chance of that happening.

Then he is speculating:

 

Quote

AMD’s CPUs are still vulnerable to Spectre attacks, and in the long run there are still a lot of unknowns about how dangerous Spectre really is, and how well it can be mitigated.

It is the hardest of the two to mitigate currently, which means there are only band aid solutions for now.   It may well be the case that spectre is always going to be band aided until the actual CPU's change.  

 

At any rate it is not very wise to assume that spectre is a non-event just because a handful of PR guys tell you it's "nere zero". 

 

 

[NytroN32D]

On 2018.01.3. at 12:36 AM, DoctorWho1975 said:

The Intel chip security level fubar is again rearing its ugly head. 

 

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

 

 

 

 

This whole best case/worst case scenario is not good:

 

 

 

 

Thank you Intel may we have another?

is my xeon e5420 afected by this meltdown?

[leadeater]

44 minutes ago, NytroN32D said:

is my xeon e5420 afected by this meltdown?

Very much definitely possible that it may be effected, probably. 

 

On an actual serious note yes I think it is, we'll know more in a day or so.

[NytroN32D]

Just now, leadeater said:

Very much definitely possible that it may be effected, probably. 

 

On an actual serious note yes I think it is.

but i was thinking its too old

 

[Zodiark1593]

28 minutes ago, NytroN32D said:

but i was thinking its too old

 

Anything involving OoO and Speculative Excecution should be suspect. Only things safe from the outlined vulnerabilities are the In-order cpu cores. So for Intel, only thing not suspect is the Intel Atom pre-2013. (or stuff so old it wouldn't be usable today)

[NytroN32D]

Just now, Zodiark1593 said:

Anything involving OoO and Speculative Excecution should be suspect. Only things safe from the outlined vulnerabilities are the In-order cpu cores. So for Intel, only thing not suspect is the Intel Atom pre-2013.

dammm needed to stay with athlon 64

[Zodiark1593]

Just now, NytroN32D said:

dammm needed to stay with athlon 64

Well, it also is an OoO design, so it too has the Spectre vulnerabilities to contend with. You'd be better off with a Raspberry Pi. As the CPUs used lack OoO and the complex speculative execution techniques of high-performance designs, all variants of the Raspberry Pi are immune from these vulnerabilities.

[NytroN32D]

Just now, Zodiark1593 said:

Well, it also is an OoO design, so it too has the Spectre vulnerabilities to contend with. You'd be better off with a Raspberry Pi. As the CPUs used lack OoO and the complex speculative execution techniques of high-performance designs, all variants of the Raspberry Pi are immune from these vulnerabilities.

damm

[Zodiark1593]

5 minutes ago, NytroN32D said:

damm

Yeah, not sure how this mess will be unraveled without either pulling back performance-oriented characteristics some, or we just have to live with it (Spectre). It could be that the next die shrink will be spent on implementing mitigations in silicon as well.

[NytroN32D]

Just now, Zodiark1593 said:

Yeah, not sure how this mess will be unraveled without either pulling back performance-oriented characteristics some, or we just have to live with it (Spectre). It could be that the next die shrink will be spent on implementing mitigations in silicon as well.

sad life..

[MadyTehWolfie]

All I want to know is if this can effect my PC when all I do is game on it and go onto the school website.

[Riapah]

5 minutes ago, MadyTehWolfie said:

All I want to know is if this can effect my PC when all I do is game on it and go onto the school website.

Anyone can be affected but since there are so many people and this is a high-level bug/exploit that it will be used against a person like you. Most likely there the ones that are gonna get hacked are the big juicy targets like Amazon.

[MadyTehWolfie]

Well idk what to do. This is pretty confusing for someone who doesn't dabble in the software side of things. If going with a AMD CPU will make my desktop secure I guess I'll just use steam on my PC and nothing else and hope my PC doesn't get raped by a hacker.