Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

[trparky]

Root is nothing more than Administrator functionality. Works the exact same way in Windows.

And yet people still run as admin on Windows. I at least have the common sense to run with UAC enabled.

 

[hat]

Root is more powerful than Windows admin. Windows admin is like being president of the USA. Linux Root is like being the dictator of the world.

 

[mtcn77]

Root is more powerful than Windows admin. Windows admin is like being president of the USA. Linux Root is like being the dictator of the world.

China? China! China...

 

[moproblems99]

Root is more powerful than Windows admin. Windows admin is like being president of the USA. Linux Root is like being the dictator of the world.

Neither of them are that great unless you are doing a smash and grab or get your discrete alley way entry setup.

 

[ArbitraryAffection]

And yet people still run as admin on Windows. I at least have the common sense to run with UAC enabled.

I run UAC on the recommended setting. But now I have increased to the maximum setting.

 

[lexluthermiester]

Root is more powerful than Windows admin. Windows admin is like being president of the USA. Linux Root is like being the dictator of the world.

That's an interesting perspective, however it's not the most accurate. There isn't a thing that can be done with root in Linux/Unix/BSD/Android that can not be done in Windows with Admin.

 

[R-T-B]

Root is nothing more than Administrator functionality. Works the exact same way in Windows. Calling it "game over" is making a mountain out of an ant-hill.

No, it's SYSTEM-account level functionality. Even Windows doesn't give you that. Administrator is a high privilege account. Root is a god account and it does not privilege check. If the compute can do it, it will be done. Root even ignores fs permissions.

That's an interesting perspective, however it's not the most accurate. There isn't a thing that can be done with root in Linux/Unix/BSD/Android that can not be done in Windows with Admin.

delete the SYSTEM account. Formatting C:\ in a running OS. Things you do not want to do and Windows knows that.

 

[lexluthermiester]

Even Windows doesn't give you that.

It does, but you have to know how. Windows doesn't make it easy, but it can be done.

delete the SYSTEM account. Formatting C:\ in a running OS. Things you do not want to do and Windows knows that.

Again, it can be done. Not easily, but can be done.

 

[BorgOvermind]

They should learn to stop bypassing things with such dirty tricks only to show-off in benchmarks.

This is something like checking parity of a file instead of its SHA to see if it's valid (a little exaggerated example, but that's the logic: let's cheat on any possible calculations).

@R-T-B 'Administrator' of Windows OS is the equivalent of SU in Linux.

So yes, the more exact equivalent of root would be the system account in Windows, of which privileges you can assimilate and use if you want.

 

[Super XP]

This security issue is a hardware issue that cannot be fixed by software. Pretty much needs a re-design. Wow,
Now we know how Intel chips seem to score well in Benchmarks LOL

I am sure AMD CPUs are affected too... This is not negligence, it is a principle bug. Every processor needs speculative execution , or else will crawl. And that opens the gate to this kind of attacks.
They just didn't found the AMD one yet.

It's funny that a similar comment above got down voted.

AMD nor ARM are affected by this.

They looked for the same weakness in ARM and AMD processor cores but didn't find the same behaviour that is present in Intel chips. Spoiler depends on "a novel microarchitectural leakage, which reveals critical information about physical page mappings to userspace processes".
"The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS, and also works from within virtual machines and sandboxed environments."

Oh crap...

Good news for AMD, Bad news for Intel

 

[HTC]

This security issue is a hardware issue that cannot be fixed by software. Pretty much needs a re-design. Wow,
Now we know how Intel chips seem to score well in Benchmarks LOL

AMD nor ARM are affected by this.

Good news for AMD, Bad news for Intel

No, dude. This means spec - ex based vulnerabilities are dangerous enough to warrant a hardware level re-design. Just because this Spoiler issue affects only Intel "today" doesn't mean another security issue won't affect AMD "tomorrow", as evidenced by Spectre, from "yesterday".

Not only Intel but AMD, ARM and every other CPU manufacturer out there should take steps to get rid of spec - ex from their CPUs.

 

[hat]

Without speculative execution, chips will be really slow... I don't think anyone wants to take that step backwards.

 

[HTC]

Without speculative execution, chips will be really slow... I don't think anyone wants to take that step backwards.

Depends on the "cost" of that speed.

I agree that spec - ex is a "key feature" in current CPU's performance but if indeed it turns out that it's performance enhancement comes with too big security risks, than i'd rather have the companies that are most susceptible to be the target of these kinds of exploits (banks, and the like) to have slower CPUs.

Us individuals are much less prone to be the target of such attacks, but this fact doesn't rule it out: keep that in mind.

 

[lexluthermiester]

Without speculative execution, chips will be really slow... I don't think anyone wants to take that step backwards.

It would literally drop processor performance by 35% to 40%. Granted, for what most people do it would not be so bad or even noticeable. However for any task that requires performance, the difference would be severe.

 

[BorgOvermind]

@HTC no, this specific issue will not affect the others ever since they didn't cheat on basic processing.

Other vulnerabilities may appear on all, but not this one.

 

[Super XP]

No, dude. This means spec - ex based vulnerabilities are dangerous enough to warrant a hardware level re-design. Just because this Spoiler issue affects only Intel "today" doesn't mean another security issue won't affect AMD "tomorrow", as evidenced by Spectre, from "yesterday".

