Announcement

Collapse
No announcement yet.

Some serious security bug in INTEL CPUs?? Since Westmere possibly

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

    Originally posted by Stefan Payne View Post
    Yep, Intel fucked it up on CPUs that aren't able to run Windows 8.1 or later in 64bit mode.

    Maybe its possible to rip out the Harddrive, put it in a modern PC and deinstall the update and block it for now.
    FUCK, M$ fucked it up, Not Intel...

    Comment


      Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

      i suspect they plotted it together.
      before you apply a cpu patch you need to i.d. the cpu.
      and i dont just mean the make.

      so that code is intentionally targetting amd cpu-id's

      Comment


        Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

        btw, more fuckings from Intel!
        http://www.theregister.co.uk/2018/01..._amt_insecure/

        so now your laptop is only as secure as "ctrl-p"
        almost as funny as the win95 login box you bypassed by closing it!

        Comment


          Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

          Originally posted by stj View Post
          so now your laptop is only as secure as "ctrl-p"
          almost as funny as the win95 login box you bypassed by closing it!
          As I said, upthread:
          Security exploits are ALWAYS a matter of economics -- someone, somewhere, doesn't want to "pay" the price of maintaining the security that has been designed into the system (whether it is a piece of hardware, software or human policies).
          Customers (be they end users or IT droids) want to lower their costs (in the latter case, by making support "easier"). So, there is pressure on suppliers to provide those hooks. And, instead of forcing the user to set a "unique"/"good" password (which the software could obviously do before allowing the device to EVER boot), you rely on "best practices" and conscientious users to do the right thing (after all, it's THEIR computer and data; shouldn't THEY be the most concerned about its safety and integrity??).

          Work on a system with aggressive password policies (password aging, strong password selection criteria, etc.) and folks piss and moan about how much it "nags" them!

          Imagine if all your devices/accounts were aware of each other and could conspire to enforce a "unique credentials per account" (i.e., no single password/login valid on two different devices/accounts). People would be bullshit at the inconvenience it represented!

          Comment


            Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

            Hate to break your toys, but security through obscurity does NOT work.
            Less jewellery, more gold into electrotech industry! Half of the computer problems is caused by bad contacts

            Exclusive caps, meters and more!
            Hardware Insights - power supply reviews and more!

            Comment


              Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

              Originally posted by Behemot View Post
              Hate to break your toys, but security through obscurity does NOT work.
              Exactly. Security has to be treated as a first-class operational criteria (not a bolt-on afterthought). And, when dealing with customers/lusers who haven't yet caught on to the security implications of a product's (mis)design means you either educate them (even if that means highlighting security flaws in your competitors' products) or plan on losing them as individual sales (better to lose the sale than piss them off, later, when they discover how screwed THEIR lack of appreciation for the security aspects has left them!)

              I enjoy sitting naive friends down in front of a Shodan session and progressively explore more and more "revealing" exploitable devices. Inevitably, there's an "OhMiGosh!" moment -- followed by a pause as they wonder how many of their devices are similarly "leaking"...

              Comment


                Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                Originally posted by Behemot View Post
                Hate to break your toys, but security through obscurity does NOT work.
                This one was hidden pretty well if it dates back to the Pentium Pro days.....
                <--- Badcaps.net Founder

                Badcaps.net Services:

                Motherboard Repair Services

                ----------------------------------------------
                Badcaps.net Forum Members Folding Team
                http://folding.stanford.edu/
                Team : 49813
                Join in!!
                Team Stats

                Comment


                  Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                  It's more like a new vector was found where nobody even thought it could be used. OK, that happens. When all the fuzz settles down, we'll see what and how actually could be mis-used in reality.

                  What I meant though was that something about forcing user to use different password - that's just obscurity, nothing else.
                  Less jewellery, more gold into electrotech industry! Half of the computer problems is caused by bad contacts

                  Exclusive caps, meters and more!
                  Hardware Insights - power supply reviews and more!

                  Comment


                    Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                    Originally posted by Behemot View Post
                    What I meant though was that something about forcing user to use different password - that's just obscurity, nothing else.
                    No, it addresses the very real exploit of leveraging one "guessed" (or compromised) password to access multiple accounts/devices. It's like having a series of 8 doors on the entrance to your home, all keyed with the same lock and thinking this is more secure than one door with that same key. By contrast, 8 doors with different keys represents a greater challenge.

