• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Intel-only Spoiler vulnerability disclosed. Tech press response: 'crickets'

Joined
Jan 15, 2015
Messages
192 (0.12/day)
Likes
95
#1
Today, Tom's posted an update about the very poorly-named Spoiler (very easy to hide in searches, since there are a billion unrelated results for the word).

Prior to that, the only coverage was from a very small number of tech sites, with no updates since (except on one security-related site).

Something really smells. Not only is it named in a manner that makes it really easy to obfuscate, unlike Spectre in particular, something as serious as this one should have been front page on every tech site worth its salt. I'm actually surprised that Tom's posted its lone update article, with AMD's response.

Let's see:

1) Has existed since Core Duo.
2) Has been used in the wild already.
3) Can't be patched with software (unless, apparently, if you're talking about a massive slowdown).
4) Only exists on Intel CPUs.

Did I forget anything? I'm writing this from memory, since the only coverage (other than Tom's latest bit) was from like TWO WEEKS ago. Meanwhile, various sites have treated us to thinly-veiled marketing banality like "Best GPU for 2019".
 
Joined
Jan 15, 2015
Messages
192 (0.12/day)
Likes
95
#3
Hackaday (Mar 13) was the only one I saw that didn't post in the initial round of coverage:

https://hackaday.com/2019/03/13/spoiler-use-after-free-and-ghidra-this-week-in-computer-security/

However, apparently Finance Daily also missed the initial coverage:

https://www.fidaily.com/news/new-spoiler-vulnerability-in-all-intel-core-processors-exposed/

However, the point here is:

1) The bulk of coverage, or at least half, was from not from mainstream enthusiast tech sites, e.g. The Register, the Independent, various financial sites, and security sites. (I was a bit unclear in my statement in the opening post, where I implied that the only coverage was on tech sites. The point was that only a very small number of sites covered it and some of those sites are fairly fringe.)

2) Most of the tech sites have neglected to cover it entirely!
 
Joined
Oct 22, 2014
Messages
6,963 (4.24/day)
Likes
4,136
Location
Sunshine Coast
System Name Black Box
Processor Intel Xeon E5-2680 10c/20t 2.8GHz @ 3.0GHz
Motherboard Asrock X79 Extreme 11
Cooling Coolermaster 240 RGB A.I.O.
Memory G. Skill 16Gb (4x4Gb) 2133Mhz
Video Card(s) Nvidia GTX 710
Storage Sandisk X 400 256Gb
Display(s) AOC 22" Freesync 1m.s. 75Hz
Case Corsair 450D High Air Flow.
Audio Device(s) No need.
Power Supply FSP Aurum 650W
Mouse Yes
Keyboard Of course
Software W10 Home Premium 64 bit
#4
What update, you failed to answer the question.
 
Joined
Mar 10, 2015
Messages
1,440 (0.96/day)
Likes
957
System Name Wut?
Processor 4770K @ Stock
Motherboard MSI Z97 Gaming 7
Cooling Water
Memory 16GB DDR3 2400
Video Card(s) Vega 56
Storage Samsung 840 Pro 256GB
Display(s) 3440 x 1440
Case Thermaltake T81
Power Supply Seasonic 750 Watt Gold
#6
Joined
May 13, 2010
Messages
4,842 (1.48/day)
Likes
2,159
System Name RemixedBeast-NX
Processor Intel Xeon E5-2650 @ 2.2Ghz (8C/16T)
Motherboard Dell Inc. 08HPGT (CPU 1)
Cooling Dell Standard
Memory 32GB ECC
Video Card(s) EVGA Nvidia GTX 650 Ti SSC 1GB
Storage 500GB Samsung 850//2TB WD Black
Display(s) Samsung SyncMaster P2350 23in @ 1920x1080 + Dell E2013H 20 in @1600x900
Case Dell Precision T3600 Chassis
Audio Device(s) Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DAC
Power Supply 630w Dell T3600 PSU
Mouse Logitech G700s/G502
Keyboard Logitech K740
Software Windows Server 2012 x64 Standard
Benchmark Scores Network: APs: Cisco Meraki MR32, Ubiquiti Unifi AP-AC-LR and Lite Router/Sw:Meraki MX64 MS220-8P
#8
people are now getting numb to all this and not caring anymore :(
 
Joined
Jan 15, 2015
Messages
192 (0.12/day)
Likes
95
#9
people are now getting numb to all this and not caring anymore :(
No one has made an obnoxious graphic, yet, right? The sarcastic ghost was really irritating.

