• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Intel-only Spoiler vulnerability disclosed. Tech press response: 'crickets'

Joined
Jan 15, 2015
Messages
362 (0.11/day)
Today, Tom's posted an update about the very poorly-named Spoiler (very easy to hide in searches, since there are a billion unrelated results for the word).

Prior to that, the only coverage was from a very small number of tech sites, with no updates since (except on one security-related site).

Something really smells. Not only is it named in a manner that makes it really easy to obfuscate, unlike Spectre in particular, something as serious as this one should have been front page on every tech site worth its salt. I'm actually surprised that Tom's posted its lone update article, with AMD's response.

Let's see:

1) Has existed since Core Duo.
2) Has been used in the wild already.
3) Can't be patched with software (unless, apparently, if you're talking about a massive slowdown).
4) Only exists on Intel CPUs.

Did I forget anything? I'm writing this from memory, since the only coverage (other than Tom's latest bit) was from like TWO WEEKS ago. Meanwhile, various sites have treated us to thinly-veiled marketing banality like "Best GPU for 2019".
 
Joined
Mar 10, 2015
Messages
3,984 (1.21/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
What security related site had an update?
 
Joined
Jan 15, 2015
Messages
362 (0.11/day)
Hackaday (Mar 13) was the only one I saw that didn't post in the initial round of coverage:

https://hackaday.com/2019/03/13/spoiler-use-after-free-and-ghidra-this-week-in-computer-security/

However, apparently Finance Daily also missed the initial coverage:

https://www.fidaily.com/news/new-spoiler-vulnerability-in-all-intel-core-processors-exposed/

However, the point here is:

1) The bulk of coverage, or at least half, was from not from mainstream enthusiast tech sites, e.g. The Register, the Independent, various financial sites, and security sites. (I was a bit unclear in my statement in the opening post, where I implied that the only coverage was on tech sites. The point was that only a very small number of sites covered it and some of those sites are fairly fringe.)

2) Most of the tech sites have neglected to cover it entirely!
 
Joined
Oct 22, 2014
Messages
13,210 (3.83/day)
Location
Sunshine Coast
System Name Black Box
Processor Intel Xeon E3-1260L v5
Motherboard MSI E3 KRAIT Gaming v5
Cooling Tt tower + 120mm Tt fan
Memory G.Skill 16GB 3600 C18
Video Card(s) Asus GTX 970 Mini
Storage Kingston A2000 512Gb NVME
Display(s) AOC 24" Freesync 1m.s. 75Hz
Case Corsair 450D High Air Flow.
Audio Device(s) No need.
Power Supply FSP Aurum 650W
Mouse Yes
Keyboard Of course
Software W10 Pro 64 bit
What update, you failed to answer the question.
 
Joined
Mar 10, 2015
Messages
3,984 (1.21/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Joined
May 13, 2010
Messages
5,632 (1.11/day)
System Name RemixedBeast-NX
Processor Intel Xeon E5-2690 @ 2.9Ghz (8C/16T)
Motherboard Dell Inc. 08HPGT (CPU 1)
Cooling Dell Standard
Memory 24GB ECC
Video Card(s) Gigabyte Nvidia RTX2060 6GB
Storage 2TB Samsung 860 EVO SSD//2TB WD Black HDD
Display(s) Samsung SyncMaster P2350 23in @ 1920x1080 + Dell E2013H 20 in @1600x900
Case Dell Precision T3600 Chassis
Audio Device(s) Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DAC
Power Supply 630w Dell T3600 PSU
Mouse Logitech G700s/G502
Keyboard Logitech K740
Software Linux Mint 20
Benchmark Scores Network: APs: Cisco Meraki MR32, Ubiquiti Unifi AP-AC-LR and Lite Router/Sw:Meraki MX64 MS220-8P
people are now getting numb to all this and not caring anymore :(
 
Joined
Jan 15, 2015
Messages
362 (0.11/day)
people are now getting numb to all this and not caring anymore :(
No one has made an obnoxious graphic, yet, right? The sarcastic ghost was really irritating.

Part of the trouble, though, is the horrendous naming. The other part is people in the tech press, and the press in general, having incentives not to care. We wouldn't want Intel to deny sites early access to things like engineering samples, eh?