                    [If multiple passwords fits your definition of "obscurity" then ANY use of passwords would also just be obscurity, right? ]

                    If all of the (physical) devices that you own are keyed to the same (physical) key, then if I happen to find/steal one of those keys, I now have access to your home, car, safety deposit box, gym locker, business office, etc. If I can access those many things "at the speed of light" (electron flow) and remotely (without putting myself in personal jeopardy) and algorithmically (without even having to do any typing!), then you are at a considerable disadvantage when you discover that this has already happened.

                    [This is exactly the problem that "default passwords" causes -- one key unlocks all doors!]

                    By contrast, if one of those credentials are lost/compromised, then you can take pains to guard that resource, "change the lock" and be extra vigilant for attacks on other resources that aren't yet compromised.

                    Of course, this doesn't magically absolve you from treating those keys/credentials with care (not hiding the key under the door mat, not picking "passw0rd" as your password).

                    Comment


                      Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                      I don't even know how many accounts I have throughout the planet. So tell me how exactly could I remember all the passwords to them, Mr. Clever?

                      You would realize yourself it's crap if you thought about that from different viewpoints. Ppl who do this - what you suggest - than use some password vault with - wait for it - single password which unlocks all. Great. So they waste their life each time taking a password from this thing, but still have only single key to all the keys. That helps how exactly?

                      BTW - I just seriously think about replacing all the locks to a warehouse with some new ones from a common series with single general key to *all* of them. It's some decent BS to drag the whole sack with me all the time and to waste even more constantly looking for the right key.

                      You are one of the ppl who are possesed with single point of view, often without the actual ability to even look on it differently. I don't give a fuck about some absolute protection as I know nothing like that could exist in the first place. But protection which makes me crazy, steals my time and sometimes makes me do errors or even start pissing on it at all is as stupid as very basic protection. There is ALWAYS some compromise of different demands for a product, for normal ppl anyways.
                      Less jewellery, more gold into electrotech industry! Half of the computer problems is caused by bad contacts

                      Exclusive caps, meters and more!
                      Hardware Insights - power supply reviews and more!

                      Comment


                        Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                        A good listen/watch for those Curious... AMD has been all but completely thrown under the same bus with Intel thanks to the clueless tech media...

                        https://www.reddit.com/r/Amd/comment..._community_is/
                        --------------------------------------------------------------
                        Ryzen 3600x
                        16GB Patriot 3600MHz
                        MSI B450 Gaming Plus
                        MSI Air Boost Vega 56
                        Acer 32" 1440P Freesync
                        Rosewill Capstone 750W
                        --------------------------------------------------------------
                        Hakko FX-888D Station
                        FX-8802 Iron
                        MG Chem .8mm 63/37 RA 2.2%

                        Comment


                          Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                          Originally posted by Behemot
                          I don't even know how many accounts I have throughout the planet. So tell me how exactly could I remember all the passwords to them, Mr. Clever?
                          Google "mnemonic aid". You should have considered this issue when you create each account! Do you exercise similar carelessness with your finances?

                          I maintain at least a dozen machines, here, all with different logins and passwords. I look at the machine, read the hostname off the sticker attached to the front and then use that to trigger the memory of the login username and the associated password.

                          And, that doesn't count my email or other "online" accounts.

                          You would realize yourself it's crap if you thought about that from different viewpoints. Ppl who do this - what you suggest - than use some password vault with - wait for it - single password which unlocks all. Great. So they waste their life each time taking a password from this thing, but still have only single key to all the keys. That helps how exactly?
                          You were foolish to use the "password vault" without considering the consequences of its use. If my (meatware) memory fails me, I can consult a written sheet of account names and passwords. No "password" needed to access it -- and highly secure (you need to break into my home to get it and, at that point, all bets are off!)

                          BTW - I just seriously think about replacing all the locks to a warehouse with some new ones from a common series with single general key to *all* of them. It's some decent BS to drag the whole sack with me all the time and to waste even more constantly looking for the right key.
                          Read my comments regarding the economic reasons driving security vulnerabilities. You consider the size of your keyring to be a "high cost". Someone else might consider having to change their password weekly to be a high cost. Another might consider having to SET a password to be a high cost.

                          If it's YOUR warehouse and YOUR goods (or, if you are financially liable for them), then YOU are bearing the risk and consequences of your actions. Feel free to smoke in bed -- if you don't share the structure with any other "innocents" (we'll nominate you for the next Darwin Award!) Things are different when you are setting policy for others and THEY will bear the risk for YOUR decisions. And, folks designing operating systems, electronic security devices, banking/medical/mail systems, etc. are doing just that!

