Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

So many issues with Intel's CPU's found in recent times!

https://www.badcaps.net/forum/showpo...16&postcount=4

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

i'm sure it wasnt intentional.

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

I like the FUCKWIT reference.

http://www.theregister.co.uk/2018/01...u_design_flaw/

"The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers."

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

I smell a class action lawsuit.

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

re-posted from elsewhere:

Looks like this affects everything from the first Core (and Pentium-based Core series) and up.

If AMD chips didn't die from electron migration so quickly, one would almost be tempted to move to them after reading this.
EDIT by mods: discuss this last paragraph here instead please: https://www.badcaps.net/forum/showthread.php?t=66733

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

Good news: only one of my workstations in operation is effected (runs Xeon Westmere EPs). My server and other workstations are either socket 940 Opteron X2's, or Netburst Socket 604 Xeons.

Bad News: There goes pretty much all of my laptop fleet (all of my Pentium M ones are dead with battery controller woes). Intel Atom (bay trail) also affected?

Intel.

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

I split this thread as per the small edit in mockingbird's post above.

As for the topic at hand:


Reposting a quote from this over at Techspot by a commenter that I found very fitting:
It's almost like if you say worked at Intel, maybe being it's CEO and knew about this since February 2017, that you'd be interested in some insider trading?

https://www.nystocknews.com/2017/12/...poration-intc/

https://www.reuters.com/finance/stoc...rtDir=&sortBy=

https://www.fool.com/investing/2017/...-of-stock.aspx

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

lol
now check the stock movement records of all board-members and look for collusion between them.

then you have a conspiracy and RICO can be applied!!!

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

I'm not defending Intel, but many big companies that offer stock options, it is common for the CXO suite to have pre-determined sell and volume dates in the future.

These dates are usually after they make quarterly announcements. In addition, there are usually blackout dates. For example, if the CXO knows they will miss a quarter very badly (i.e. revenue or profit), they cannot sell 1 or 2 weeks before announcing the results.

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

He used to have over 500k shares, since November he has only 250k shares.
And guess what the minimum number of shares the CEO at Intel may have is?
If you don't find that highly suspicious I guess we have different standards

Late edit: here it's put in words better than I can:
http://www.nasdaq.com/symbol/intc/insider-trades

In the last three months, insiders executed a total of 27 trades. 27 were sells. Insider ownership decreased by a total of 796378 shares, which suggests that INTC’s key executives are feeling less optimistic about the outlook for the stock. The data from the past twelve months tells a similar story: insiders executed 3 buys and 102 sells, and ownership decreased by a net of 1.98 million shares.
Source: https://stocknewsgazette.com/2017/11...poration-intc/

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

I don't find that it suspicious because I'm more familiar with how these stock options and things work especially in high profile world wide known companies. If this were a no name company on the penny stock exchange, I would agree with you.

All CXOs will get new options every year or annually regardless of how well or bad they do. All options have an expiry. They have to sell otherwise they expire worthless.

All CXOs get options for free ($0). Some companies do require that CXOs purchase or hold a minimum amount of stock, but this is a mere drop in the bucket compared to the stock options potential especially in a bull market.

Personally, I don't like the stock options as a compensation model for CXOs because it alienates everyday employees. A CXO make might $100 Million with stock options and a basic Intel engineer might make $100K with no options.

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

You will find the above to be similar for any Fortune 500 company. Especially in a long in the tooth bull market.

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

Again, I'm not defending Intel and or its CEO, just saying that planned sales are in place for big companies.

http://www.businessinsider.com/intel...ip-flaw-2018-1

"To avoid charges of trading on insider knowledge, executives often put in place plans that automatically sell a portion of their stock holdings or exercise some of their options on a pre-determined schedule, typically referred to as Rule 10b5-1(c) trading plans. According to an SEC filing, the holdings that Krzanich sold in November — 245,743 shares of stock he owned outright and 644,135 shares he got from exercising his options — were divested under just such a trading plan. "

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

Oh shit:

http://www.zdnet.com/article/securit...rs-vulnerable/

According to that the issue goes back to 1995... Which if memory serves would be the Pentium Pro, the first P6 platform and would make sense as a point of a common problem emerging. P6 had many things in the cache design changed (such as having on-die L2 cache in the first place).

I doubt it was "added" as a backdoor; probably a design flaw that was never fixed. Was it discovered and then kept open as a backdoor? Possibly. I smell a class action suit brewing.

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

i was thinking less of a backdoor, more of a performance trick.
remember at that time they had competition from AMD and Cyrix for the same mobo sockets!!

i have a nice mobo here now from my old tower with a K6-2 on it.

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

Certain others disagree:

https://www.avanza.se/placera/pressm...rporation.html

https://www.marketwatch.com/story/in...ure-2018-01-03

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

Exactly. Lots of bugs creep in when designers get "too creative by half" in their attempts to squeeze more performance out of designs -- instead of concentrating on other issues (like "correctness" or "security"). The Linux weenies fail to see these cautionary omens in their obsession with performance as an end to justify all.

I take a more practical approach: design things "correctly" and "securely" and let the technological advances make it faster. It costs a lot to back-port "fixes" to deal with past sins!

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

The performance bug is actually *really* interesting, and also fucking terrible because there's literally *no way* to patch it on any processor without completing changing how CPUs work.

Effectively, processors perform "speculative execution" and "out of order execution" where upon hitting a branch instruction in code, may decide to execute instructions ahead of time, before the result of the branch is known. This is a performance advantage, because in many cases the branch could take many cycles to evaluate (if it needs to read from arbitrary memory, then up to 300 cycles on a modern i7). So the processor executes these instructions and then if it finds out later that the branch was wrong, it rolls back the results. This is completely transparent to the user: incorrect data is never visible or committed.

Spectre seems to work by exploiting speculative execution, which processors have had for about 15 years. You can write code that will trick the branch prediction logic into executing a block of malicious code. The code will run speculatively - but the catch is, it's not possible for the CPU to prevent reads to protected areas of memory, like other processes or the OS kernel. The CPU sorts this out *after* the speculative execution has finished, and it can check which areas are OK and which are no go (it must do this check afterwards because it can't be sure of the memory map yet). Now, normally this is not a problem because the malicious code cannot "output" anything - it remains transparent as the results never get committed because the addresses are found to be prohibited. But, by inserting timing-dependent code into the speculative execution block, you can "leak" data out of the execution path. You could make it take 10 cycles to process a "1" and 2 cycles to process a "0", then time many hundreds of executions.

The example Google provided can read out any memory at 11KB/s, which isn't fast, but it's more than fast enough to exploit a system within ~10 minutes. You only need to find the Windows/Linux kernel process table, then you know the addresses of each application and can go to town on reading passwords, security keys, etc.

It's a complete bombshell, and I'm frankly surprised INTC and other companies aren't feeling a stronger hit.

Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

so, what does the future hold?
Amiga,
or Unix on PPC / MIPS?