Was this the update you were referring?
Yes, although it wasn't an update. It was just them being late to the coverage. The point there was that I didn't see really anything after the initial small coverage, except for a small number of stragglers. Perhaps part of the trouble is Google's News aggregation but I saw nothing from sites that I frequent like Anandtech, Extremetech, etc.
 
Joined
Dec 22, 2011
Messages
3,890 (0.87/day)
Processor AMD Ryzen 7 3700X
Motherboard MSI MAG B550 TOMAHAWK
Cooling AMD Wraith Prism
Memory Team Group Dark Pro 8Pack Edition 3600Mhz CL16
Video Card(s) NVIDIA GeForce RTX 3080 FE
Storage Kingston A2000 1TB + Seagate HDD workhorse
Display(s) Samsung 50" QN94A Neo QLED
Case Antec 1200
Power Supply Seasonic Focus GX-850
Mouse Razer Deathadder Chroma
Keyboard Logitech UltraX
Software Windows 11
Yeah, I've dodged this bullet for ten years.
 
Joined
Jul 25, 2006
Messages
12,011 (1.86/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
people are now getting numb to all this and not caring anymore
Especially since these silicon level vulnerabilities are extremely difficult to exploit on systems deployed in real-world scenarios. All the reports say a bad guy "could" do this or a bad guy "might" be able to do that "if", "if" and "if" he or she was able to get past "this", already has access to "that", and is able to do "this" and "that" without ever being detected, caught or blocked.

I certainly don't like these vulnerabilities, but they have not dissuaded me from buying Intel. The way I see it, these discoveries give the processor makers an opportunity to make the processors betters. And while these vulnerabilities "could" allow some very malicious activities, I personally, and honestly believe the worse damage is done by the attention seeking IT media blowing the threat way out of proportion - over and over again.
 
Joined
Sep 17, 2014
Messages
20,773 (5.97/day)
Location
The Washing Machine
Processor i7 8700k 4.6Ghz @ 1.24V
Motherboard AsRock Fatal1ty K6 Z370
Cooling beQuiet! Dark Rock Pro 3
Memory 16GB Corsair Vengeance LPX 3200/C16
Video Card(s) ASRock RX7900XT Phantom Gaming
Storage Samsung 850 EVO 1TB + Samsung 830 256GB + Crucial BX100 250GB + Toshiba 1TB HDD
Display(s) Gigabyte G34QWC (3440x1440)
Case Fractal Design Define R5
Audio Device(s) Harman Kardon AVR137 + 2.1
Power Supply EVGA Supernova G2 750W
Mouse XTRFY M42
Keyboard Lenovo Thinkpad Trackpoint II
Software W10 x64
Especially since these silicon level vulnerabilities are extremely difficult to exploit on systems deployed in real-world scenarios. All the reports say a bad guy "could" do this or a bad guy "might" be able to do that "if", "if" and "if" he or she was able to get past "this", already has access to "that", and is able to do "this" and "that" without ever being detected, caught or blocked.

I certainly don't like these vulnerabilities, but they have not dissuaded me from buying Intel. The way I see it, these discoveries give the processor makers an opportunity to make the processors betters. And while these vulnerabilities "could" allow some very malicious activities, I personally, and honestly believe the worse damage is done by the attention seeking IT media blowing the threat way out of proportion - over and over again.

This. People generally tend to forget the bigger picture. I'm of the exact same opinion. I do patch my systems to mitigate, like I patch everything in terms of security, but its not like I'm avoiding any brand because 'its full of leaks'.

Full security never exists, when you have the basics in order, the best security is not being an interesting target; then you're just a drop in the ocean anyway and you are covered by banks, government and suppliers of applications as you've done your part. Stuff still happens, as long as damage is covered, no need to worry. Sometimes its best to stop fencing off the tiny little garden and look across the street for other options. Insurance is one of them. Regular backups is another, and there are many more.
 
