Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

FUCK, M$ fucked it up, Not Intel...

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

i suspect they plotted it together.
before you apply a cpu patch you need to i.d. the cpu.
and i dont just mean the make.

so that code is intentionally targetting amd cpu-id's

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

btw, more fuckings from Intel!
http://www.theregister.co.uk/2018/01..._amt_insecure/

so now your laptop is only as secure as "ctrl-p"
almost as funny as the win95 login box you bypassed by closing it!

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

As I said, upthread:
Customers (be they end users or IT droids) want to lower their costs (in the latter case, by making support "easier"). So, there is pressure on suppliers to provide those hooks. And, instead of forcing the user to set a "unique"/"good" password (which the software could obviously do before allowing the device to EVER boot), you rely on "best practices" and conscientious users to do the right thing (after all, it's THEIR computer and data; shouldn't THEY be the most concerned about its safety and integrity??).

Work on a system with aggressive password policies (password aging, strong password selection criteria, etc.) and folks piss and moan about how much it "nags" them!

Imagine if all your devices/accounts were aware of each other and could conspire to enforce a "unique credentials per account" (i.e., no single password/login valid on two different devices/accounts). People would be bullshit at the inconvenience it represented!

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Hate to break your toys, but security through obscurity does NOT work.

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Exactly. Security has to be treated as a first-class operational criteria (not a bolt-on afterthought). And, when dealing with customers/lusers who haven't yet caught on to the security implications of a product's (mis)design means you either educate them (even if that means highlighting security flaws in your competitors' products) or plan on losing them as individual sales (better to lose the sale than piss them off, later, when they discover how screwed THEIR lack of appreciation for the security aspects has left them!)

I enjoy sitting naive friends down in front of a Shodan session and progressively explore more and more "revealing" exploitable devices. Inevitably, there's an "OhMiGosh!" moment -- followed by a pause as they wonder how many of their devices are similarly "leaking"...

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

This one was hidden pretty well if it dates back to the Pentium Pro days.....

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

It's more like a new vector was found where nobody even thought it could be used. OK, that happens. When all the fuzz settles down, we'll see what and how actually could be mis-used in reality.

What I meant though was that something about forcing user to use different password - that's just obscurity, nothing else.

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

No, it addresses the very real exploit of leveraging one "guessed" (or compromised) password to access multiple accounts/devices. It's like having a series of 8 doors on the entrance to your home, all keyed with the same lock and thinking this is more secure than one door with that same key. By contrast, 8 doors with different keys represents a greater challenge.

[If multiple passwords fits your definition of "obscurity" then ANY use of passwords would also just be obscurity, right? ]

If all of the (physical) devices that you own are keyed to the same (physical) key, then if I happen to find/steal one of those keys, I now have access to your home, car, safety deposit box, gym locker, business office, etc. If I can access those many things "at the speed of light" (electron flow) and remotely (without putting myself in personal jeopardy) and algorithmically (without even having to do any typing!), then you are at a considerable disadvantage when you discover that this has already happened.

[This is exactly the problem that "default passwords" causes -- one key unlocks all doors!]

By contrast, if one of those credentials are lost/compromised, then you can take pains to guard that resource, "change the lock" and be extra vigilant for attacks on other resources that aren't yet compromised.

Of course, this doesn't magically absolve you from treating those keys/credentials with care (not hiding the key under the door mat, not picking "passw0rd" as your password).

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

I don't even know how many accounts I have throughout the planet. So tell me how exactly could I remember all the passwords to them, Mr. Clever?

You would realize yourself it's crap if you thought about that from different viewpoints. Ppl who do this - what you suggest - than use some password vault with - wait for it - single password which unlocks all. Great. So they waste their life each time taking a password from this thing, but still have only single key to all the keys. That helps how exactly?

BTW - I just seriously think about replacing all the locks to a warehouse with some new ones from a common series with single general key to *all* of them. It's some decent BS to drag the whole sack with me all the time and to waste even more constantly looking for the right key.

You are one of the ppl who are possesed with single point of view, often without the actual ability to even look on it differently. I don't give a fuck about some absolute protection as I know nothing like that could exist in the first place. But protection which makes me crazy, steals my time and sometimes makes me do errors or even start pissing on it at all is as stupid as very basic protection. There is ALWAYS some compromise of different demands for a product, for normal ppl anyways.

