Horse Racing Forum - PaceAdvantage.Com - Horse Racing Message Board

Go Back   Horse Racing Forum - PaceAdvantage.Com - Horse Racing Message Board > Off Topic > Off Topic - Computers


Reply
 
Thread Tools Rate Thread
Old 01-03-2018, 11:39 AM   #1
Jeff P
Registered User
 
Jeff P's Avatar
 
Join Date: Dec 2001
Location: JCapper Platinum: Kind of like Deep Blue... but for horses.
Posts: 5,258
All Intel Processors Made in the Last Decade Might Have a Massive Security Flaw

.
.
Article at Gizmodo|by Tom McKay
Report: All Intel Processors Made in the Last Decade Might Have a Massive Security Flaw:
https://gizmodo.com/report-all-intel...-mi-1821728240

Quote:
There's small screwups and big screwups. Here is tremendously huge screwup: Virtually all Intel processors produced in the last decade have a major security hole that could allow "normal user programs—from database applications to JavaScript in web browsers—to discern to some extent the layout or contents of protected kernel memory areas," the Register reported on Tuesday.

Essentially, modern Intel processors have a design flaw that could allow malicious programs to read protected areas of a device's kernel memory (memory dedicated to the most essential core components of an operating system and their interactions with system hardware). This flaw could potentially expose protected information like passwords. Since the error is baked into the Intel x86-64 hardware, it requires an OS-level overwrite to patch—on every major operating system, including Windows, Linux, and macOS.

The exact details of the design flaw and to what extent users are vulnerable are being kept under wraps for now, per the Register, though since developers appear to be rushing towards patching systems in coming weeks it is likely very bad. In the absolute worst-case speculative scenario, something as simple as JavaScript running on a webpage or cloud-hosted malware could gain access to some of the most sensitive inner workings of an Intel-based device.

Because the fix entails severing kernel memory entirely from user processes, patched OSes could potentially see a massive performance hit of "five to 30 percent slowdown, depending on the task and processor model"

Great.

Just what every owner of a PC or Laptop with an Intel chip needs.

Just for fun, check out the comments beneath the article:
Quote:
10 years for it to be discovered by legit researchers. No telling when state-level or other groups knew about it.
Happy Wednesday everyone,


-jp

.
__________________
Team JCapper: 2011 PAIHL Regular Season ROI Leader after 15 weeks
www.JCapper.com

Last edited by Jeff P; 01-03-2018 at 11:48 AM.
Jeff P is offline   Reply With Quote Reply
Old 01-03-2018, 01:14 PM   #2
xtb
Ultra MAGA "Gun Bitch"
 
Join Date: Dec 2005
Location: Western NY
Posts: 5,243
Time to buy some AMD stock!
xtb is offline   Reply With Quote Reply
Old 01-03-2018, 01:26 PM   #3
JustRalph
Just another Facist
 
JustRalph's Avatar
 
Join Date: Mar 2002
Location: Now in Houston
Posts: 52,619
Looks purposeful to me
__________________
WE ARE THE DUMBEST COUNTRY ON THE PLANET!
JustRalph is online now   Reply With Quote Reply
Old 01-03-2018, 10:53 PM   #4
headhawg
crusty old guy
 
headhawg's Avatar
 
Join Date: Aug 2003
Location: Snarkytown USA
Posts: 3,909
I don't know if it's purposeful or if it's more like laziness/indifference. Before AMD produced the Athlon in the late 90s, Intel wasn't doing much innovation in the CPU market because they didn't have to. It wasn't until AMD took a significant bite out of their market share with low-priced overclock-able CPUs that Intel got off their collective asses and started releasing better technology. Maybe they were sitting on their laurels again and pushed out a flawed design. How long has Intel known about it is another question.

This flaw is not good. Not good at all.
headhawg is offline   Reply With Quote Reply
Old 01-03-2018, 11:36 PM   #5
wilderness
Registered User
 
wilderness's Avatar
 
Join Date: Dec 2004
Location: 45th parallel
Posts: 2,178
At last there is an upside to my XP32's

Guess the XP64 with the early quad (not plugged up in more than a year) is questionable.
__________________
Best Don
wilderness is offline   Reply With Quote Reply
Old 01-04-2018, 06:57 PM   #6
headhawg
crusty old guy
 
headhawg's Avatar
 
Join Date: Aug 2003
Location: Snarkytown USA
Posts: 3,909
Some reports say that Intel knew about the flaw in June. CEO sells $39 mil of stock/options in November. Coincidence? No. Criminal. I'm switching to AMD procs if at all possible. I would be worried if I had Intel stock.