Joined
Mar 10, 2010
Messages
11,878 (2.31/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II
Processor Amd R5 5900X/ Intel 8750H
Motherboard Crosshair hero8 impact/Asus
Cooling 360EK extreme rad+ 360$EK slim all push, cpu ek suprim Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 16Gb in four sticks./16Gb/16GB
Video Card(s) Powercolour RX7900XT Reference/Rtx 2060
Storage Silicon power 2TB nvme/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd/1Tb nvme
Display(s) Samsung UAE28"850R 4k freesync.dell shiter
Case Lianli 011 dynamic/strix scar2
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi/Asus stock
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Aimo 120
VR HMD Oculus rift
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
Especially since these silicon level vulnerabilities are extremely difficult to exploit on systems deployed in real-world scenarios. All the reports say a bad guy "could" do this or a bad guy "might" be able to do that "if", "if" and "if" he or she was able to get past "this", already has access to "that", and is able to do "this" and "that" without ever being detected, caught or blocked.

I certainly don't like these vulnerabilities, but they have not dissuaded me from buying Intel. The way I see it, these discoveries give the processor makers an opportunity to make the processors betters. And while these vulnerabilities "could" allow some very malicious activities, I personally, and honestly believe the worse damage is done by the attention seeking IT media blowing the threat way out of proportion - over and over again.
Well with winrar and chromes recent zero days ,one spread over 15 years people's security is certainly at risk.
It is not just scare mongering. Imho.
 
Joined
Mar 29, 2014
Messages
331 (0.09/day)
This. People generally tend to forget the bigger picture. I'm of the exact same opinion. I do patch my systems to mitigate, like I patch everything in terms of security, but its not like I'm avoiding any brand because 'its full of leaks'.

Full security never exists, when you have the basics in order, the best security is not being an interesting target; then you're just a drop in the ocean anyway and you are covered by banks, government and suppliers of applications as you've done your part. Stuff still happens, as long as damage is covered, no need to worry. Sometimes its best to stop fencing off the tiny little garden and look across the street for other options. Insurance is one of them. Regular backups is another, and there are many more.
Maybe not for us consumers, but a data center getting ready to spend half a million on processors alone? This is where it it matters. You think the NSA wants to use vulnerable tech? I think not.
 
Joined
Sep 17, 2014
Messages
20,773 (5.97/day)
Location
The Washing Machine
Processor i7 8700k 4.6Ghz @ 1.24V
Motherboard AsRock Fatal1ty K6 Z370
Cooling beQuiet! Dark Rock Pro 3
Memory 16GB Corsair Vengeance LPX 3200/C16
Video Card(s) ASRock RX7900XT Phantom Gaming
Storage Samsung 850 EVO 1TB + Samsung 830 256GB + Crucial BX100 250GB + Toshiba 1TB HDD
Display(s) Gigabyte G34QWC (3440x1440)
Case Fractal Design Define R5
Audio Device(s) Harman Kardon AVR137 + 2.1
Power Supply EVGA Supernova G2 750W
Mouse XTRFY M42
Keyboard Lenovo Thinkpad Trackpoint II
Software W10 x64
Maybe not for us consumers, but a data center getting ready to spend half a million on processors alone? This is where it it matters. You think the NSA wants to use vulnerable tech? I think not.

Absolutely, but when I post here, I'm a consumer ;)
 

Space Lynx

Astronaut
Joined
Oct 17, 2014
Messages
15,800 (4.58/day)
Location
Kepler-186f
I already decided like 3 months ago I am doing Ryzen 3700x at launch for my next build. Intel got lazy for to long.
 
Joined
Jul 25, 2006
Messages
12,011 (1.86/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
It is not just scare mongering. Imho.
Then where are all the infected people?

Well with winrar and chromes recent zero days ,one spread over 15 years people's security is certainly at risk.
It is not just scare mongering. Imho.
:( The WinRAR and Chrome vulnerabilities have absolutely nothing to do with those Intel processor vulnerabilities. So why bring them up here?

IMO, it is that type of illogical association in blogs, news articles and forums that not only is scare-mongering, but fuels further misinformation - the snow-balling of such scare-mongering.

Yes, the WinRAR and Chrome vulnerabilities were bad and did put people at risk. But they have nothing to do with the brand or model of processor the user has.
 
Joined
Nov 4, 2005
Messages
11,654 (1.73/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs and over 10TB spinning
Display(s) 56" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
So we find that Intel purposefully used flawed security to increase the performance of CPUs while AMD didn't.

