Intel Processor Security Flaws

34
Found 4th Jan
Rush to fix ‘serious’ computer chip flaws bbc.co.uk/news/technology-42561169

OS fixes will possibly reduce performance by 5-30%. Not listed what gems are affected.

Don’t worry AMD is fine. Edit: Now claimed ARM, Intel and AMD are impacted.
Community Updates
Misc
34 Comments
Need to overclock those K processors a bit more then
Original Poster
kester765 m ago

Need to overclock those K processors a bit more then


Except it looks to include servers and everything else. Could have a big impact on hosted services etc.
Was posted yesterday. Apparently newer processors aren't effected as much either.
Oh no, what a blow to GCHQ, NSA and others. Sorry I meant "hackers"

I dedicate this post to all the people who keep posting on AV threads, who say, they're fine with MS Defender and if you don't look at dodgy sites or download anything, you'll have nothing to worry about.
Suckers
Derek_Horatio_Shatwell2 m ago

Oh no, what a blow to GCHQ, NSA and others. Sorry I meant "hackers" …Oh no, what a blow to GCHQ, NSA and others. Sorry I meant "hackers" I dedicate this post to all the people who keep posting on AV threads, who say, they're fine with MS Defender and if you don't look at dodgy sites or download anything, you'll have nothing to worry about.Suckers



Would AV help sort this?
CoeK4 m ago

Would AV help sort this?



No, but you know the people I'm talking about.
Derek_Horatio_Shatwell4 h, 3 m ago

Oh no, what a blow to GCHQ, NSA and others. Sorry I meant "hackers" …Oh no, what a blow to GCHQ, NSA and others. Sorry I meant "hackers" I dedicate this post to all the people who keep posting on AV threads, who say, they're fine with MS Defender and if you don't look at dodgy sites or download anything, you'll have nothing to worry about.Suckers


How would any other anti virus catch this?
I love that they are lumping together ARM and AMD cpu's with Intel ones on this. The meltdown exploit is only for intel cpus and affects pretty much every intel chip noted so far - big issue considering Xeon chip placement in servers. The spectre criteria for exploitation exists for all chips, but much harder to pull off and likely be amended with an OS fix that should obviously decrease performance on these cpus.
Lastly, this exploit has been around for a while from looks at the reports, and they have struggled to fix it for a few months already without a significant performance hit in some areas. This alone should highlight just how significant a flaw it is really and how much of an issue this will subsequently be. I am also dubious around the lack of reported workload slowdown in most normal applications until I see OS fixes for all of these implemented and we see the end result. Either way, I would watch this space around intel CPU's and intel in general, as this could potentially shake the market up pretty aggressively.
MR11231 h, 0 m ago

How would any other anti virus catch this?


spectreattack.com
meltdownattack.com

Quote:
"Can my antivirus detect or block this attack?
While possible in theory, this is unlikely in practice. Unlike usual malware, Meltdown and Spectre are hard to distinguish from regular benign applications. However, your antivirus may detect malware which uses the attacks by comparing binaries after they become known."
Edited by: "m00head" 4th Jan
Original Poster
ssimonian10 m ago

I love that they are lumping together ARM and AMD cpu's with Intel ones on …I love that they are lumping together ARM and AMD cpu's with Intel ones on this. The meltdown exploit is only for intel cpus and affects pretty much every intel chip noted so far - big issue considering Xeon chip placement in servers. The spectre criteria for exploitation exists for all chips, but much harder to pull off and likely be amended with an OS fix that should obviously decrease performance on these cpus.Lastly, this exploit has been around for a while from looks at the reports, and they have struggled to fix it for a few months already without a significant performance hit in some areas. This alone should highlight just how significant a flaw it is really and how much of an issue this will subsequently be. I am also dubious around the lack of reported workload slowdown in most normal applications until I see OS fixes for all of these implemented and we see the end result. Either way, I would watch this space around intel CPU's and intel in general, as this could potentially shake the market up pretty aggressively.