Part of the trouble, though, is the horrendous naming. The other part is people in the tech press, and the press in general, having incentives not to care. We wouldn't want Intel to deny sites early access to things like engineering samples, eh?

Was this the update you were referring?
Yes, although it wasn't an update. It was just them being late to the coverage. The point there was that I didn't see really anything after the initial small coverage, except for a small number of stragglers. Perhaps part of the trouble is Google's News aggregation but I saw nothing from sites that I frequent like Anandtech, Extremetech, etc.
 
Joined
Dec 22, 2011
Messages
2,761 (1.03/day)
Likes
1,617
System Name Zimmer Frame Rates
Processor Intel i7 920 @ Stock speeds baby
Motherboard EVGA X58 3X SLI
Cooling True 120
Memory Corsair Vengeance 12GB
Video Card(s) Palit GTX 980 Ti Super JetStream
Storage Of course
Display(s) Crossover 27Q 27" 2560x1440
Case Antec 1200
Audio Device(s) Don't be silly
Power Supply XFX 650W Core
Mouse Razer Deathadder Chroma
Keyboard Logitech UltraX
Software Windows 10
Benchmark Scores Epic
#10
Yeah, I've dodged this bullet for ten years.
 
Joined
Jul 25, 2006
Messages
5,173 (1.11/day)
Likes
3,480
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
#11
people are now getting numb to all this and not caring anymore
Especially since these silicon level vulnerabilities are extremely difficult to exploit on systems deployed in real-world scenarios. All the reports say a bad guy "could" do this or a bad guy "might" be able to do that "if", "if" and "if" he or she was able to get past "this", already has access to "that", and is able to do "this" and "that" without ever being detected, caught or blocked.

I certainly don't like these vulnerabilities, but they have not dissuaded me from buying Intel. The way I see it, these discoveries give the processor makers an opportunity to make the processors betters. And while these vulnerabilities "could" allow some very malicious activities, I personally, and honestly believe the worse damage is done by the attention seeking IT media blowing the threat way out of proportion - over and over again.
 
Joined
Sep 17, 2014
Messages
8,500 (5.06/day)
Likes
7,552
Location
Duiven, Netherlands
Processor i7 8700k 4.7Ghz @ 1.26v
Motherboard AsRock Fatal1ty K6 Z370
Cooling beQuiet! Dark Rock Pro 3
Memory 16GB Corsair Vengeance LPX 3200/C16
Video Card(s) MSI GTX 1080 Gaming X @ 2100/5500
Storage Samsung 850 EVO 1TB + Samsung 830 256GB + Crucial BX100 250GB + Toshiba 1TB HDD
Display(s) Eizo Foris FG2421
Case Fractal Design Define C TG
Power Supply EVGA G2 750w
Mouse Logitech G502 Protheus Spectrum
Keyboard Sharkoon MK80 (Brown)
Software W10 x64
#12
Especially since these silicon level vulnerabilities are extremely difficult to exploit on systems deployed in real-world scenarios. All the reports say a bad guy "could" do this or a bad guy "might" be able to do that "if", "if" and "if" he or she was able to get past "this", already has access to "that", and is able to do "this" and "that" without ever being detected, caught or blocked.

I certainly don't like these vulnerabilities, but they have not dissuaded me from buying Intel. The way I see it, these discoveries give the processor makers an opportunity to make the processors betters. And while these vulnerabilities "could" allow some very malicious activities, I personally, and honestly believe the worse damage is done by the attention seeking IT media blowing the threat way out of proportion - over and over again.
This. People generally tend to forget the bigger picture. I'm of the exact same opinion. I do patch my systems to mitigate, like I patch everything in terms of security, but its not like I'm avoiding any brand because 'its full of leaks'.

