Posted August 14, 2018 A team of researchers found yet another spectre-like vulnerability in modern Intel CPUs. So far the exploit has been confirmed for Skylake and later generations, but researchers have only looked at Intel so far. Older CPUs and other brands may very well be vulnerable to variants of the same attack. Quote Intel's Software Guard Extensions feature, known as SGX, allows programs to establish so-called secure enclaves on Intel processors. These are regions of a chip that are cordoned off to run code that the computer's operating system can't access or change. The secure enclave creates a safe haven for sensitive data, even if malware or another malady compromises the main computer. But a group of researchers, hailing from five academic institutions around the world, found that although SGX can mostly repel Spectre and Meltdown attacks, a related attack can bypass its defenses. They call it Foreshadow. "There were certain aspects that were surprising and certain aspects that weren't," says microarchitecture security researcher Yuval Yarom, a member of the team that will present its findings at the Usenix security conference in Baltimore on Wednesday."We thought speculative execution could get some information from SGX, but we weren’t sure how much. The amount of information we actually got out—that took us by surprise." Quote "When you look at what Spectre and Meltdown did not break, SGX was one of the few things left," says system security researcher Daniel Genkin, who contributed to the Foreshadow work. "SGX was mostly spared by Spectre, so it was the logical next step." Intel was informed a while ago and is in the process of releasing microcode patches for what it calls the "L1 Terminal Fault". Source : https://www.wired.com/story/foreshadow-intel-secure-enclave-vulnerability/ 2018 sure is shaping up to be the year of CPU vulnerabilities. It's going to take a while before all this will be behind us. In the meantime, be sure to patch your machines. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 14, 2018 All these CPU vulnerabilities sound like Buzzfeed named them. Spectre, meltdown, foreshadow, and my favorite (though this one is a stretch considering its circumstances): Ryzenfall. Kind of makes it hard to take them seriously. Current Build: CPU: Ryzen 7 5800X3D GPU: RTX 3080 Ti FE RAM: 32GB G.Skill Trident Z CL16 3200 MHz Mobo: Asus Tuf X570 Plus Wifi CPU Cooler: NZXT Kraken X53 PSU: EVGA G6 Supernova 850 Case: NZXT S340 Elite Current Laptop: Model: Asus ROG Zephyrus G14 CPU: Ryzen 9 5900HS GPU: RTX 3060 RAM: 16GB @3200 MHz Old PC: CPU: Intel i7 8700K @4.9 GHz/1.315v RAM: 32GB G.Skill Trident Z CL16 3200 MHz Mobo: Asus Prime Z370-A Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 14, 2018 2 minutes ago, Emberstone said: All these CPU vulnerabilities sound like Buzzfeed named them. Spectre, meltdown, foreshadow, and my favorite (though this one is a stretch considering its circumstances): Ryzenfall. Kind of makes it hard to take them seriously. Ryzenfall is kinda cool. As far as names go. lol Spoiler LTT's Fastest single core CineBench 11.5/15 score on air with i7-4790K on air Main Rig CPU: i7-4770K @ 4.3GHz 1.18v, Cooler: Noctua NH-U14S, Motherboard: Asus Sabertooth Mark 2, RAM: 16 GB G.Skill Sniper Series @ 1866MHz, GPU: EVGA 980Ti Classified @ 1507/1977MHz , Storage: 500GB 850 EVO, WD Cavier Black/Blue 1TB+1TB, Power Supply: Corsair HX 750W, Case: Fractal Design r4 Black Pearl w/ Window, OS: Windows 10 Home 64bit Plex Server WIP CPU: i5-3570K, Cooler: Stock, Motherboard: ASrock, Ram: 16GB, GPU: Intel igpu, Storage: 120GB Kingston SSD, 6TB WD Red, Powersupply: Corsair TX 750W, Case: Corsair Carbide Spec-01 OS: Windows 10 Lenovo Legion Laptop CPU: i7-7700HQ, RAM: 8GB, GPU: 1050Ti 4GB, Storage: 500GB Crucial MX500, OS: Windows 10 Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 14, 2018 4 minutes ago, Br3tt96 said: Ryzenfall is kinda cool. As far as names go. lol Except Ryzen never fall. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 14, 2018 Skylake and up? Then I don't care too much. 4th gen for the win! I spent $2500 on building my PC and all i do with it is play no games atm & watch anime at 1080p(finally) watch YT and write essays... nothing, it just sits there collecting dust... Builds: The Toaster Project! Northern Bee! The original LAN PC build log! (Old, dead and replaced by The Toaster Project & 5.0) Spoiler "Here is some advice that might have gotten lost somewhere along the way in your life. #1. Treat others as you would like to be treated. #2. It's best to keep your mouth shut; and appear to be stupid, rather than open it and remove all doubt. #3. There is nothing "wrong" with being wrong. Learning from a mistake can be more valuable than not making one in the first place. Follow these simple rules in life, and I promise you, things