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

A good listen/watch for those Curious... AMD has been all but completely thrown under the same bus with Intel thanks to the clueless tech media...

https://www.reddit.com/r/Amd/comment..._community_is/

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Google "mnemonic aid". You should have considered this issue when you create each account! Do you exercise similar carelessness with your finances?

I maintain at least a dozen machines, here, all with different logins and passwords. I look at the machine, read the hostname off the sticker attached to the front and then use that to trigger the memory of the login username and the associated password.

And, that doesn't count my email or other "online" accounts.

You were foolish to use the "password vault" without considering the consequences of its use. If my (meatware) memory fails me, I can consult a written sheet of account names and passwords. No "password" needed to access it -- and highly secure (you need to break into my home to get it and, at that point, all bets are off!)

Read my comments regarding the economic reasons driving security vulnerabilities. You consider the size of your keyring to be a "high cost". Someone else might consider having to change their password weekly to be a high cost. Another might consider having to SET a password to be a high cost.

If it's YOUR warehouse and YOUR goods (or, if you are financially liable for them), then YOU are bearing the risk and consequences of your actions. Feel free to smoke in bed -- if you don't share the structure with any other "innocents" (we'll nominate you for the next Darwin Award!) Things are different when you are setting policy for others and THEY will bear the risk for YOUR decisions. And, folks designing operating systems, electronic security devices, banking/medical/mail systems, etc. are doing just that!

"Lets put a backdoor in the electronic doorlock so when folks lock themselves out they can call us and we can unlock the door -- remotely -- as a convenience for them!" (think: new cars)

No, rather, I've looked at it from the other angles and realized this was the best solution to the problem. You, OTOH, seem to advocate for "admin:admin" solutions -- out of convenience (why bother with ANY password? so much easier and saves all of those silly keystrokes!)

You probably think the nuclear football is a silly example of overkill on the part of government officials: "Why not just a BIG BUTTON on the president's desk?? Imagine how much easier that will be to use when he has just minutes/seconds to make that decision!"

That is the very nature of the problem -- if it was "easy" it would have been solved, already. Likewise, we'd have no junk email, telemarketers, etc. as they would be similarly easy to "solve".

[E.g., each email or incoming phone call could be signed by the originators key. Before I even see/hear the message, the originator's identity could be verified and, knowing reliably who that person is, I could then act on the incoming message without fear of it being someone masquerading as him/her. He/she uses the same unforgeable credential to access ALL of his accounts on every machine and device in existence. "Simple", right?]

There is a trend towards biometric credentials (fingerprints, retinal scans, voice prints, etc.). The argument being that this is something that the user always has available (on their person) and doesn't have to rely on memory. Makes sense -- superficially. Grab one of the doorknobs in your warehouse and it recognizes YOU and opens -- magic!

The problem (once you think about it for a few seconds) is that you can never "rekey" your body. Once one of those credentials is compromised, you no longer are a certifiable entity -- you can't DO anything that requires authentication because "you" have been compromised (not "your password").

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Well, on DistroWatch, "Spectre" looks worse than "Meltdown" as well.

If this is true, then AMD apparently don't care...

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Look at the Link to Arstechnica.

For Ryzen that's not true, RYZEN is not suceptible to Spectre - the same as Samsungs EXYNOS Processors as well.

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

LOL AMD, you really want me to get a Ryzen and kick my Athlon X4 Kaveri to the curb, but I can't right now, because of limited funds! I want a Ryzen badly!

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

has anybody actually proved you can fuck-over an amd?
because until they do, it's just theoretical bullshit from the backdoor fuckers at intel's pr department.

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Well, at least for pre-Ryzen, I dunno.

But check out the Meltdown concept YT videos at:

https://meltdownattack.com/

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

I feel that way about my harpertowns (5400 series xeons aren't on theur naughty list). Games are for kids and they do everything I need with power to spare!

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Everything since Pentium Pro is affected.
It's just Intel being assholes and not making Microcode updates available for CPU's older than 5 years.

They did the same with WiFi chipsets and the KRACK attack: no new drivers for WiFi chipsets older than 5 years.

Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

Westmere is older than 5....but yea, typical Intel. I guess the world will explode, I'm not gutting systems over this. This whole thing totally reeks planned obsolescence scam to begin with.