Maybe this is why AMD has been flagging in performance. They’ve been building their chips properly

Maybe it’s to do with the x64 architecture AMD designer and let Intel use. Then AMD fixed it but never let on
Meltdown and Spectre: ‘worst CPU bugs ever’ affect virtually all computers - The Guardian
theguardian.com/tec…law
Oneday7714 m ago

Maybe this is why AMD has been flagging in performance. They’ve been b …Maybe this is why AMD has been flagging in performance. They’ve been building their chips properly Maybe it’s to do with the x64 architecture AMD designer and let Intel use. Then AMD fixed it but never let on


As I understood it, it is architecture flaw that allows high tier data to be leaked where it isn't supposed to be, and is at the core of most intel cpu designs. Not sure about the HEDT type chips, though given the concerns around server involvement from amazon and microsoft, it might also be affecting them too. The biggest worry appears to be how data might be leaked from virtualised instances running on servers, which also makes most of the security features of having virtual machines redundant if you can extract important user data from outside your VM. Not sure about whether bulldozer/piledriver based chips are susceptible to the same flaw though, I know that AMD made a big deal with ryzen and epyc about new security features added to avoid situations like this...only time will tell however!
Edited by: "ssimonian" 4th Jan
MR11231 h, 29 m ago

How would any other anti virus catch this?



32987862-4fE5G.jpg
Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs - The Register
theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/

Quote:
"Our advice is to sit tight, install OS and firmware security updates as soon as you can, don't run untrusted code, and consider turning on site isolation in Chrome to thwart malicious webpages trying to leverage these design flaws to steal session cookies from the browser process (Firefox has its own mitigations.)"
Edited by: "m00head" 8th Jan
CoeK11 m ago

Add me to the list of people who don't get your point.


My point was about people who think they're safe from viruses/malware/being hacked etc, just because they don't visit so called "dodgy sites" and download content they shouldn't.
Check out most AV software discount threads on HUKD and you'll see posts from these people, saying they don't need that particular AV software, because they have X and don't visit "illegal" sites etc.
They're just as vulnerable as the rest of us.
Derek_Horatio_Shatwell1 m ago

My point was about people who think they're safe from …My point was about people who think they're safe from viruses/malware/being hacked etc, just because they don't visit so called "dodgy sites" and download content they shouldn't.Check out most AV software discount threads on HUKD and you'll see posts from these people, saying they don't need that particular AV software, because they have X and don't visit "illegal" sites etc.They're just as vulnerable as the rest of us.


I haven't seen anyone say that tbh.
Oneday778 h, 3 m ago

Except it looks to include servers and everything else. Could have a big …Except it looks to include servers and everything else. Could have a big impact on hosted services etc.


Could be why virgin media have been ropey at the moment.
Derek_Horatio_Shatwell1 h, 31 m ago

My point was about people who think they're safe from …My point was about people who think they're safe from viruses/malware/being hacked etc, just because they don't visit so called "dodgy sites" and download content they shouldn't.Check out most AV software discount threads on HUKD and you'll see posts from these people, saying they don't need that particular AV software, because they have X and don't visit "illegal" sites etc.They're just as vulnerable as the rest of us.



Therefore they are correct and you wasted money on useless AV software. Glass half empty/glass half full
Derek_Horatio_Shatwell7 h, 9 m ago

My point was about people who think they're safe from …My point was about people who think they're safe from viruses/malware/being hacked etc, just because they don't visit so called "dodgy sites" and download content they shouldn't.Check out most AV software discount threads on HUKD and you'll see posts from these people, saying they don't need that particular AV software, because they have X and don't visit "illegal" sites etc.They're just as vulnerable as the rest of us.


Going to back you up on this as I've found advertisements that loaded hidden malware on legit sites before.
I own a total of three PCs all of them having Intel chips ranging back to Pentium 4 and up to Haswell and all affected by this. It is particularly annoying that my main gaming and general workhorse PC with an i7 3770 will be most badly affected (the P4 system is offline use only so won't get patched) as the Ivy Bridge architecture is said to fare particularly badly under the update as Haswell forward is said to have hardware extensions to better deal with it (a different kind of lookup table structure I believe).