                          "Lets put a backdoor in the electronic doorlock so when folks lock themselves out they can call us and we can unlock the door -- remotely -- as a convenience for them!" (think: new cars)

                          You are one of the ppl who are possesed with single point of view, often without the actual ability to even look on it differently.
                          No, rather, I've looked at it from the other angles and realized this was the best solution to the problem. You, OTOH, seem to advocate for "admin:admin" solutions -- out of convenience (why bother with ANY password? so much easier and saves all of those silly keystrokes!)

                          You probably think the nuclear football is a silly example of overkill on the part of government officials: "Why not just a BIG BUTTON on the president's desk?? Imagine how much easier that will be to use when he has just minutes/seconds to make that decision!"

                          I don't give a fuck about some absolute protection as I know nothing like that could exist in the first place. But protection which makes me crazy, steals my time and sometimes makes me do errors or even start pissing on it at all is as stupid as very basic protection. There is ALWAYS some compromise of different demands for a product, for normal ppl anyways.
                          That is the very nature of the problem -- if it was "easy" it would have been solved, already. Likewise, we'd have no junk email, telemarketers, etc. as they would be similarly easy to "solve".

                          [E.g., each email or incoming phone call could be signed by the originators key. Before I even see/hear the message, the originator's identity could be verified and, knowing reliably who that person is, I could then act on the incoming message without fear of it being someone masquerading as him/her. He/she uses the same unforgeable credential to access ALL of his accounts on every machine and device in existence. "Simple", right?]

                          There is a trend towards biometric credentials (fingerprints, retinal scans, voice prints, etc.). The argument being that this is something that the user always has available (on their person) and doesn't have to rely on memory. Makes sense -- superficially. Grab one of the doorknobs in your warehouse and it recognizes YOU and opens -- magic!

                          The problem (once you think about it for a few seconds) is that you can never "rekey" your body. Once one of those credentials is compromised, you no longer are a certifiable entity -- you can't DO anything that requires authentication because "you" have been compromised (not "your password").

                          Comment


                            Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                            Originally posted by Stefan Payne View Post
                            @Topcat
                            Time to go more towards AMD, isn't it?

                            Because it would look bad for Intel if they didn't do that...
                            Well, on DistroWatch, "Spectre" looks worse than "Meltdown" as well.

                            If this is true, then AMD apparently don't care...
                            ASRock B550 PG Velocita

                            Ryzen 9 "Vermeer" 5900X

                            16 GB AData XPG Spectrix D41

                            Sapphire Nitro+ Radeon RX 6750 XT

                            eVGA Supernova G3 750W

                            Western Digital Black SN850 1TB NVMe SSD

                            Alienware AW3423DWF OLED




                            "¡Me encanta "Me Encanta o Enlistarlo con Hilary Farr!" -Mí mismo

                            "There's nothing more unattractive than a chick smoking a cigarette" -Topcat

                            "Today's lesson in pissivity comes in the form of a ziplock baggie full of GPU extension brackets & hardware that for the last ~3 years have been on my bench, always in my way, getting moved around constantly....and yesterday I found myself in need of them....and the bastards are now nowhere to be found! Motherfracker!!" -Topcat

                            "did I see a chair fly? I think I did! Time for popcorn!" -ratdude747

                            Comment


                              Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                              Originally posted by RJARRRPCGP View Post
                              Well, on DistroWatch, "Spectre" looks worse than "Meltdown" as well.

                              If this is true, then AMD apparently don't care...
                              Look at the Link to Arstechnica.

                              For Ryzen that's not true, RYZEN is not suceptible to Spectre - the same as Samsungs EXYNOS Processors as well.

                              Comment


                                Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                                Originally posted by Stefan Payne View Post
                                Look at the Link to Arstechnica.