Not many tech sites are willing to call out the biggest CPU manufacturing company for mistakes they made to get ahead of their competition when many of those chips were praised for their performance.

At the end of the day it's a risk that most people would take without caring, so doesn't really matter? Not until it does.
 

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
9,105 (1.31/day)
Location
Dorset where else eh? >>> Thats ENGLAND<<<
Especially since these silicon level vulnerabilities are extremely difficult to exploit on systems deployed in real-world scenarios. All the reports say a bad guy "could" do this or a bad guy "might" be able to do that "if", "if" and "if" he or she was able to get past "this", already has access to "that", and is able to do "this" and "that" without ever being detected, caught or blocked.

I certainly don't like these vulnerabilities, but they have not dissuaded me from buying Intel.
These Intel (and Amd) CPU vulnabilitys and exploits are like your Wife/girlfriend
Can be exploited and infected (pregnent) on a hardware hands on vector. but not at a distance

Sorry bill for quoting you nothing personal
 
Joined
Mar 10, 2015
Messages
3,984 (1.21/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Then where are all the infected people?

I understand people view these vulnerabilities on a per user basis but I don't feel that is the right approach. The average user has a very small percentage of chance of being directly affected by these flaws on a personal attack vector, as in your home pc.

However, Intel CPUs likely dominate the datacenter market and everyone's data is contained there many times over. I would be willing to make a large bet that 99% of people have some amount of personal data contained in data centers powered by Intel CPUs. That data, has a considerable amount of risk.

Only looking at this from a personal user standpoint is really ignoring the pink elephant in the room even though there isn't much that can be done about it.

EDIT:

Can be exploited and infected (pregnent) on a hardware hands on vector. but not at a distance

This is completely false. You do not need physical access.
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,772 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 14900KS
Motherboard EVGA z690 Dark KINGPIN (modded BIOS)
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis mini (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
Part of the trouble, though, is the horrendous naming

Wait. If you frequent security related sites then you should already know that the people that find the exploits are generally the ones that name them. Not the company it pertains too.
 
Joined
Jul 25, 2006
Messages
12,011 (1.86/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
So we find that Intel purposefully used flawed security
Purposefully? Yeah right. Talk about scare-mongering. :kookoo: :rolleyes:
Not many tech sites are willing to call out the biggest CPU manufacturing company
Right. Because Intel has them all in their pockets? I guess this (tech sites unwilling to call them out) is why we have rarely seen this problem reported. :rolleyes:

I understand people view these vulnerabilities on a per user basis but I don't feel that is the right approach. The average user has a very small percentage of chance of being directly affected by these flaws on a personal attack vector, as in your home pc.
Exactly. Yet home users are the ones being targeted (intentionally or not) by all this scare-mongering. :(
However, Intel CPUs likely dominate the datacenter market and everyone's data is contained there many times over. I would be willing to make a large bet that 99% of people have some amount of personal data contained in data centers powered by Intel CPUs. That data, has a considerable amount of risk.
If that data is at such risk from these vulnerabilities, where are all the breaches that have been attributed to these flaws?

It is possible a drunk can hop the curb, knock down a tree, drive across three lawns and run into my front porch. Does that mean standing on my front porch imposes a considerable amount of risk and therefore, I should move? I could happen. We even had a drunk flip her car in front of my house before.

Just because very serious vulnerabilities exist, that does not mean they are easy to exploit - even if being targeted by clever badguys. It would be extremely difficult for any bad guy to exploit these Intel vulnerabilities even in a data center - if for no other reason, they have to gain access to the CPU. It would almost have to be an inside job. Possible? Yes. Likely? No.

If you research all the major data center breaches, I bet you will find each and every one was due to human error/negligence. The Equifax one for example. The vulnerability was discovered months before the hack. The software developers even developed and distributed the necessary patch - Equifax IT people had it! But what happened? The system administrators never applied it and the information and security executives failed in their duties to secure and protect the data. Heck, all that stored personal data wasn't even encrypted! :mad: :banghead: How stupid was that?

