It looks like you're new here. If you want to get involved, click one of these buttons!
A major security vulnerability and performance issue has been discovered in virtually all Intel chipsets, researchers and analysts warn. A fundamental design flaw in Intel's processor chips has forced the company to undergo a significant redesign of the Linux and Windows kernels to resolve the chip-level security bug. Linux and Windows programmers are busy working on updates that should resolve the security vulnerability, but could result in a performance hit for Intel chipsets upwards of 30%.
Brenics ~ Just to point out I do believe Chris Roberts is going down as the man who cheated backers and took down crowdfunding for gaming.
Comments
Wa min God! Se æx on min heafod is!
Not worth losing up to 50% in performance when a virus is fixed in less than an hour.
My Skyrim, Fallout 4, Starbound and WoW + other game mods at MODDB:
https://www.moddb.com/mods/skyrim-anime-overhaul
This could lead to massive law suits,especially from any firm that can prove being hacked and suffer financial losses.
My gut feeling,is that it has always been planned that way as part of Microsoft spying and embedding and just all around corrupt ways of doing business.Anyone that can straight up say they trust Microsoft is super naive.
Definitely more news to come on this by end of month and what happens to all the systems that are basically downgraded because of the hit we will take after the patch?They sell their hardware based on numbers and various marketing schemes,well if all of that if smashed,then again it could create some lawful refunds or again law suits on misleading information but again has to be proved that they knew.
This leads to another problem and how law screws us over,i bet the most important "to know" employees inside of Microsoft that could leak out information are under strict contracts/oath to not say anything or land in jail.
Never forget 3 mile Island and never trust a government official or company spokesman.
I'm not privy to the details, so I really don't know how severe it is. The people who know aren't talking, for good reasons. They don't want hackers to be able to start trying to exploit the glitch any earlier than necessary--preferably not until patches have been issued to everything affected.
It's also likely that, if you're on Windows 10, you won't be given a choice. The patch will be mandatory and you won't be given an option to block it short of disconnecting from the Internet entirely. On older versions of Windows that are still supported, the patch will be marked critical or some such so it will get installed unless you go out of your way to prevent it or don't install updates at all.
There's also the question of how severe the performance hit will be. I could nearly guarantee you that there will be some programs where the performance difference is too small to measure and others where it will be large. No clue what the average or typical performance hit will look like, however.
1) Why would Microsoft want to create a hardware security flaw in Intel processors?
2) How would Microsoft create a security flaw in Intel processors even if they wanted to?
3) How would Microsoft manage to make all OSes affected by the flaw, including Linux and OS X?
It's also extremely implausible that Intel has known of the flaw for years. If they knew of it several years ago, they'd have fixed it in newer generations of CPUs.
Tobacco companies knew their products killed people and denied it and still deny it.
In the 1960s, the sugar industry funded research that downplayed the risks of sugar and highlighted the hazards of fat, according to a newly published article in JAMA Internal Medicine.
The article draws on internal documents to show that an industry group called the Sugar Research Foundation wanted to "refute" concerns about sugar's possible role in heart disease. The SRF then sponsored research by Harvard scientists that did just that. The result was published in the New England Journal of Medicine in 1967, with no disclosure of the sugar industry funding.
"Is it really true that food companies deliberately set out to manipulate research in their favor? Yes, it is, and the practice continues. In 2015, the New York Times obtained emails revealing Coca-Cola's cozy relationships with sponsored researcherswho were conducting studies aimed at minimizing the effects of sugary drinks on obesity. Even more recently, the Associated Press obtained emails showing how a candy trade association funded and influenced studies to show that children who eat sweets have healthier body weights than those who do not."
The March of the Sheeple Continues.
Continue on we thank-you for contributing to population control.
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
"Intel believes these exploits do not have the potential to corrupt, modify or delete data."
Of course, the claim was that the exploit has the potential to allow malicious code to see data that it shouldn't be possible for it to see, not that it could corrupt, modify, or delete that data. Someone who can see your password but shouldn't be able to doesn't necessarily need to corrupt, modify, or delete it to cause problems for you.
"Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits."
Just not AMD, which is usually the alternative to Intel. Possibly not some other significant vendors, either.