                                For Ryzen that's not true, RYZEN is not suceptible to Spectre - the same as Samsungs EXYNOS Processors as well.
                                LOL AMD, you really want me to get a Ryzen and kick my Athlon X4 Kaveri to the curb, but I can't right now, because of limited funds! I want a Ryzen badly!
                                ASRock B550 PG Velocita

                                Ryzen 9 "Vermeer" 5900X

                                16 GB AData XPG Spectrix D41

                                Sapphire Nitro+ Radeon RX 6750 XT

                                eVGA Supernova G3 750W

                                Western Digital Black SN850 1TB NVMe SSD

                                Alienware AW3423DWF OLED




                                "¡Me encanta "Me Encanta o Enlistarlo con Hilary Farr!" -Mí mismo

                                "There's nothing more unattractive than a chick smoking a cigarette" -Topcat

                                "Today's lesson in pissivity comes in the form of a ziplock baggie full of GPU extension brackets & hardware that for the last ~3 years have been on my bench, always in my way, getting moved around constantly....and yesterday I found myself in need of them....and the bastards are now nowhere to be found! Motherfracker!!" -Topcat

                                "did I see a chair fly? I think I did! Time for popcorn!" -ratdude747

                                Comment


                                  Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                                  has anybody actually proved you can fuck-over an amd?
                                  because until they do, it's just theoretical bullshit from the backdoor fuckers at intel's pr department.

                                  Comment


                                    Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                                    Originally posted by stj View Post
                                    has anybody actually proved you can fuck-over an amd?
                                    because until they do, it's just theoretical bullshit from the backdoor fuckers at intel's pr department.
                                    Well, at least for pre-Ryzen, I dunno.

                                    But check out the Meltdown concept YT videos at:

                                    https://meltdownattack.com/
                                    Last edited by RJARRRPCGP; 01-20-2018, 08:50 AM.
                                    ASRock B550 PG Velocita

                                    Ryzen 9 "Vermeer" 5900X

                                    16 GB AData XPG Spectrix D41

                                    Sapphire Nitro+ Radeon RX 6750 XT

                                    eVGA Supernova G3 750W

                                    Western Digital Black SN850 1TB NVMe SSD

                                    Alienware AW3423DWF OLED




                                    "¡Me encanta "Me Encanta o Enlistarlo con Hilary Farr!" -Mí mismo

                                    "There's nothing more unattractive than a chick smoking a cigarette" -Topcat

                                    "Today's lesson in pissivity comes in the form of a ziplock baggie full of GPU extension brackets & hardware that for the last ~3 years have been on my bench, always in my way, getting moved around constantly....and yesterday I found myself in need of them....and the bastards are now nowhere to be found! Motherfracker!!" -Topcat

                                    "did I see a chair fly? I think I did! Time for popcorn!" -ratdude747

                                    Comment


                                      Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                                      Originally posted by RJARRRPCGP View Post
                                      LOL AMD, you really want me to get a Ryzen and kick my Athlon X4 Kaveri to the curb
                                      I feel that way about my harpertowns (5400 series xeons aren't on theur naughty list). Games are for kids and they do everything I need with power to spare!
                                      <--- Badcaps.net Founder

                                      Badcaps.net Services:

                                      Motherboard Repair Services

                                      ----------------------------------------------
                                      Badcaps.net Forum Members Folding Team
                                      http://folding.stanford.edu/
                                      Team : 49813
                                      Join in!!
                                      Team Stats

                                      Comment


                                        Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                                        Originally posted by Topcat View Post
                                        I feel that way about my harpertowns (5400 series xeons aren't on theur naughty list).
                                        Everything since Pentium Pro is affected.
                                        It's just Intel being assholes and not making Microcode updates available for CPU's older than 5 years.

                                        They did the same with WiFi chipsets and the KRACK attack: no new drivers for WiFi chipsets older than 5 years.
                                        "The one who says it cannot be done should never interrupt the one who is doing it."

                                        Comment


                                          Re: Some serious security bug in INTEL CPUs?? Since Westmere possibly

                                          Originally posted by Per Hansson View Post
                                          Everything since Pentium Pro is affected.
                                          It's just Intel being assholes and not making Microcode updates available for CPU's older than 5 years.

                                          They did the same with WiFi chipsets and the KRACK attack: no new drivers for WiFi chipsets older than 5 years.
                                          Westmere is older than 5....but yea, typical Intel. I guess the world will explode, I'm not gutting systems over this. This whole thing totally reeks planned obsolescence scam to begin with.
                                          <--- Badcaps.net Founder

                                          Badcaps.net Services:

                                          Motherboard Repair Services

                                          ----------------------------------------------
                                          Badcaps.net Forum Members Folding Team
                                          http://folding.stanford.edu/
                                          Team : 49813
                                          Join in!!
                                          Team Stats

                                          Comment

                                          Working...
                                          X