Full security never exists, when you have the basics in order, the best security is not being an interesting target; then you're just a drop in the ocean anyway and you are covered by banks, government and suppliers of applications as you've done your part. Stuff still happens, as long as damage is covered, no need to worry. Sometimes its best to stop fencing off the tiny little garden and look across the street for other options. Insurance is one of them. Regular backups is another, and there are many more.
 
Joined
Mar 10, 2010
Messages
6,225 (1.87/day)
Likes
2,382
Location
Manchester uk
System Name RyzenGtEvo
Processor Amd R5 2600X@4.1
Motherboard Crosshair hero7 @bios 1201
Cooling 360EK extreme rad+ 360$EK slim all push, cpu Monoblock Gpu full cover all EK
Memory Gigabyte Aurus Rgb 16Gb in two sticks.
Video Card(s) Sapphire refference Rx vega 64 waterblockedEK
Storage Samsung Nvme Pg981 samsung 840, WD 1Tb+2Tb +3Tbgrn, 1tb seagate sshd hybrid(games)
Display(s) Samsung uea28"850R 4k freesync, LG 49" 4K 60hz ,Oculus
Case Lianli p0-11 dynamic
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro
Power Supply corsair 1200Hxi
Mouse Roccat Kova
Keyboard Roccat Iksu force fx
Software Win 10 Pro
Benchmark Scores 8056 vega 3dmark timespy
#13
Especially since these silicon level vulnerabilities are extremely difficult to exploit on systems deployed in real-world scenarios. All the reports say a bad guy "could" do this or a bad guy "might" be able to do that "if", "if" and "if" he or she was able to get past "this", already has access to "that", and is able to do "this" and "that" without ever being detected, caught or blocked.

I certainly don't like these vulnerabilities, but they have not dissuaded me from buying Intel. The way I see it, these discoveries give the processor makers an opportunity to make the processors betters. And while these vulnerabilities "could" allow some very malicious activities, I personally, and honestly believe the worse damage is done by the attention seeking IT media blowing the threat way out of proportion - over and over again.
Well with winrar and chromes recent zero days ,one spread over 15 years people's security is certainly at risk.
It is not just scare mongering. Imho.
 
Joined
Mar 29, 2014
Messages
28 (0.02/day)
Likes
13
#14
This. People generally tend to forget the bigger picture. I'm of the exact same opinion. I do patch my systems to mitigate, like I patch everything in terms of security, but its not like I'm avoiding any brand because 'its full of leaks'.

Full security never exists, when you have the basics in order, the best security is not being an interesting target; then you're just a drop in the ocean anyway and you are covered by banks, government and suppliers of applications as you've done your part. Stuff still happens, as long as damage is covered, no need to worry. Sometimes its best to stop fencing off the tiny little garden and look across the street for other options. Insurance is one of them. Regular backups is another, and there are many more.
Maybe not for us consumers, but a data center getting ready to spend half a million on processors alone? This is where it it matters. You think the NSA wants to use vulnerable tech? I think not.
 
Joined
Sep 17, 2014
Messages
8,500 (5.06/day)
Likes
7,552
Location
Duiven, Netherlands
Processor i7 8700k 4.7Ghz @ 1.26v
Motherboard AsRock Fatal1ty K6 Z370
Cooling beQuiet! Dark Rock Pro 3
Memory 16GB Corsair Vengeance LPX 3200/C16
Video Card(s) MSI GTX 1080 Gaming X @ 2100/5500
Storage Samsung 850 EVO 1TB + Samsung 830 256GB + Crucial BX100 250GB + Toshiba 1TB HDD
Display(s) Eizo Foris FG2421
Case Fractal Design Define C TG
Power Supply EVGA G2 750w
Mouse Logitech G502 Protheus Spectrum
Keyboard Sharkoon MK80 (Brown)
Software W10 x64
#15
Maybe not for us consumers, but a data center getting ready to spend half a million on processors alone? This is where it it matters. You think the NSA wants to use vulnerable tech? I think not.
Absolutely, but when I post here, I'm a consumer ;)
 