A fix from Microsoft can only mask a problem at the chip level. How Intel will address this issue is more important right now.
The first thing needed is a complete list of the products affected. Is it only CPUs, or does this vulnerability exist in other computer components, like bus controllers or drive controllers?
Logic, my dear, merely enables one to be wrong with great authority.
Jury still seems to be out on AMD and Meltdown.
"True friends stab you in the front." | Oscar Wilde
"I need to finish" - Christian Wolff: The Accountant
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
Those preliminary tests reveal that there is little to no performance regression in most desktop workloads, with synthetic I/O tests inflating the issue. (Note: link is to German article.)
Edit: tests have taken place on Linux and Windows patches. The Windows patch was deployed to insider builds in November. MS has been working on the Windows patch for several months it seems. It is these tests that have indicated little to no "real world" performance impact.
Newer Intel cpus reportedly better placed due to their design. Mixed reports regarding AMD cpus maybe all or just some AMD cpus impacted - same deal as with Intel maybe. ARM impacted it seems. Most stuff under wraps.
Full Intel press statement:
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
Recent reports that these exploits are caused by a "bug" or a "flaw" and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices -- with many different vendors' processors and operating systems -- are susceptible to these exploits.
Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.
Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.
Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.
Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.
Of course as the Martians have mind control ........
"We all do the best we can based on life experience, point of view, and our ability to believe in ourselves." - Naropa "We don't see things as they are, we see them as we are." SR Covey
https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html
They have four proof of concept attacks that basically show something happening that shouldn't. They got (1) running on CPUs from Intel, AMD, and ARM, but it only allowed a process to read other memory from the same process. That's a proof of concept that something weird is going on, but it's not really a security problem unless you can do something worse than that.
In order for (2) to run on AMD required kernel configuration changes. It worked on Intel with the default configuration, but not on AMD.
Attacks (3) and (4) only worked on the Intel CPU.
It's possible that they simply tried harder to attack the Intel CPU than the others because of server market share or something. I'd assume that they at least took the attacks that worked on Intel and also tried them on AMD, and the attacks failed. So while there is in some sense a flaw in the AMD CPU as well, it's not clear that it's practical to use it to be able to do anything problematic. On the Intel CPU, they very much proved that it's a big problem.
Will be interesting to see what is the actual impact of this situation, as time flies by it feels like some big massive messup that will have a direct impact on millions of people is closer to happen, maybe just paranoia tho.
Based on the limited info we have there is nothing in malicious any of this; not even any negligence.
https://spectreattack.com/spectre.pdf
https://meltdownattack.com/meltdown.pdf
Reading these indicates that the fundamental issue stems from how computing has developed in the last few years. As the Spectre paper concludes the drive to maximise performance.
Both papers make clear that as all manufacturers / developers have gone in the same general direction this a cross-hardware, cross-operating system issue. The fact that something they did worked on one combo and not another, in their opinion, doesn't suggest a given combo is "immune" simply that they hadn't got the "attack" right.
What is comforting is that this stuff is pursued by e.g. the EU and fully supported by Intel/Qualcomm/AMD/ARM/MS/Google etc.
And its why people should keep their software up-to-date! (Yes, yes its the Martian conspiracy.)
Why would passwords be kept there? Are we talking about system passwords that is used to authenticate user logins? Or is that where passwords and any other information that applications store when you use them, like logging into your banking website? Why do they store them there, and I suppose that information is not encrypted?
Is it important to know about? Absolutely.
Now that it's known, is it a huge deal? Not really.
Rather, when you type in your password, each key press for a character has to go somewhere for the system to know what you typed. It has to assemble those characters into a password before it can do anything with the password. A program that can snoop on what is being typed in can see your password that way. Think more a keylogger than actual password storage.
Obviously, if you're typing your password into a program, that program needs to be able to see what you're typing in. The OS kernel can see the keys typed and pass the information along to the active program that needs to see it. But other, unrelated programs without the proper privileges that happen to be running on the computer at the same time shouldn't be able to see it. More generally, one program shouldn't be able to arbitrarily see another program's internal memory, though there are some cases where it's allowed.