magically get easier. " - MageTank 31-10-2016 Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 14, 2018 Who wants to buy a CPU CPU i7 6700 Cooling Cryorig H7 Motherboard MSI H110i Pro AC RAM Kingston HyperX Fury 16GB DDR4 2133 GPU Pulse RX 5700 XT Case Fractal Design Define Mini C Storage Trascend SSD370S 256GB + WD Black 320GB + Sandisk Ultra II 480GB + WD Blue 1TB PSU EVGA GS 550 Display Nixeus Vue24B FreeSync 144 Hz Monitor (VESA mounted) Keyboard Aorus K3 Mechanical Keyboard Mouse Logitech G402 OS Windows 10 Home 64 bit Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 14, 2018 When is the Casino Royale vulnerability going to be found? Or maybe View to a Kill? Or Thunderball ? My Rig "Valiant" : Intel® Core™ i7-5930 @3.5GHz ; Asus X99 DELUXE 3.1 ; Corsair H110i ; Corsair Dominator Platinium 64GB 3200MHz CL16 DDR4 ; 2 x 6GB ASUS NVIDIA GEFORCE GTX 980 Ti Strix ; Corsair Obsidian Series 900D ; Samsung 950 Pro NVME + Samsung 850 Pro SATA + HDD Western Digital Black - 2TB ; Corsair AX1500i Professional 80 PLUS Titanium ; x3 Samsung S27D850T 27-Inch WQHD Monitor Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 14, 2018 2 hours ago, Emberstone said: All these CPU vulnerabilities sound like Buzzfeed named them. Spectre, meltdown, foreshadow, and my favorite (though this one is a stretch considering its circumstances): Ryzenfall. Kind of makes it hard to take them seriously. You don't take the term Meltdown seriously? Please say you are not working at a Nuclear power plant, I really could do without Strontium in my cereal. @Captain Chaos I have President Xi's number, shall I phone and ask him to change the Chinese calendar so 2018 is the Year Of The CPU Vulnerability? Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 14, 2018 Hopefully this isn't Foreshadow-ing of things to come PLEASE QUOTE ME IF YOU ARE REPLYING TO ME Desktop Build: Ryzen 7 2700X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 48GB Corsair DDR4 @ 3000MHz, RX5700 XT 8GB Sapphire Nitro+, Benq XL2730 1440p 144Hz FS Retro Build: Intel Pentium III @ 500 MHz, Dell Optiplex G1 Full AT Tower, 768MB SDRAM @ 133MHz, Integrated Graphics, Generic 1024x768 60Hz Monitor Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 14, 2018 13 minutes ago, ScratchCat said: You don't take the term Meltdown seriously? Please say you are not working at a Nuclear power plant, I really could do without Strontium in my cereal. Current Build: CPU: Ryzen 7 5800X3D GPU: RTX 3080 Ti FE RAM: 32GB G.Skill Trident Z CL16 3200 MHz Mobo: Asus Tuf X570 Plus Wifi CPU Cooler: NZXT Kraken X53 PSU: EVGA G6 Supernova 850 Case: NZXT S340 Elite Current Laptop: Model: Asus ROG Zephyrus G14 CPU: Ryzen 9 5900HS GPU: RTX 3060 RAM: 16GB @3200 MHz Old PC: CPU: Intel i7 8700K @4.9 GHz/1.315v RAM: 32GB G.Skill Trident Z CL16 3200 MHz Mobo: Asus Prime Z370-A Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 14, 2018 10 minutes ago, Emberstone said: I meant that the word has connotations of very bad things, not that you actually are a nuclear engineer (joke was not received seemingly). Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 14, 2018 /goes off to buy a Core2Duo.... Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 14, 2018 7 minutes ago, ScratchCat said: I meant that the word has connotations of very bad things I just think these names are far too spooky and doomsday'ish when they're just problems that, to my knowledge, have never been exploited outside of a lab. Current Build: CPU: Ryzen 7 5800X3D GPU: RTX 3080 Ti FE RAM: 32GB G.Skill Trident Z CL16 3200 MHz Mobo: Asus Tuf X570 Plus Wifi CPU Cooler: NZXT Kraken X53 PSU: EVGA G6 Supernova 850 Case: NZXT S340 Elite Current Laptop: Model: Asus ROG Zephyrus G14 CPU: Ryzen 9 5900HS GPU: RTX 3060 RAM: 16GB @3200 MHz Old PC: CPU: Intel i7 8700K @4.9 GHz/1.315v RAM: 32GB G.Skill Trident Z CL16 3200 MHz Mobo: Asus Prime Z370-A Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 14, 2018 At this point I think no one cares about security anymore, they continue doing research just for the sake of naming things Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 14, 2018 well yeah. when you keep hammering away at something you're going to find weaknesses and vulnerabilities. nothing is as secure as people think. ◒ ◒ Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 14, 2018 Why do these codenames sound like Tom Clancy was storyboarding? Cor Caeruleus Reborn v6 Spoiler CPU: Intel - Core i7-8700K CPU Cooler: be quiet! - PURE ROCK Thermal Compound: Arctic Silver - 5 High-Density Polysynthetic Silver 3.5g Thermal Paste Motherboard: ASRock Z370 Extreme4 Memory: G.Skill TridentZ RGB 2x8GB 3200/14 Storage: Samsung - 850 EVO-Series 500GB 2.5" Solid State Drive Storage: Samsung - 960 EVO 500GB M.2-2280 Solid State Drive Storage: Western Digital - Blue 2TB 3.5" 5400RPM Internal Hard Drive Storage: Western