Badcaps.net Forum
Go Back   Badcaps Forums > General Topics > General Computer Discussion
Register FAQ Calendar Search Today's Posts Mark Forums Read

 
Thread Tools
Old 01-02-2018, 11:50 AM   #1
Stefan Payne
Badcaps Veteran
 
Join Date: Dec 2009
City & State: Northern Germany
My Country: Germany
Line Voltage: 230VAC/50Hz or 400VAC/3P/50Hz
I'm a: Knowledge Seeker
Posts: 861
Default Some serious security bug in INTEL CPUs?? Since Westmere possibly

Our Expert in one of the more elitest forums are speculating about some serious bug in all more modern Intel CPUs sold in the last 10 years and also right now.

In short: it seems possible that you can break out of the user space and do excecute code in the kernelspace. Something like that.
Sounds like it could be the worst security error in the last couple of years...

Here the Links (GERMAN!!!11)
https://www.forum-3dcenter.org/vbull...d.php?t=585993
https://www.computerbase.de/2018-01/...erheitsluecke/
Stefan Payne is offline   Reply With Quote
Old 01-02-2018, 01:05 PM   #2
Per Hansson
Super Moderator
 
Per Hansson's Avatar
 
Join Date: Jul 2005
City & State: ----
My Country: Sweden
Line Voltage: 230v 50Hz
I'm a: Knowledge Seeker
Posts: 3,963
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

So many issues with Intel's CPU's found in recent times!

https://www.badcaps.net/forum/showpo...16&postcount=4
__________________
"The one who says it cannot be done should never interrupt the one who is doing it."
Per Hansson is offline   Reply With Quote
Old 01-02-2018, 01:13 PM   #3
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 17,793
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

i'm sure it wasnt intentional.
stj is offline   Reply With Quote
Old 01-02-2018, 03:22 PM   #4
retiredcaps
Badcaps Veteran
 
Join Date: Apr 2010
City & State: Canada
Posts: 9,026
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

I like the FUCKWIT reference.

http://www.theregister.co.uk/2018/01...u_design_flaw/

"The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers."
__________________
--- begin sig file ---

If you are new to this forum, we can help a lot more if you please post clear focused pictures (max resolution 2000x2000 and 2MB) of your boards using the manage attachments button so they are hosted here. Information and picture clarity compositions should look like this post.

We respectfully ask that you make some time and effort to read some of the guides available for basic troubleshooting. After you have read through them, then ask clarification questions or report your findings.

Please do not post inline and offsite as they slow down the loading of pages.

--- end sig file ---
retiredcaps is offline   Reply With Quote
Old 01-02-2018, 04:35 PM   #5
Topcat
The Boss Stooge
 
Topcat's Avatar
 
Join Date: Oct 2003
City & State: Salem, MO
My Country: United States
Line Voltage: 120VAC 60Hz
I'm a: Professional Tech
Posts: 11,275
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

I smell a class action lawsuit.
__________________
<--- Badcaps.net Founder & Owner

Badcaps.net Services:

Premade Capacitor Kits
Badcaps.net Capacitor Master List


Motherboard Repair Services


If you've come here in search of replacement capacitors or repair services, please use the links above.
----------------------------------------------
Badcaps.net Forum Members Folding Team
http://folding.stanford.edu/
Team : 49813
Join in!!
Team Stats
Topcat is offline   Reply With Quote
Old 01-02-2018, 09:11 PM   #6
mockingbird
Badcaps Veteran
 
mockingbird's Avatar
 
Join Date: Dec 2008
Posts: 4,800
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

re-posted from elsewhere:

Quote:
There is evidence of a massive Intel CPU hardware bug (currently under embargo) that directly affects big cloud providers like Amazon and Google. The fix will introduce notable performance penalties on Intel machines (30-35%).

People have noticed a recent development in the Linux kernel: a rather massive, important redesign (page table isolation) is being introduced very fast for kernel standards... and being backported! The "official" reason is to incorporate a mitigation called KASLR... which most security experts consider almost useless. There's also some unusual, suspicious stuff going on: the documentation is missing, some of the comments are redacted (https://twitter.com/grsecurity/statu...47105684123649) and people with Intel, Amazon and Google emails are CC'd.

According to one of the people working on it, PTI is only needed for Intel CPUs, AMD is not affected by whatever it protects against (https://lkml.org/lkml/2017/12/27/2). PTI affects a core low-level feature (virtual memory) and has severe performance penalties: 29% for an i7-6700 and 34% for an i7-3770S, according to Brad Spengler from grsecurity. PTI is simply not active for AMD CPUs. The kernel flag is named X86_BUG_CPU_INSECURE and its description is "CPU is insecure and needs kernel page table isolation".