Not only Intel but AMD, ARM and every other CPU manufacturer out there should take steps to get rid of spec - ex from their CPUs.

AMD doesn't have this issue, nor does ARM. As I stated above.
The issue here is Intel cheating, where they finally got caught with there pants down.

 

[lexluthermiester]

AMD doesn't have this issue, nor does ARM. As I stated above.

That has yet to be determined by further research.

The issue here is Intel cheating, where they finally got caught with there pants down.

Intel wasn't "cheating" at anything. The technology at issue was designed to make computing more efficient in an effort to compete. Nothing more. It wasn't sloppy, intentional or lacking in ingenuity. Enough with the "making a mountain out of a mole-hill" non-sense.

 

[HTC]

AMD doesn't have this issue, nor does ARM. As I stated above.
The issue here is Intel cheating, where they finally got caught with there pants down.

Spoiler apparently not, but Spectre yes.

New spec - ex based exploits are being discovered and, for all we know, other exploits just as dangerous or even more so may have been reported to manufacturers already. Remember: this new Spoiler exploit was referred to Intel in December of 2018, but we only found out about it in March 2019.

That has yet to be determined by further research.

Intel wasn't "cheating" at anything. The technology at issue was designed to make computing more efficient in an effort to compete. Nothing more. It wasn't sloppy, intentional or lacking in ingenuity. Enough with the "making a mountain out of a mole-hill" non-sense.

I'm 100% sure that was the case. However, and if it turns out someone @ design level stages pointed out the potential issues that could arise from it but was ignored in the persuit of performance, then that's a different matter entirely. I'm not talking about Intel only, since AMD and ARM also use spec - ex.

 

[BorgOvermind]

@lexluthermiester - what they did is like partially processing a password. It's definitely sloppy.

 

[Redwoodz]

The people commenting here are just...out of this world. People still don't understand that these vulnerabilities don't have absolutely any importance to normal consumers. Who cares about your games and photos?
These attacks are important for datacenters, bank or government computers, etc.
If you have an Intel CPU, this doesn't mean that it is broken and you will be robbed if you still use it....
Also, discoveries like these give students and faculties some good press. Hey look, this is the place where that funky vulnerability was found. I see they got a habit of searching for bugs in CPUs, which is a good thing, sure, but CPUs are so complex machines that it is almost impossible to make them without some vulnerabilities. And don't worry, happy Ryzen users, AMD also has vulnerabilities, but they weren't discovered yet because nobody cares. Researches look at the market leader...

You think AMD hasn't been checked? I guarantee you Intel themselves are trying to prove AMD is "vulnarable" too. We are talking about potentially billions of dollars in sales.

 

[BorgOvermind]

Guys, this case is too specific to be working cross-vendor.

 

[Super XP]

You think AMD hasn't been checked? I guarantee you Intel themselves are trying to prove AMD is "vulnarable" too. We are talking about potentially billions of dollars in sales.

Both AMD and ARM have been checked again and again. Intel CPUs starting from its 1st generation Core design are affected. Based on the research that found this vulnerability.

 

[moproblems99]

Don't worry, AMD and ARM will have their own special flavors of SpecEx flaws.

 

[Super XP]

Don't worry, AMD and ARM will have their own special flavors of SpecEx flaws.

So does Intel, not to mention litigation issues. Actually many stake holders are somewhat upset with all 3 CPU Manufacturers for not properly disclosing various security vulnerabilities, despite this particular "Spoiler" one only affects Intel CPUs. Intel was aware of this issue for years, as was AMD & ARM for the Spectre thingy, but they kept there mouths shut. Based on the report I read lol

That has yet to be determined by further research.
The researchers explain that Spoiler is not a Spectre attack, so it is not affected by Intel's mitigations for it, which otherwise can prevent other Spectre-like attacks such as SplitSpectre.

"The root cause for Spoiler is a weakness in the address speculation of Intel's proprietary implementation of the memory subsystem, which directly leaks timing behavior due to physical address conflicts. Existing Spectre mitigations would therefore not interfere with Spoiler," they write.
They also looked for the same weakness in Arm and AMD processor cores but didn't find the same behavior that is present in Intel chips.

Intel wasn't "cheating" at anything. The technology at issue was designed to make computing more efficient in an effort to compete. Nothing more. It wasn't sloppy, intentional or lacking in ingenuity. Enough with the "making a mountain out of a mole-hill" non-sense.

I read somewhere on Reddit that in pursuing IPC performance in Benchmarks, Intel exposed themselves, in particular to this Spoiler Attack. Whether this is true is a different story.

 

[moproblems99]

So does Intel, not to mention litigation issues. Actually many stake holders are somewhat upset with all 3 CPU Manufacturers for not properly disclosing various security vulnerabilities, despite this particular "Spoiler" one only affects Intel CPUs. Intel was aware of this issue for years, as was AMD & ARM for the Spectre thingy, but they kept there mouths shut. Based on the report I read lol

As they should have. The only way this was getting fixed was with a new architecture. And it wasn't like they weren't working on one.

I read somewhere on Reddit that in pursuing IPC performance in Benchmarks, Intel exposed themselves, in particular to this Spoiler Attack. Whether this is true is a different story.

More like they were pursuing performance not benchmarks.