Some serious security bug in INTEL CPUs?? Since Westmere possibly

**stj** · 01-09-2018, 08:47 AM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

it would have been funny if the Intel rep had simply said: "the government made us do it"
of course he would be in a cage in cuba the next day, or dead from "suicide" but that's another issue.

**RJARRRPCGP** · 01-09-2018, 11:10 AM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Originally posted by retiredcaps

My E8400 is vulnerable.

Wolfdale, too! Fock!

**Stefan Payne** · 01-09-2018, 12:25 PM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Originally posted by retiredcaps

Just watched the first two minutes of Intel's CEO keynote. I didn't hear the word sorry or aplogize. Just see Intel not taking any blame with the slide that shows all CPU architectures are vulnerable. Brian also doesn't strike me as a likeable or sympathic guy. I don't see him doing well in crisis control mode in public scrutiny.

https://www.youtube.com/watch?v=f71yokde704

Yes, because Intel knew about it, possibly for 10 years but from what we know, at least since 2014.

I think I've posted this GERMAN Link here somewhere or it was somewhere else...

But here the Link:
https://www.spiegel.de/netzwelt/gadg...a-1186193.html

The Interesting part is that one above the Meltdown Picture.
To be precise, the part in the middle where Daniel Grauss said that they were suspicios because Intel had a huge interest in one of the Patches they developed - the KAISER Patch. And that lead them to dig deeper into the shit.
And they found stuff...

So that is a strong piece of evidence to think that Intel could have known about this for many years.

The interesting part is that AMD decided to NOT implement a speculative excecution thing that goes as far as the Intel one.

WHY didn't they do that? They should have known that it would cost performance not to do that?
Maybe they had a hunch and took the safer route but at the cost of Performance...

PS:
It would be interesting to know how Bulldozer and Phenom react to this shit.

And also it is worth mentioning that AMD did have THREE different architectures in the last 10 Years, Intel just one and only did some improvements on the Original Nehalem architecture...

**Curious.George** · 01-09-2018, 12:43 PM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Originally posted by Stefan Payne

Yes, because Intel knew about it, possibly for 10 years but from what we know, at least since 2014.

I cut my teeth on Intel processors (i4004, 8008/8080/8085).

But, shortly thereafter abandoned them due to this sort of "attitude".

You'd find something "funky" happening in your design. Call the Intel rep and describe the situation, ask if there was anything wonky in the processor/chipset. They'd reassure you that there wasn't -- the problem must be how you're using it (hardware or software).

You'd keep scratching your head looking for possible problem areas in your design or code -- tweeking all sorts of things that really weren't the problem.

Eventually, you would CATCH the problem (scope trace, program execution trace, etc.) and confront the Intel rep with documented evidence of THEIR problem -- THEN, they would admit to it AS IF they had been perfectly honest with you, all along (note that they'd been deliberately devious).

Other manufacturers were much more upfront with their "buglists" (errata). I can recall NS dropping off a stack of software workarounds for one of their processors: better forewarned than wasting time chasing down a problem AND DELAYING PRODUCTION (which translates into delaying component purchases!)

Sheesh! You know the truth will leak out, eventually. Do you think delaying is going to magically fix all of the parts you've already SHIPPED??

**stj** · 01-09-2018, 01:41 PM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

funny you should say that, intel just updated a big chunk of microcode.

**Behemot** · 01-09-2018, 02:04 PM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Well, Core 2…http://openbsd-archive.7691.n7.nabbl...2-td43929.html

So…AMD FTW or?

**Curious.George** · 01-09-2018, 11:55 PM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Originally posted by stj

funny you should say that, intel just updated a big chunk of microcode.

They haven't fixed anything; they've just told you how to fix it yourself! YOU have to apply the fix!

**Stefan Payne** · 01-10-2018, 02:07 AM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Reminds me of that:
https://www.neowin.net/news/linux-cr...er-chip-design

**RJARRRPCGP** · 01-10-2018, 04:41 PM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

But why does "Spectre" look worse than "Meltdown" on this web page?

https://www.neowin.net/news/microsof...ltdown-patches

**RJARRRPCGP** · 01-10-2018, 04:59 PM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Originally posted by Behemot

Well, Core 2…http://openbsd-archive.7691.n7.nabbl...2-td43929.html

So…AMD FTW or?

Looks like the pre-45nm era, LOL. So that don't really matter, if fixed by the time Wolfdale was widely distributed... It says 2007!

**Topcat** · 01-10-2018, 05:03 PM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

bah...yorkfield & harpertown C2Q & Xeons are still one of my favorite build bases.

