Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

[Dave65]

Profit over security?
Nah, Intel would never..................

 

[John Naylor]

The people commenting here are just...out of this world. People still don't understand that these vulnerabilities don't have absolutely any importance to normal consumers. Who cares about your games and photos?

Agreed, I don't understand why this topic is sensationalized everywhere or why asking if any instance of consumers or enthusiasts being negatively impacted has ever been reported is prohibited .

 

[dicktracy]

More reason to upgrade to Ice Lake

 

[moproblems99]

this topic is sensationalized everywhere

In my opinion, it is great that security is finally getting highlighted. Now people will understand that 90% of business don't give two poos about protecting your data. This may not be a problem for consumers...until it is. Just remember the processors sitting in all those data centers holding all of your data. Then you find out that every piece of software and hardware you use on a daily basis makes Swiss cheese look like concrete because security and privacy is the first thing that gets thrown out the windows when the budget hammer comes down. Disgusting, frankly.

Truth be told, 9/10 users don't need to worry about this. Most of these attacks require people that actually know what they are doing. The morons will get sniffed out before they have a chance to do anything.

 

[windwhirl]

I guess Intel engineers are probably feeling a bit like "OH ~$%&ING COME ON! $&@#! THIS @€$# AGAIN!? *$%#@!!"

That aside, considering what seems to be a never-ending parade of vulnerabilities, I'm wondering if Intel and AMD should consider investing heavily in R&D to maybe one day launch CPUs that do not rely on speculative execution to get work done fast. I know I'd do.

 

[Darmok N Jalad]

I guess Intel engineers are probably feeling a bit like "OH ~$%&ING COME ON! $&@#! THIS @€$# AGAIN!? *$%#@!!"

That aside, considering what seems to be a never-ending parade of vulnerabilities, I'm wondering if Intel and AMD should consider investing heavily in R&D to maybe one day launch CPUs that do not rely on speculative execution to get work done fast. I know I'd do.

All your high performance, out-of-order CPU makers use speculative execution--it's a key component of OeOE. The benefits of the technology are huge. Without it, the CPU spends a lot of time waiting when it could be doing more work. Maybe on the day system memory is as fast as the CPU, it (and the various cache stages) will no longer be needed, or maybe the benefit of SE will be less. Still, each CPU maker implements SE differently, so vulnerability largely depends on the design.

 

[eidairaman1]

The tested AMD CPU was one bulldozer chip (AMD A6-4455M). So no confirmation if Zen is affected or not.

bulldozer it is not...

Piledriver it is

 

[Caring1]

Wait, how many average home users of computers has this affected exactly, now or in the past?
I'm talking about all prior vulnerabilities affecting processors as well.
I doubt one single average joe has been affected.

 

[moproblems99]

Wait, how many average home users of computers has this affected exactly, now or in the past?
I'm talking about all prior vulnerabilities affecting processors as well.
I doubt one single average joe has been affected.

That depends, how many average Joe's had their data stolen from a data center?

 

[yakk]

This is seriously making a good case to not have Intel CPUs for mission critical servers & stations.

 

[Caring1]

That depends, how many average Joe's had their data stolen from a data center?

I was one of thousands that did, but that was a data centre, not at individual at home, and it was a normal data breach by hacking.

 

[hat]

This is seriously making a good case to not have Intel CPUs for mission critical servers & stations.

Maybe not. Security through obscurity is not real security. Meaning, if all the data centers switched to AMD tomorrow, I don't think it would be very long before their flaws are discovered. I'm not saying there are (or aren't) flaws to be found, just saying Intel is the bigger target, so it makes sense we hear about Intel more often than AMD.

...But that also doesn't excuse all the Intel flaws, either. They've definitely got to do something about all this. If I were managing a datacenter, I would be none too happy about hearing about another Intel security flaw for the umpteenth time. Especially one that can't be patched by software, which means now I have to wait (for an unknown period of time while I run unsecure hardware) until I can spend more money on (maybe) secure hardware! Ridiculous.