Microsoft has been silently working on a similar feature since November: https://twitter.com/aionescu/status/930412525111296000

People are speculating on a possible massive Intel CPU hardware bug that directly opens up serious vulnerabilities on big cloud providers which offer shared hosting (several VMs on a single host), for example by letting a VM read from or write to another one.

Summary article: http://pythonsweetness.tumblr.com/po...nux-page-table (a bit outdated, follow @grsecurity, @scarybeasts and others on Twitter for up-to-date info)

This is going to make headlines and will probably be the worst hardware bug in years.
Looks like this affects everything from the first Core (and Pentium-based Core series) and up.

If AMD chips didn't die from electron migration so quickly, one would almost be tempted to move to them after reading this.
EDIT by mods: discuss this last paragraph here instead please: https://www.badcaps.net/forum/showthread.php?t=66733
__________________
...Their plight, in fact is even worse, they don't realize that they're cantonists, they think they're free men. What a slavery that is - to confuse slavery for light, and bitter darkness for bright light.
-Rabbi Menachem Mendel Schneersohn

Last edited by Per Hansson; 01-03-2018 at 12:17 PM.. Reason: split threads
mockingbird is offline   Reply With Quote
Old 01-02-2018, 11:48 PM   #7
ratdude747
Black Sheep
 
ratdude747's Avatar
 
Join Date: Nov 2008
City & State: Madison, IN
My Country: USA
Line Voltage: 120VAC 60Hz
I'm a: Professional Tech
Posts: 15,463
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

Good news: only one of my workstations in operation is effected (runs Xeon Westmere EPs). My server and other workstations are either socket 940 Opteron X2's, or Netburst Socket 604 Xeons.

Bad News: There goes pretty much all of my laptop fleet (all of my Pentium M ones are dead with battery controller woes). Intel Atom (bay trail) also affected?

Intel.
__________________


(Insert witty quote here)
ratdude747 is offline   Reply With Quote
Old 01-03-2018, 12:38 PM   #8
Per Hansson
Super Moderator
 
Per Hansson's Avatar
 
Join Date: Jul 2005
City & State: ----
My Country: Sweden
Line Voltage: 230v 50Hz
I'm a: Knowledge Seeker
Posts: 3,963
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

I split this thread as per the small edit in mockingbird's post above.

As for the topic at hand:


Reposting a quote from this over at Techspot by a commenter that I found very fitting:
Quote:
Posted by senketsu on Techspot:
A Google search for "CVE-2017-5925 Class: Design Error" took me to a nice National Institute
of Standards and Technology National Vulnerability Database that gives tech folk more details.
Unbelieveable that this was known (as @noname points out) as early as 27 Feb 2017.
I don't understand most of this page, but when I see stuff like:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information
my morale falls into my shoes, my jaw hits the floor....gobsmacked as they say
Overused word, but this truly is unbelieveable
It's almost like if you say worked at Intel, maybe being it's CEO and knew about this since February 2017, that you'd be interested in some insider trading?

https://www.nystocknews.com/2017/12/...poration-intc/

https://www.reuters.com/finance/stoc...rtDir=&sortBy=

https://www.fool.com/investing/2017/...-of-stock.aspx
Attached Images
File Type: png Intel Stock.png (42.4 KB, 195 views)

Last edited by Per Hansson; 01-03-2018 at 01:32 PM..
Per Hansson is offline   Reply With Quote
Old 01-03-2018, 12:52 PM   #9
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 17,793
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

lol
now check the stock movement records of all board-members and look for collusion between them.

then you have a conspiracy and RICO can be applied!!!
stj is offline   Reply With Quote
Old 01-03-2018, 01:09 PM   #10
retiredcaps
Badcaps Veteran
 
Join Date: Apr 2010
City & State: Canada
Posts: 9,026
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

I'm not defending Intel, but many big companies that offer stock options, it is common for the CXO suite to have pre-determined sell and volume dates in the future.

These dates are usually after they make quarterly announcements. In addition, there are usually blackout dates. For example, if the CXO knows they will miss a quarter very badly (i.e. revenue or profit), they cannot sell 1 or 2 weeks before announcing the results.
retiredcaps is offline   Reply With Quote
Old 01-03-2018, 01:34 PM   #11
Per Hansson
Super Moderator
 
Per Hansson's Avatar
 
Join Date: Jul 2005
City & State: ----
My Country: Sweden
Line Voltage: 230v 50Hz
I'm a: Knowledge Seeker
Posts: 3,963
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

He used to have over 500k shares, since November he has only 250k shares.
And guess what the minimum number of shares the CEO at Intel may have is?
If you don't find that highly suspicious I guess we have different standards

