chaosmassiveone after another, Intel just wont get a break these days....

Intel these days is releasing CPU microcode updates faster than King updates Candy Crush with new offline banner ads.

TheTechGuy1337You guys act like Intel or any company has all the answers. They don't. One group does not know everything. Be it Intel or AMD or any other company out there. There will be security holes somewhere. That is the price of having a device that can connect to the internet or can communicate to someone remotely. None of this information gets leaked to the public without that specific company knowing about it before hand. They already have a fix for it. IT professionals only care about a solution to the problem. If there isn't one, then we need to have a conversation, but if they have already patched the issue. No complaints from me.

Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds. Foreshadow has two versions, the original attack designed to extract data from SGX enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory.

Who reported this vulnerability?

Foreshadow was independently and concurrently discovered by two teams:

• Jo Van Bulck, Frank Piessens, Raoul Strackx (imec-DistriNet, KU Leuven).
• Marina Minkin, Mark Silberstein (Technion), Ofir Weisse, Daniel Genkin, Baris Kasikci, Thomas F. Wenisch (University of Michigan), Yuval Yarom (University of Adelaide and CSIRO's Data61).
• The KU Leuven authors discovered the vulnerability, independently developed the attack, and first notified Intel on January 3, 2018. Their work was done independently from and concurrently to other recent x86 speculative execution vulnerabilities, notably Meltdown and Spectre.
• The authors from Technion, University of Michigan, the University of Adelaide and CSIRO's Data61 independently discovered and reported the vulnerability and associated attack to Intel during the embargo period on January 23, 2018.

8/14/18
As in the case with Meltdown, we believe our processors are not susceptible to the new speculative execution attack variants called Foreshadow or Foreshadow-NG due to our hardware paging architecture protections. We are advising customers running AMD EPYC™ processors in their datacenters, including in virtualized environments, to not implement Foreshadow-related software mitigations for their AMD platforms.

Prince ValiantSome of these have affected performance and Intel hasn't been speedy about pushing fixes across the board.

HD64GSo, Intel is faster partly due to their zero interest for security when designing cpus and now that their products are found vulnerable in many fronts and are getting slower month by month as being patched, they try to compensate somehow for their bad security strategy by giving away bounties that are priced 1/1000000 of their yearly revenue from selling those and that is still commendable to some people. Keep getting milked then, as another intel cpu is coming soon on sale.

HTCTo be fair, AMD is also affected, mainly by spectre variant attacks. While most of these attacks don't hit the general user much, it leaves big companies subject to performance losses due to mitigations and those losses are adding up.

That said, BOTH companies need to address these issues, on a hardware level, as soon as possible.

TheTechGuy1337Finally, someone that understands both sides of the fence. All tech companies will have security issues eventually. Why? Because of innovation. There is no perfect solution. This is why things get patched on the daily. Humans are not perfect. There is no one company to rule them all. We keep fixing an item until it is as good as it can be. It is up to the buyers and community to hold these companies accountable for their products. As long as we do that, then everyone gets the benefits.

HTCWe are advising customers running AMD EPYC™ processors in their datacenters, including in virtualized environments, to not implement Foreshadow-related software mitigations for their AMD platforms

chaosmassivewow that sneaky marketing there, gotta use it for ads whatever exposures you get

JoniISkandartake example of drag race,, intel is same people trying to push very high speed Bike with minimum security concern.

same as intel avoid 7 generation of their Core series Architecture flaw, the bug is on Hardware based, AMD is on different animal, not the same, Ryzen is newly fresh Architecture unlike Core series which is from more than decade ago,, as anything report AMD is very minimal impact compare to Intel, that cant be FIXED by software, they making patch for this, is same when your car tire broken and just add temporary patch before actual HARDWARE level fix applied aka replacing the architecture

JismBecause it's proberly unnecessary to apply a patch for the TR/RY platform, that is the message. And if you do it might cost you performance while it's not needed.

AMD has the better product, period.

TheTechGuy1337Besides performance loss on synthetic benchmarks. Give me a real world example of performance loss to the average daily usage of users? I manage over 1,000 devices at my workplace and some of those pc's are 10 years old. The older ones didn't even receive security updates. They are too far past their prime for Intel to care about them. All of our newer equipment has the latest updates. Guess how many people complained about performance drops? This is including our development teams that require high end machines to do their daily task. Not a single person. I could care less if someone loses 3 fps in a game. Only people pushing their machines or have extremely low end machines would ever see an issue. And when I say low end. I'm talking single core processors.

John NaylorI'm still waiting for the news of the 1st horror story of "look what happened to me " with regard to any of these flaws.

TheGuruStudIn fact, just got word...a huge fortune 500 is going AMD from this circus of intel flaws.

TheGuruStud~25% is huge hit in VMs (and who know how much more now). In fact, just got word...a huge fortune 500 is going AMD from this circus of intel flaws.

HTCIncorrect: AMD has the better implementation of speculative execution but, as evidenced by the spectre variants, AMD's approach has issues as well.

JismYes, but did that impact AMD worse on performance compared to Intel?

I dont think so. And how many micro-code updates did Intel CPU's had by now. As written above consumers dont really get much out of those updates which could tamper performance, but on large (DC) scale a 5 up to 15% hit is considered as very huge.

R-T-BTalk to datacenter admins.



You know, I'm pretty sure if that were true for a second you wouldn't be withholding the name...