 

[GoldenX]

If we used VIA this wouldn't happen.

 

[mtcn77]

Maybe not. Security through obscurity is not real security. Meaning, if all the data centers switched to AMD tomorrow, I don't think it would be very long before their flaws are discovered. I'm not saying there are (or aren't) flaws to be found, just saying Intel is the bigger target, so it makes sense we hear about Intel more often than AMD.

...But that also doesn't excuse all the Intel flaws, either. They've definitely got to do something about all this. If I were managing a datacenter, I would be none too happy about hearing about another Intel security flaw for the umpteenth time. Especially one that can't be patched by software, which means now I have to wait (for an unknown period of time while I run unsecure hardware) until I can spend more money on (maybe) secure hardware! Ridiculous.

You know this would make the stage for an all new Robocop movie...

 

[laszlo]

cpu is designed by man therefore is a flawed product from start.

we'll never know how many unknown design errors exist in a cpu as finding a way to by-pass certain hardware security using software is considered a bug

seems some people are smarter than cpu design teams and their computers which ran the security checks ....

 

[NC37]

laughs in Ryzen

Only thing left with an Intel processor in the house is mum's old Toshiba P750 laptop with a i5 2410M from 2011. I'm waiting for it to die so I can get her a Raven Ridge machine like my Envy x360, Super happy with it, especially now the drivers from the main stack can be used on the 2500U.

As with all HP machines...wait for it. Happiness starts falling apart as soon as you realize how many corners they cut in construction. Heh...

 

[mtcn77]

As with all HP machines...wait for it. Happiness starts falling apart as soon as you realize how many corners they cut in construction. Heh...

Tablets are the best. 300gr polycarbonate+corning, even the volume buttons are loose from impacts, can drop it around all day.

 

[ArbitraryAffection]

As with all HP machines...wait for it. Happiness starts falling apart as soon as you realize how many corners they cut in construction. Heh...

it seems okay? i've had it a couple months and everything seems solid, i even took it apart to replace the ssd with a bigger one.

 

[lexluthermiester]

I just went from Ryzen to an I7 and I just put my kids on Ryzen and it looks like I'm going back that way too.
I'm not worried about S/M or this but I'm starting to get a bad feel for Intel again.

Don't make that jump too quick. These kinds of vulnerabilities are useless against normal users and are near impossible to pull off remotely.

 

[hat]

Don't make that jump to quick. These kinds of vulnerabilities are useless against normal users and are near impossible to pull off remotely.

Agreed. Worry about it if you're a datacenter or something. This attack requires physical access, as does Meltdown and Spectre IIRC (but NetSpectre can be used over a network... but would still require access to your network, in some way).

 

[P4-630]

"
Updated to add
An Intel spokesperson told us after publication that it hopes applications can be built in future to defend against SPOILER attacks, or hardware protections can be deployed:

Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research."

https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/
(scroll to the bottom)

 

[lexluthermiester]

"
Updated to add
An Intel spokesperson told us after publication that it hopes applications can be built in future to defend against SPOILER attacks, or hardware protections can be deployed:

Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research."

https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/
(scroll to the bottom)

The research paper for this is a very tedious read, but also very enlightening. Worth a read;
https://arxiv.org/pdf/1903.00446.pdf

 

[moproblems99]

This attack requires physical access

No, it doesn't.

 

[lexluthermiester]

No, it doesn't.

While that is true, the default Windows config doesn't allow for remote exploitation. A user/admin would need to deliberately open up a system to be vulnerable, which no one is foolish/stupid enough to do, effectively making physical access a requirement.

 

[jmcslob]

Don't make that jump too quick. These kinds of vulnerabilities are useless against normal users and are near impossible to pull off remotely.

This more or less gives me (absolutely no reason) a good reason to pickup a b450 Mobo since I have a spare AM4 CPU that needs used, ( after I get a Mobo for it I'll more than likely order a better CPU since its a 9600) since I hate having stuff so around doing nothing (I may be a tech Horder in need of help)

On a serious note, I don't think anything will ever come if this other than some type of patch.