**Stefan Payne** · 01-10-2018, 06:33 PM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

@Topcat
Time to go more towards AMD, isn't it?

Originally posted by RJARRRPCGP

But why does "Spectre" look worse than "Meltdown" on this web page?

https://www.neowin.net/news/microsof...ltdown-patches

Because it would look bad for Intel if they didn't do that...

**RJARRRPCGP** · 01-10-2018, 06:49 PM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Sounds like the 65 nm Core 2s were screwed! I just hope they weren't like 1993, 1994 and 1995 Pentiums all over again! But the good news of the real old skool times, was that the Pentium 133s and higher rated ones reportedly aren't affected...

**Topcat** · 01-10-2018, 07:08 PM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Originally posted by Stefan Payne

@Topcat
Time to go more towards AMD, isn't it?

Because it would look bad for Intel if they didn't do that...

Nah. Spectre also affected AMD. I have nothing against AMD, I've used them in a lot of builds.....but I think this whole thing has been very blown out of proportion.

**Behemot** · 01-10-2018, 11:43 PM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Maybe in theory affects, but AFAIK there has been no vector of attack found (yet anyway), same for ARM. If I do not mistake it with the other one…but definitelly some of the bugs are this way

**mockingbird** · 01-11-2018, 01:00 AM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Originally posted by Topcat

Nah. Spectre also affected AMD. I have nothing against AMD, I've used them in a lot of builds.....but I think this whole thing has been very blown out of proportion.

I disagree.

AMD chips seem to be only vulnerable to localized attacks while Intel chips seem vulnerable to remote attacks...

I think anything like a Haswell should be fast enough to withstand the performance hit of the patches that they say they're releasing.

**Behemot** · 01-11-2018, 01:45 AM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

They will, but Intel will loose a great deal of the performance lead they had with those platforms. And weren't they actually just because of compromising security for performance? I mean if they skip something here and there and save tens or hundreds of cycles per operation, that has to impact the IPC. AMD did not do it, so the chips were slower (not by that much if you optimise the code and use amd-optimised compiler, and yes, I mean even BD, but who does that, from reviewers anyway?), but as it now seems, better designed for security.

I can confirm though that in paralelised tasks, with 7 threads per FX-8150@4.1 GHz, it rips ass of everything I tested so far from Intel. Using fist

The best being i5-4570, i5-3570K or Xeon E5465. You certainly remember the old reviews where even top Vishera was barely keeping up even in multi-thread benchmarks with all the Intel chips. In reality, mining monero, it took TWO E5465 CPUs to beat the FX-8150@4.1 GHz by 14 %. Most single quad-cores barely touched half of the FX-8150 hashrate.

**eccerr0r** · 01-11-2018, 01:58 AM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

A lot of these appear to be theoretical attacks, and have merely proof of concept attacks which are legal code but shouldn't "work". Some of these take a long time to get an accurate read of a particular address. Plus Linux having address space randomization, at least for 64-bit, having to search for "interesting" data can take a while (though it can be done clandestine).

In any case, "localized" vs "remote" doesn't quite make sense in terms of the traditional sense of these - all variants require bad code to be explicitly downloaded to the machine to exploit. However I think meltdown might be easier to exploit as it can be done "faster" (in terms of reading MB/sec) than exploiting spectre.

**jayjr1105** · 01-11-2018, 07:26 AM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Apparently anything 4th gen Haswell and older is going to get hit hard by the Spectre bug patch. That's not even the Intel screw up one (meltdown)

Source

**mockingbird** · 01-11-2018, 08:27 AM

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Originally posted by eccerr0r

A lot of these appear to be theoretical attacks, and have merely proof of concept attacks which are legal code but shouldn't "work". Some of these take a long time to get an accurate read of a particular address. Plus Linux having address space randomization, at least for 64-bit, having to search for "interesting" data can take a while (though it can be done clandestine).

In any case, "localized" vs "remote" doesn't quite make sense in terms of the traditional sense of these - all variants require bad code to be explicitly downloaded to the machine to exploit. However I think meltdown might be easier to exploit as it can be done "faster" (in terms of reading MB/sec) than exploiting spectre.

Have you seen AMD's page regarding the three variants?

https://www.amd.com/en/corporate/speculative-execution
[quote]

Originally posted by jayjr1105

Apparently anything 4th gen Haswell and older is going to get hit hard by the Spectre bug patch. That's not even the Intel screw up one (meltdown)

Source

I can handle even a 50% slowdown on my Haswell... It will still be more than 100% faster than that old HP core2duo laptop which would slow to a crawl when virtualization was being used.

Some serious security bug in INTEL CPUs?? Since Westmere possibly

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Related Topics