Personally, I am furious about this whole matter and fully intend to pursue intel as hard as I'm able to for compensation, as it does not seem fair, perhaps not even legal, that a product I bought with a specific guaranteed level of performance will suddenly drop 30% percent, around a third, of its performance overnight due to a manufacturing oversight. Not to mention when I come to upgrade, my existing CPU will be worth a fraction of what it was before since no one will want to put intel in their machines for some time after this so I will be stuck with systems that perform poorly and have little resale worth. thanks a lot Intel

Anyone have any advice on the best way to contact Intel to complain about this matter? Preferably the email address of someone high up...
Original Poster
ST312338 m ago

I own a total of three PCs all of them having Intel chips ranging back to …I own a total of three PCs all of them having Intel chips ranging back to Pentium 4 and up to Haswell and all affected by this. It is particularly annoying that my main gaming and general workhorse PC with an i7 3770 will be most badly affected (the P4 system is offline use only so won't get patched) as the Ivy Bridge architecture is said to fare particularly badly under the update as Haswell forward is said to have hardware extensions to better deal with it (a different kind of lookup table structure I believe).Personally, I am furious about this whole matter and fully intend to pursue intel as hard as I'm able to for compensation, as it does not seem fair, perhaps not even legal, that a product I bought with a specific guaranteed level of performance will suddenly drop 30% percent, around a third, of its performance overnight due to a manufacturing oversight. Not to mention when I come to upgrade, my existing CPU will be worth a fraction of what it was before since no one will want to put intel in their machines for some time after this so I will be stuck with systems that perform poorly and have little resale worth. thanks a lot Intel Anyone have any advice on the best way to contact Intel to complain about this matter? Preferably the email address of someone high up...


Ivy bridge is 5-6 years old now. Intel will not take much into account for performance changes in that age of architecture.

Also it is prevalent across multiple other chip manufacturers. So it isn’t like Intel was the only one to miss it. This will be one of these, take it on the chin things.
Oneday7723 m ago

Ivy bridge is 5-6 years old now. Intel will not take much into account for …Ivy bridge is 5-6 years old now. Intel will not take much into account for performance changes in that age of architecture. Also it is prevalent across multiple other chip manufacturers. So it isn’t like Intel was the only one to miss it. This will be one of these, take it on the chin things.


Fact is though, thanks to CPU development reaching something of a plateau, Ivy Bridge and even Sandy Bridge have still been remarkably performance competitive with current gen for most home use including gaming, hence up to now, I had felt no reason whatsoever to upgrade, but if my system suddenly runs 30+% slower I am going to be forced to upgrade (and not to Intel without serious incentive).

Complaining isn't guaranteed any result but I will press on anyway as you never know and I don't think we should be forced to just 'take it on the chin'. Not expecting them to replace my 5-6 year old system with a shiny new one (would be nice tho ) but I am sure them offering me a good discount on a newer less heavily impacted CPU is not outside the bounds of possibility and would let me upgrade too.

I complained to Nvidia when the whole 3.5GB instead of 4GB VRAM on the GTX970 scandal came out and while they didn't change the GPU they were kind enough to give me two new AAA games I otherwise wouldn't have, so goes to show you never know...
Original Poster
ST31236 m ago

Fact is though, thanks to CPU development reaching something of a plateau, …Fact is though, thanks to CPU development reaching something of a plateau, Ivy Bridge and even Sandy Bridge have still been remarkably performance competitive with current gen for most home use including gaming, hence up to now, I had felt no reason whatsoever to upgrade, but if my system suddenly runs 30+% slower I am going to be forced to upgrade (and not to Intel without serious incentive). Complaining isn't guaranteed any result but I will press on anyway as you never know and I don't think we should be forced to just 'take it on the chin'. Not expecting them to replace my 5-6 year old system with a shiny new one (would be nice tho ) but I am sure them offering me a good discount on a newer less heavily impacted CPU is not outside the bounds of possibility and would let me upgrade too. I complained to Nvidia when the whole 3.5GB instead of 4GB VRAM on the GTX970 scandal came out and while they didn't change the GPU they were kind enough to give me two new AAA games I otherwise wouldn't have, so goes to show you never know...