Late edit: here it's put in words better than I can:
http://www.nasdaq.com/symbol/intc/insider-trades

In the last three months, insiders executed a total of 27 trades. 27 were sells. Insider ownership decreased by a total of 796378 shares, which suggests that INTC’s key executives are feeling less optimistic about the outlook for the stock. The data from the past twelve months tells a similar story: insiders executed 3 buys and 102 sells, and ownership decreased by a net of 1.98 million shares.
Source: https://stocknewsgazette.com/2017/11...poration-intc/

Last edited by Per Hansson; 01-03-2018 at 01:48 PM..
Per Hansson is offline   Reply With Quote
Old 01-03-2018, 07:15 PM   #12
retiredcaps
Badcaps Veteran
 
Join Date: Apr 2010
City & State: Canada
Posts: 9,026
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

Quote:
Originally Posted by Per Hansson View Post
He used to have over 500k shares, since November he has only 250k shares.
And guess what the minimum number of shares the CEO at Intel may have is?
If you don't find that highly suspicious I guess we have different standards
I don't find that it suspicious because I'm more familiar with how these stock options and things work especially in high profile world wide known companies. If this were a no name company on the penny stock exchange, I would agree with you.

All CXOs will get new options every year or annually regardless of how well or bad they do. All options have an expiry. They have to sell otherwise they expire worthless.

All CXOs get options for free ($0). Some companies do require that CXOs purchase or hold a minimum amount of stock, but this is a mere drop in the bucket compared to the stock options potential especially in a bull market.

Personally, I don't like the stock options as a compensation model for CXOs because it alienates everyday employees. A CXO make might $100 Million with stock options and a basic Intel engineer might make $100K with no options.

Last edited by retiredcaps; 01-03-2018 at 07:17 PM..
retiredcaps is offline   Reply With Quote
Old 01-03-2018, 07:30 PM   #13
retiredcaps
Badcaps Veteran
 
Join Date: Apr 2010
City & State: Canada
Posts: 9,026
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

Quote:
Originally Posted by Per Hansson View Post
In the last three months, insiders executed a total of 27 trades. 27 were sells. Insider ownership decreased by a total of 796378 shares, which suggests that INTC’s key executives are feeling less optimistic about the outlook for the stock. The data from the past twelve months tells a similar story: insiders executed 3 buys and 102 sells, and ownership decreased by a net of 1.98 million shares.
You will find the above to be similar for any Fortune 500 company. Especially in a long in the tooth bull market.
retiredcaps is offline   Reply With Quote
Old 01-03-2018, 10:24 PM   #14
retiredcaps
Badcaps Veteran
 
Join Date: Apr 2010
City & State: Canada
Posts: 9,026
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

Again, I'm not defending Intel and or its CEO, just saying that planned sales are in place for big companies.

http://www.businessinsider.com/intel...ip-flaw-2018-1

"To avoid charges of trading on insider knowledge, executives often put in place plans that automatically sell a portion of their stock holdings or exercise some of their options on a pre-determined schedule, typically referred to as Rule 10b5-1(c) trading plans. According to an SEC filing, the holdings that Krzanich sold in November — 245,743 shares of stock he owned outright and 644,135 shares he got from exercising his options — were divested under just such a trading plan. "
retiredcaps is offline   Reply With Quote
Old 01-03-2018, 11:58 PM   #15
ratdude747
Black Sheep
 
ratdude747's Avatar
 
Join Date: Nov 2008
City & State: Madison, IN
My Country: USA
Line Voltage: 120VAC 60Hz
I'm a: Professional Tech
Posts: 15,463
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

Oh shit:

http://www.zdnet.com/article/securit...rs-vulnerable/

According to that the issue goes back to 1995... Which if memory serves would be the Pentium Pro, the first P6 platform and would make sense as a point of a common problem emerging. P6 had many things in the cache design changed (such as having on-die L2 cache in the first place).

I doubt it was "added" as a backdoor; probably a design flaw that was never fixed. Was it discovered and then kept open as a backdoor? Possibly. I smell a class action suit brewing.
ratdude747 is offline   Reply With Quote
Old 01-04-2018, 07:24 AM   #16
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 17,793
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

i was thinking less of a backdoor, more of a performance trick.
remember at that time they had competition from AMD and Cyrix for the same mobo sockets!!

i have a nice mobo here now from my old tower with a K6-2 on it.
stj is offline   Reply With Quote
Old 01-04-2018, 11:30 AM   #17
Per Hansson
Super Moderator
 
Per Hansson's Avatar
 
Join Date: Jul 2005
City & State: ----
My Country: Sweden
Line Voltage: 230v 50Hz
I'm a: Knowledge Seeker
Posts: 3,963
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