Digital - BLACK SERIES 3TB 3.5" 7200RPM Internal Hard Drive Video Card: EVGA - 970 SSC ACX (1080 is in RMA) Case: Fractal Design - Define R5 w/Window (Black) ATX Mid Tower Case Power Supply: EVGA - SuperNOVA P2 750W with CableMod blue/black Pro Series Optical Drive: LG - WH16NS40 Blu-Ray/DVD/CD Writer Operating System: Microsoft - Windows 10 Pro OEM 64-bit and Linux Mint Serena Keyboard: Logitech - G910 Orion Spectrum RGB Wired Gaming Keyboard Mouse: Logitech - G502 Wired Optical Mouse Headphones: Logitech - G430 7.1 Channel Headset Speakers: Logitech - Z506 155W 5.1ch Speakers Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 15, 2018 38 minutes ago, SpaceGhostC2C said: At this point I think no one cares about security anymore, they continue doing research just for the sake of naming things People will care when this corporation got data breach because they forgot to patch the vulnerability software or hardware that was released ages ago. So saying no one cares about security anymore is stupidity and foolish like going on vacation without locking your door and your garage. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 15, 2018 We'll end up with variant 10 vulnerabilities by the end of this year. There is more that meets the eye I see the soul that is inside Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 15, 2018 inb4 we go back to pentium 4 era of performance just from security patches XD "If a Lobster is a fish because it moves by jumping, then a kangaroo is a bird" - Admiral Paulo de Castro Moreira da Silva "There is nothing more difficult than fixing something that isn't all the way broken yet." - Author Unknown Spoiler Intel Core i7-3960X @ 4.6 GHz - Asus P9X79WS/IPMI - 12GB DDR3-1600 quad-channel - EVGA GTX 1080ti SC - Fractal Design Define R5 - 500GB Crucial MX200 - NH-D15 - Logitech G710+ - Mionix Naos 7000 - Sennheiser PC350 w/Topping VX-1 Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 15, 2018 2 minutes ago, captain_to_fire said: We'll end up with variant 10 vulnerabilities by the end of this year. How many performance will it impact? Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 15, 2018 1 minute ago, DaPhuc said: People will care when this corporation got data breach because they forgot to patch the vulnerability software or hardware that was released ages ago. So saying no one cares about security anymore is stupidity and foolish like going on vacation without locking your door and your garage. It was a joke about researchers, not an assessment of the general public's interests. I recommend stupidity and foolishness to be checked at the door when reading jokes. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 15, 2018 2 minutes ago, SpaceGhostC2C said: It was a joke about researchers, not an assessment of the general public's interests. I recommend stupidity and foolishness to be checked at the door when reading jokes. Maybe I have no sense of humor because I don't see that statement was a joke. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 15, 2018 Someone do a zero day exploit, please. Shut down the players that be. Mobo: Z97 MSI Gaming 7 / CPU: i5-4690k@4.5GHz 1.23v / GPU: EVGA GTX 1070 / RAM: 8GB DDR3 1600MHz@CL9 1.5v / PSU: Corsair CX500M / Case: NZXT 410 / Monitor: 1080p IPS Acer R240HY bidx Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 15, 2018 27 minutes ago, DaPhuc said: How many performance will it impact? It depends if patching the said vulnerabilities will cause significant performance penalties like the one with Meltdown (variant 3). That's why software mitigations is another alternative if the microcode update can lead to serious performance hits. Quote ...most leading browser providers deployed mitigations for Variant 1 in their managed runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a web browser. These mitigations are also applicable to Variant 4 and available for consumers to use today... So those mitigations are in place to make it more difficult to exploit CPU vulnerabilities like Spectre and Meltdown There is more that meets the eye I see the soul that is inside Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 15, 2018 47 minutes ago, captain_to_fire said: It depends if patching the said vulnerabilities will cause significant performance penalties like the one with Meltdown (variant 3). That's why software mitigations is another alternative if the microcode update can lead to serious performance hits. So those mitigations are in place to make it more difficult to exploit CPU vulnerabilities like Spectre and Meltdown This is hardware architecture vulnerability, so alternative software patch only provide partial protection if the main black hole is still open. Microcode is needed to patch the main black hole, but the cost is performance impact. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now