I repair allot of older stuff too, industrial stuff never becomes obsolete per se.
As long as you can find components or repair the old ones the customer will keep using the machines...
Of course I don't post very frequently about these repairs, but some I do post about.

https://www.badcaps.net/forum/showthread.php?t=39747

https://www.badcaps.net/forum/showthread.php?t=37091

http://www.jonnyguru.com/forums/show...78&postcount=5

This is not remotely exploitable, you need a way to put code on a victims system.
For example Javascript in a browser from a shady website.
Or malicious code via some other entry point like e-mail or such.
None of this should be running on a fileserver so that wont even need to be patched technically, because walled off properly it could never be exploited.

Of course, there are things like CNC machines or embedded stuff using that. Even Pentiums III, I think it was Per Hansson repairing such device recently and posting it here?

Of course, there are things like CNC machines or embedded stuff using that. Even Pentiums III, I think it was Per Hansson repairing such device recently and posting it here?

^
I know corporations still using pentium4-era stuff....I still get things that old in for repair by businesses.

People that cannot afford to replace their systems will need some workaround. Perhaps using an AMD machine as a file server for their unprotected Intel boxes.

How is this accomplished and would it work?

^
I know corporations still using pentium4-era stuff....I still get things that old in for repair by businesses.

Look at the Link to Arstechnica.

For Ryzen that's not true, RYZEN is not suceptible to Spectre - the same as Samsungs EXYNOS Processors as well.

intel does not produce bioses. (except for it's own boards)
they produce microcode and modules - updates are regularly put out.
it's upto the motherboard maker to bother compiling an update or not.

The performance bug is actually *really* interesting, and also fucking terrible because there's literally *no way* to patch it on any processor without completing changing how CPUs work.

Effectively, processors perform "speculative execution" and "out of order execution" where upon hitting a branch instruction in code, may decide to execute instructions ahead of time, before the result of the branch is known. This is a performance advantage, because in many cases the branch could take many cycles to evaluate (if it needs to read from arbitrary memory, then up to 300 cycles on a modern i7). So the processor executes these instructions and then if it finds out later that the branch was wrong, it rolls back the results. This is completely transparent to the user: incorrect data is never visible or committed.

Spectre seems to work by exploiting speculative execution, which processors have had for about 15 years. You can write code that will trick the branch prediction logic into executing a block of malicious code. The code will run speculatively - but the catch is, it's not possible for the CPU to prevent reads to protected areas of memory, like other processes or the OS kernel. The CPU sorts this out *after* the speculative execution has finished, and it can check which areas are OK and which are no go (it must do this check afterwards because it can't be sure of the memory map yet). Now, normally this is not a problem because the malicious code cannot "output" anything - it remains transparent as the results never get committed because the addresses are found to be prohibited. But, by inserting timing-dependent code into the speculative execution block, you can "leak" data out of the execution path. You could make it take 10 cycles to process a "1" and 2 cycles to process a "0", then time many hundreds of executions.

The example Google provided can read out any memory at 11KB/s, which isn't fast, but it's more than fast enough to exploit a system within ~10 minutes. You only need to find the Windows/Linux kernel process table, then you know the addresses of each application and can go to town on reading passwords, security keys, etc.

It's a complete bombshell, and I'm frankly surprised INTC and other companies aren't feeling a stronger hit.

Westmere is older than 5....but yea, typical Intel. I guess the world will explode, I'm not gutting systems over this. This whole thing totally reeks planned obsolescence scam to begin with.

Everything since Pentium Pro is affected.
It's just Intel being assholes and not making Microcode updates available for CPU's older than 5 years.

They did the same with WiFi chipsets and the KRACK attack: no new drivers for WiFi chipsets older than 5 years.

I feel that way about my harpertowns (5400 series xeons aren't on theur naughty list).

LOL AMD, you really want me to get a Ryzen and kick my Athlon X4 Kaveri to the curb