I’m sure some class action shenanigans is already under way.
ST31231 h, 12 m ago

I own a total of three PCs all of them having Intel chips ranging back to …I own a total of three PCs all of them having Intel chips ranging back to Pentium 4 and up to Haswell and all affected by this. It is particularly annoying that my main gaming and general workhorse PC with an i7 3770 will be most badly affected (the P4 system is offline use only so won't get patched) as the Ivy Bridge architecture is said to fare particularly badly under the update as Haswell forward is said to have hardware extensions to better deal with it (a different kind of lookup table structure I believe).Personally, I am furious about this whole matter and fully intend to pursue intel as hard as I'm able to for compensation, as it does not seem fair, perhaps not even legal, that a product I bought with a specific guaranteed level of performance will suddenly drop 30% percent, around a third, of its performance overnight due to a manufacturing oversight. Not to mention when I come to upgrade, my existing CPU will be worth a fraction of what it was before since no one will want to put intel in their machines for some time after this so I will be stuck with systems that perform poorly and have little resale worth. thanks a lot Intel Anyone have any advice on the best way to contact Intel to complain about this matter? Preferably the email address of someone high up...


Some notes on Meltdown/Spectre - Errata Security
blog.erratasec.com/201…tml

Quote:
"Don't worry about the performance hit. Some, especially avid gamers, are concerned about the claims of "30%" performance reduction when applying the patch. That's only in some rare cases, so you shouldn't worry too much about it. As far as I can tell, 3D games aren't likely to see less than 1% performance degradation. If you imagine your game is suddenly slower after the patch, then something else broke it."
Intel CEO Brian Krzanic faces possible investigation by the Securities and Exchange Commission for selling all his Intel shares after the company learnt of the vulnerabilities but before it was made public.
Edited by: "Cr0m" 5th Jan
Original Poster
Cr0m46 s ago

Intel CEO Brian Krzanic faces possible investigation by the Securities and …Intel CEO Brian Krzanic faces possible investigation by the Securities and Exchange Commission for selling all his Intel shares after the company learnt of the vulnerabilities but before it was made public.


I stumbled upon that earlier. Obviously they claim it was a preplanned automated sale. My arse.
CoeK4th Jan

Was posted yesterday. Apparently newer processors aren't effected as much …Was posted yesterday. Apparently newer processors aren't effected as much either.

"Apparently newer processors aren't effected as much either."

Well, that's the common theory for now at least?.
Cr0m13 h, 37 m ago

Intel CEO Brian Krzanic faces possible investigation by the Securities and …Intel CEO Brian Krzanic faces possible investigation by the Securities and Exchange Commission for selling all his Intel shares after the company learnt of the vulnerabilities but before it was made public.



Im sure every one is us would have done the same!!
Original Poster
Dannyrobbo39 m ago

Im sure every one is us would have done the same!!


Everyone of us would have been tempted. It is however an offence to profit from insider dealing.
The CEO of a company should be beyond reproach, except they hardly ever are and can be corrupt slimy scum buckets.
They get paid enough without having to scam the system.
Oneday773 h, 35 m ago

Everyone of us would have been tempted. It is however an offence to profit …Everyone of us would have been tempted. It is however an offence to profit from insider dealing. The CEO of a company should be beyond reproach, except they hardly ever are and can be corrupt slimy scum buckets. They get paid enough without having to scam the system.



CEOor not he is still only human and the majority of us would do the same knowing the likelihood of not getting caught
Original Poster
Dannyrobbo45 m ago

CEOor not he is still only human and the majority of us would do the same …CEOor not he is still only human and the majority of us would do the same knowing the likelihood of not getting caught


Oh I think he’ll be caught for this one.
Oneday7745 m ago

Oh I think he’ll be caught for this one.



Doubt he will be the stock sale was scheduled 5 months later.

on another note he sold them and made pretty much no extra gain by doing so it’s about the same price now as it was on sale
Post a comment
Avatar
@
    Text

    Top Discussions

    Top Merchants