Joined
Oct 17, 2014
Messages
2,316 (1.40/day)
Likes
1,072
Location
USA
System Name $170 family PC, rest was reused old parts.
Processor Ryzen Athlon 200GE @ 3.2Ghz ($55)
Motherboard Biostar A320M Pro ($42)
Memory 8gb (2x4) DDR4 2666 CAS 15-15-15 ($63)
Video Card(s) Vega 3 Integrated
Storage 120GB SSD
Display(s) AOC 22V2H 21.5" Frameless 75hz Freesync
Case Thermaltake View 22
Audio Device(s) Schiit Modi 3 + Custom Tube Amp + Sennheiser HD58X
Power Supply Corsair 750w Bronze
Mouse Roccat Kone AIMO
Keyboard Logitech G610+ Cherry MX Red
Software Ubuntu
#16
I already decided like 3 months ago I am doing Ryzen 3700x at launch for my next build. Intel got lazy for to long.
 
Joined
Jul 25, 2006
Messages
5,173 (1.11/day)
Likes
3,480
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
#17
It is not just scare mongering. Imho.
Then where are all the infected people?

Well with winrar and chromes recent zero days ,one spread over 15 years people's security is certainly at risk.
It is not just scare mongering. Imho.
:( The WinRAR and Chrome vulnerabilities have absolutely nothing to do with those Intel processor vulnerabilities. So why bring them up here?

IMO, it is that type of illogical association in blogs, news articles and forums that not only is scare-mongering, but fuels further misinformation - the snow-balling of such scare-mongering.

Yes, the WinRAR and Chrome vulnerabilities were bad and did put people at risk. But they have nothing to do with the brand or model of processor the user has.
 
Joined
Nov 4, 2005
Messages
10,244 (2.08/day)
Likes
2,657
System Name MoFo 2
Processor AMD PhenomII 1100T @ 4.2Ghz
Motherboard Asus Crosshair IV
Cooling Swiftec 655 pump, Apogee GT,, MCR360mm Rad, 1/2 loop.
Memory 8GB DDR3-2133 @ 1900 8.9.9.24 1T
Video Card(s) HD7970 1250/1750
Storage Agility 3 SSD 6TB RAID 0 on RAID Card
Display(s) 46" 1080P Toshiba LCD
Case Rosewill R6A34-BK modded (thanks to MKmods)
Audio Device(s) ATI HDMI
Power Supply 750W PC Power & Cooling modded (thanks to MKmods)
Software A lot.
Benchmark Scores Its fast. Enough.
#18
So we find that Intel purposefully used flawed security to increase the performance of CPUs while AMD didn't.

Not many tech sites are willing to call out the biggest CPU manufacturing company for mistakes they made to get ahead of their competition when many of those chips were praised for their performance.

At the end of the day it's a risk that most people would take without caring, so doesn't really matter? Not until it does.
 

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
8,000 (1.55/day)
Likes
10,058
Location
Dorset where else eh? >>> Thats ENGLAND<<<
#19
Especially since these silicon level vulnerabilities are extremely difficult to exploit on systems deployed in real-world scenarios. All the reports say a bad guy "could" do this or a bad guy "might" be able to do that "if", "if" and "if" he or she was able to get past "this", already has access to "that", and is able to do "this" and "that" without ever being detected, caught or blocked.

I certainly don't like these vulnerabilities, but they have not dissuaded me from buying Intel.
These Intel (and Amd) CPU vulnabilitys and exploits are like your Wife/girlfriend
Can be exploited and infected (pregnent) on a hardware hands on vector. but not at a distance

Sorry bill for quoting you nothing personal
 
Joined
Mar 10, 2015
Messages
1,440 (0.96/day)
Likes
957
System Name Wut?
Processor 4770K @ Stock
Motherboard MSI Z97 Gaming 7
Cooling Water
Memory 16GB DDR3 2400
Video Card(s) Vega 56
Storage Samsung 840 Pro 256GB
Display(s) 3440 x 1440
Case Thermaltake T81
Power Supply Seasonic 750 Watt Gold
#20
Then where are all the infected people?
I understand people view these vulnerabilities on a per user basis but I don't feel that is the right approach. The average user has a very small percentage of chance of being directly affected by these flaws on a personal attack vector, as in your home pc.