Quote:
Originally Posted by retiredcaps View Post
I don't find that it suspicious because I'm more familiar with how these stock options and things work especially in high profile world wide known companies. If this were a no name company on the penny stock exchange, I would agree with you.
Certain others disagree:

https://www.avanza.se/placera/pressm...rporation.html

https://www.marketwatch.com/story/in...ure-2018-01-03
Per Hansson is offline   Reply With Quote
Old 01-04-2018, 12:40 PM   #18
Curious.George
Badcaps Veteran
 
Join Date: Nov 2011
Posts: 509
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

Quote:
Originally Posted by stj View Post
i was thinking less of a backdoor, more of a performance trick.
Exactly. Lots of bugs creep in when designers get "too creative by half" in their attempts to squeeze more performance out of designs -- instead of concentrating on other issues (like "correctness" or "security"). The Linux weenies fail to see these cautionary omens in their obsession with performance as an end to justify all.

I take a more practical approach: design things "correctly" and "securely" and let the technological advances make it faster. It costs a lot to back-port "fixes" to deal with past sins!
Curious.George is offline   Reply With Quote
Old 01-04-2018, 01:51 PM   #19
tom66
Wants a Tesla
 
tom66's Avatar
 
Join Date: Apr 2011
City & State: Leeds
My Country: UK
Line Voltage: 230Vac 50Hz
I'm a: Student Tech
Posts: 31,778
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

The performance bug is actually *really* interesting, and also fucking terrible because there's literally *no way* to patch it on any processor without completing changing how CPUs work.

Effectively, processors perform "speculative execution" and "out of order execution" where upon hitting a branch instruction in code, may decide to execute instructions ahead of time, before the result of the branch is known. This is a performance advantage, because in many cases the branch could take many cycles to evaluate (if it needs to read from arbitrary memory, then up to 300 cycles on a modern i7). So the processor executes these instructions and then if it finds out later that the branch was wrong, it rolls back the results. This is completely transparent to the user: incorrect data is never visible or committed.

Spectre seems to work by exploiting speculative execution, which processors have had for about 15 years. You can write code that will trick the branch prediction logic into executing a block of malicious code. The code will run speculatively - but the catch is, it's not possible for the CPU to prevent reads to protected areas of memory, like other processes or the OS kernel. The CPU sorts this out *after* the speculative execution has finished, and it can check which areas are OK and which are no go (it must do this check afterwards because it can't be sure of the memory map yet). Now, normally this is not a problem because the malicious code cannot "output" anything - it remains transparent as the results never get committed because the addresses are found to be prohibited. But, by inserting timing-dependent code into the speculative execution block, you can "leak" data out of the execution path. You could make it take 10 cycles to process a "1" and 2 cycles to process a "0", then time many hundreds of executions.

The example Google provided can read out any memory at 11KB/s, which isn't fast, but it's more than fast enough to exploit a system within ~10 minutes. You only need to find the Windows/Linux kernel process table, then you know the addresses of each application and can go to town on reading passwords, security keys, etc.

It's a complete bombshell, and I'm frankly surprised INTC and other companies aren't feeling a stronger hit.
__________________
Please do not PM me with questions! Questions via PM will not be answered. Post on the forums instead!
Free service manuals: http://www.toms-service-manuals.com/ -- 72 LED/LCD TVs, 5 monitors, 28 plasma TVs, and 2 AVR 6.1 amplifiers fixed!

2 Pioneer KURO 9G, 12 Panasonic LCD/Plasma, 1 Sony LCD, 1 NEC Plasma, 2 Yamaha HTS, 5 Sharp LCDs, 5 Toshiba LCDs, 7 Philips Plasma/LCD, 1 Hitachi Plasma, 11 LG LCD/Plasma, 18 Samsung LED/LCD/Plasma, 1 Thomson Plasma, 1 Atec LCD, 1 Hanspree LCD, 1 Xerox LCD, 1 Harwa LCD, 2 Proview LCD, 2 Hyundai LCD, 1 "Onn" LCD, 1 Grundig LCD, 1 Dell LCD, 1 iiyama LCD, 1 Acer LED, 1 Logik LCD, 1 Baird (China) LCD, 6 Bush LCDs, 22 Vestel LCDs (Best->Worst)
tom66 is offline   Reply With Quote
Old 01-04-2018, 02:13 PM   #20
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 17,793
Default Re: Some serious security bug in INtel CPUs?? Since Westmere possibly

so, what does the future hold?
Amiga,
or Unix on PPC / MIPS?
stj is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Badcaps.net Technical Forums © 2003 - 2018
Powered by vBulletin ®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
All times are GMT -6. The time now is 01:47 AM.

Did you find this forum helpful?