These Intel (and Amd) CPU vulnabilitys and exploits are like your Wife/girlfriend
Can be exploited and infected (pregnent) on a hardware hands on vector. but not at a distance

Sorry bill for quoting you nothing personal
LOL Good thing I got rid of the wife then - and just to make sure with the girlfriend, got the snip snip procedure done too! :D
 
Joined
Mar 10, 2015
Messages
3,984 (1.21/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
If that data is at such risk from these vulnerabilities, where are all the breaches that have been attributed to these flaws?

You and I both know potential reasons for that.
  1. The entry vector is not known.
  2. The entry vector was not disclosed because there is no fix so disclosing the entry vector increases awareness of the issue.
  3. They don't know they have been breached.
  4. Others?
Edit:

Also, you may be right that it has not been exploited but I believe other articles state it was exploited.

It is possible a drunk can hop the curb, knock down a tree, drive across three lawns and run into my front porch. Does that mean standing on my front porch imposes a considerable amount of risk and therefore, I should move? I could happen. We even had a drunk flip her car in front of my house before.

Just because very serious vulnerabilities exist, that does not mean they are easy to exploit - even if being targeted by clever badguys. It would be extremely difficult for any bad guy to exploit these Intel vulnerabilities even in a data center - if for no other reason, they have to gain access to the CPU. It would almost have to be an inside job. Possible? Yes. Likely? No.

If you research all the major data center breaches, I bet you will find each and every one was due to human error/negligence. The Equifax one for example. The vulnerability was discovered months before the hack. The software developers even developed and distributed the necessary patch - Equifax IT people had it! But what happened? The system administrators never applied it and the information and security executives failed in their duties to secure and protect the data. Heck, all that stored personal data wasn't even encrypted! :mad::banghead: How stupid was that?

Humans are most definitely the biggest issue. And to be clear, I am not disagreeing with your principles but to shovel these under the rug is bad policy.
 
Joined
Mar 10, 2010
Messages
11,878 (2.31/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II
Processor Amd R5 5900X/ Intel 8750H
Motherboard Crosshair hero8 impact/Asus
Cooling 360EK extreme rad+ 360$EK slim all push, cpu ek suprim Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 16Gb in four sticks./16Gb/16GB
Video Card(s) Powercolour RX7900XT Reference/Rtx 2060
Storage Silicon power 2TB nvme/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd/1Tb nvme
Display(s) Samsung UAE28"850R 4k freesync.dell shiter
Case Lianli 011 dynamic/strix scar2
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi/Asus stock
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Aimo 120
VR HMD Oculus rift
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
Then where are all the infected people?

:( The WinRAR and Chrome vulnerabilities have absolutely nothing to do with those Intel processor vulnerabilities. So why bring them up here?

IMO, it is that type of illogical association in blogs, news articles and forums that not only is scare-mongering, but fuels further misinformation - the snow-balling of such scare-mongering.

Yes, the WinRAR and Chrome vulnerabilities were bad and did put people at risk. But they have nothing to do with the brand or model of processor the user has.
IMO your being hyperbolic.

What I meant but didn't clearly state is that the Hands on Admin level access many of these exploits need can possibly be got at through other software security issues.
Attack vectors are stacking and most nefarious hacker's use a plethora of vectors together not one.

So as winrar and chrome demonstrated ,who the Fff knows what a hacker could be doing via some undisclosed security issue.
 
Joined
Jul 25, 2006
Messages
12,011 (1.86/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
IMO your being hyperbolic.
Me?

Again, just because there is the potential for something, that does not mean it is likely to happen. Yet you suggest it is by bringing up totally unrelated vulnerabilities in a couple software programs. That's not exaggerating the issue?

Also, you may be right that it has not been exploited but I believe other articles state it was exploited.
Oh? You believe? Got a link?
but to shovel these under the rug is bad policy.
I totally agree. And I'm definitely not doing that. I think I proved that by criticizing the Equifax IT and execs for doing just that (ignoring the threat/shoving it under the rug).

But the opposite extreme, that is exaggerating the threat and scare-mongering, is equally bad.

Users cannot ignore bad guys are out there. That is why we all must keep our operating systems and security software current. We should all be behind a router too - even with networks of just 1 computer. And we must not be "click-happy on unsolicited downloads, links, attachments and popups.
 
Top