However, Intel CPUs likely dominate the datacenter market and everyone's data is contained there many times over. I would be willing to make a large bet that 99% of people have some amount of personal data contained in data centers powered by Intel CPUs. That data, has a considerable amount of risk.

Only looking at this from a personal user standpoint is really ignoring the pink elephant in the room even though there isn't much that can be done about it.

EDIT:

Can be exploited and infected (pregnent) on a hardware hands on vector. but not at a distance
This is completely false. You do not need physical access.
 

Solaris17

Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
20,355 (4.07/day)
Likes
7,777
Location
Florida
System Name Venslar
Processor I9 7980XE
Motherboard MSI x299 Tomahawk Arctic
Cooling EK Custom
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Nvidia Titan RTX
Storage 2x 2TB Micron SSDs | 1x ADATA 128SSD | 1x Drevo 256SSD | 1x 1TB 850 EVO | 1x 250GB 960 EVO
Display(s) 3x AOC Q2577PWQ (2k IPS)
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Realtek ALC 1220 on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6 Snow White
Software Windows 10 x64 Pro
#21
Part of the trouble, though, is the horrendous naming
Wait. If you frequent security related sites then you should already know that the people that find the exploits are generally the ones that name them. Not the company it pertains too.
 
Joined
Jul 25, 2006
Messages
5,173 (1.11/day)
Likes
3,480
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
#22
So we find that Intel purposefully used flawed security
Purposefully? Yeah right. Talk about scare-mongering. :kookoo: :rolleyes:
Not many tech sites are willing to call out the biggest CPU manufacturing company
Right. Because Intel has them all in their pockets? I guess this (tech sites unwilling to call them out) is why we have rarely seen this problem reported. :rolleyes:

I understand people view these vulnerabilities on a per user basis but I don't feel that is the right approach. The average user has a very small percentage of chance of being directly affected by these flaws on a personal attack vector, as in your home pc.
Exactly. Yet home users are the ones being targeted (intentionally or not) by all this scare-mongering. :(
However, Intel CPUs likely dominate the datacenter market and everyone's data is contained there many times over. I would be willing to make a large bet that 99% of people have some amount of personal data contained in data centers powered by Intel CPUs. That data, has a considerable amount of risk.
If that data is at such risk from these vulnerabilities, where are all the breaches that have been attributed to these flaws?

It is possible a drunk can hop the curb, knock down a tree, drive across three lawns and run into my front porch. Does that mean standing on my front porch imposes a considerable amount of risk and therefore, I should move? I could happen. We even had a drunk flip her car in front of my house before.

Just because very serious vulnerabilities exist, that does not mean they are easy to exploit - even if being targeted by clever badguys. It would be extremely difficult for any bad guy to exploit these Intel vulnerabilities even in a data center - if for no other reason, they have to gain access to the CPU. It would almost have to be an inside job. Possible? Yes. Likely? No.

If you research all the major data center breaches, I bet you will find each and every one was due to human error/negligence. The Equifax one for example. The vulnerability was discovered months before the hack. The software developers even developed and distributed the necessary patch - Equifax IT people had it! But what happened? The system administrators never applied it and the information and security executives failed in their duties to secure and protect the data. Heck, all that stored personal data wasn't even encrypted! :mad: :banghead: How stupid was that?

These Intel (and Amd) CPU vulnabilitys and exploits are like your Wife/girlfriend
Can be exploited and infected (pregnent) on a hardware hands on vector. but not at a distance

Sorry bill for quoting you nothing personal
LOL Good thing I got rid of the wife then - and just to make sure with the girlfriend, got the snip snip procedure done too! :D
 
Joined
Mar 10, 2015
Messages
1,440 (0.96/day)
Likes
957
System Name Wut?
Processor 4770K @ Stock
Motherboard MSI Z97 Gaming 7
Cooling Water
Memory 16GB DDR3 2400
Video Card(s) Vega 56
Storage Samsung 840 Pro 256GB
Display(s) 3440 x 1440
Case Thermaltake T81
Power Supply Seasonic 750 Watt Gold
#23
If that data is at such risk from these vulnerabilities, where are all the breaches that have been attributed to these flaws?
You and I both know potential reasons for that.
  1. The entry vector is not known.
  2. The entry vector was not disclosed because there is no fix so disclosing the entry vector increases awareness of the issue.
  3. They don't know they have been breached.
  4. Others?
Edit:

Also, you may be right that it has not been exploited but I believe other articles state it was exploited.

It is possible a drunk can hop the curb, knock down a tree, drive across three lawns and run into my front porch. Does that mean standing on my front porch imposes a considerable amount of risk and therefore, I should move? I could happen. We even had a drunk flip her car in front of my house before.

Just because very serious vulnerabilities exist, that does not mean they are easy to exploit - even if being targeted by clever badguys. It would be extremely difficult for any bad guy to exploit these Intel vulnerabilities even in a data center - if for no other reason, they have to gain access to the CPU. It would almost have to be an inside job. Possible? Yes. Likely? No.

If you research all the major data center breaches, I bet you will find each and every one was due to human error/negligence. The Equifax one for example. The vulnerability was discovered months before the hack. The software developers even developed and distributed the necessary patch - Equifax IT people had it! But what happened? The system administrators never applied it and the information and security executives failed in their duties to secure and protect the data. Heck, all that stored personal data wasn't even encrypted! :mad::banghead: How stupid was that?
Humans are most definitely the biggest issue. And to be clear, I am not disagreeing with your principles but to shovel these under the rug is bad policy.
 
Joined
Mar 10, 2010
Messages
6,225 (1.87/day)
Likes
2,382
Location
Manchester uk
System Name RyzenGtEvo
Processor Amd R5 2600X@4.1
Motherboard Crosshair hero7 @bios 1201
Cooling 360EK extreme rad+ 360$EK slim all push, cpu Monoblock Gpu full cover all EK
Memory Gigabyte Aurus Rgb 16Gb in two sticks.
Video Card(s) Sapphire refference Rx vega 64 waterblockedEK
Storage Samsung Nvme Pg981 samsung 840, WD 1Tb+2Tb +3Tbgrn, 1tb seagate sshd hybrid(games)
Display(s) Samsung uea28"850R 4k freesync, LG 49" 4K 60hz ,Oculus
Case Lianli p0-11 dynamic
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro
Power Supply corsair 1200Hxi
Mouse Roccat Kova
Keyboard Roccat Iksu force fx
Software Win 10 Pro
Benchmark Scores 8056 vega 3dmark timespy
#24
Then where are all the infected people?

:( The WinRAR and Chrome vulnerabilities have absolutely nothing to do with those Intel processor vulnerabilities. So why bring them up here?

IMO, it is that type of illogical association in blogs, news articles and forums that not only is scare-mongering, but fuels further misinformation - the snow-balling of such scare-mongering.

Yes, the WinRAR and Chrome vulnerabilities were bad and did put people at risk. But they have nothing to do with the brand or model of processor the user has.
IMO your being hyperbolic.

What I meant but didn't clearly state is that the Hands on Admin level access many of these exploits need can possibly be got at through other software security issues.
Attack vectors are stacking and most nefarious hacker's use a plethora of vectors together not one.

So as winrar and chrome demonstrated ,who the Fff knows what a hacker could be doing via some undisclosed security issue.
 
Joined
Jul 25, 2006
Messages
5,173 (1.11/day)
Likes
3,480
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
#25
IMO your being hyperbolic.
Me?

Again, just because there is the potential for something, that does not mean it is likely to happen. Yet you suggest it is by bringing up totally unrelated vulnerabilities in a couple software programs. That's not exaggerating the issue?

Also, you may be right that it has not been exploited but I believe other articles state it was exploited.
Oh? You believe? Got a link?
but to shovel these under the rug is bad policy.
I totally agree. And I'm definitely not doing that. I think I proved that by criticizing the Equifax IT and execs for doing just that (ignoring the threat/shoving it under the rug).

But the opposite extreme, that is exaggerating the threat and scare-mongering, is equally bad.

Users cannot ignore bad guys are out there. That is why we all must keep our operating systems and security software current. We should all be behind a router too - even with networks of just 1 computer. And we must not be "click-happy on unsolicited downloads, links, attachments and popups.
 
Top