Last edited by headhawg; 01-04-2018 at 06:58 PM.
headhawg is offline   Reply With Quote Reply
Old 01-04-2018, 07:32 PM   #7
JustRalph
Just another Facist
 
JustRalph's Avatar
 
Join Date: Mar 2002
Location: Now in Houston
Posts: 52,619
https://www.theverge.com/2018/1/4/16...-security-flaw

A serious friggin mess
__________________
WE ARE THE DUMBEST COUNTRY ON THE PLANET!
JustRalph is online now   Reply With Quote Reply
Old 01-05-2018, 09:29 AM   #8
Tom
The Voice of Reason!
 
Tom's Avatar
 
Join Date: Mar 2001
Location: Canandaigua, New york
Posts: 112,470
Quote:
Originally Posted by wilderness View Post
At last there is an upside to my XP32's

Guess the XP64 with the early quad (not plugged up in more than a year) is questionable.
+1

XP Forever~!
__________________
Who does the Racing Form Detective like in this one?
Tom is offline   Reply With Quote Reply
Old 01-05-2018, 02:46 PM   #9
Jeff P
Registered User
 
Jeff P's Avatar
 
Join Date: Dec 2001
Location: JCapper Platinum: Kind of like Deep Blue... but for horses.
Posts: 5,258
Interesting point of view (from a market analysis perspective) being expressed by the author of an article that appeared on the SeekingAlpha.com site.

Intel Security Risk Is Much Worse Than Management Commentary Indicates:
https://seekingalpha.com/article/413...tary-indicates

Quote:
In our view, the security problem is a much bigger problem than Intel is acknowledging, and Intel investors will be in for a very rough ride for the next couple of years. While Intel may not have much of a problem on the consumer side from this security issue, in our view, Intel's data center business is at a serious risk.

The following comment posted beneath the article kind of caught my attention:
Quote:
Dannotech

Comments (261) |+ Follow |Send Message

@Jbitzerjr

The way the attacks works is that I could, as a C++ developer, buy a subscription to Azure, write a simple program that does some data analytics in the cloud, load it with my exploit, upload that program to the Azure cloud and let it run. And even though it a purely user-mode application, it has access to the machine and is constantly scraping data from other client OS's on that machine by peeking into the Kernel memory without the datacenter having any knowledge that the attack is happening.

There is no telling who might be my virtual neighbors on that machine, but what if it's a bank's web sight? The attacker could easy scrape account numbers and passwords as users login.

So yea, this is way bigger than on-site bad actors.


-jp

.
__________________
Team JCapper: 2011 PAIHL Regular Season ROI Leader after 15 weeks
www.JCapper.com

Last edited by Jeff P; 01-05-2018 at 02:57 PM.
Jeff P is offline   Reply With Quote Reply
Old 01-05-2018, 03:17 PM   #10
headhawg
crusty old guy
 
headhawg's Avatar
 
Join Date: Aug 2003
Location: Snarkytown USA
Posts: 3,909
Quote:
Originally Posted by Tom View Post
XP Forever~!
This is hardware level stuff; the OS has very little to do with the actual flaw. So if you want to stay completely off the Internet -- completely -- you're probably safe. Otherwise, you could be using Win10, XP, Win98 or Linux and still have major major problems as JeffP highlighted in his last post. I patched my Win7 box yesterday, but I'm not that confident in it. My computer seems slower as a side-effect, but that could just be my perception.

The vulnerability info and potential attack vectors are more than likely already on the Dark Web. Good luck folks.

Last edited by headhawg; 01-05-2018 at 03:20 PM. Reason: added info
headhawg is offline   Reply With Quote Reply
Old 01-05-2018, 05:03 PM   #11
wilderness
Registered User
 
wilderness's Avatar
 
Join Date: Dec 2004
Location: 45th parallel
Posts: 2,178
headhawg,
Although somewhat correct, not entirely.
Motherboards and CPU's, were designed with specific OS's in mind.
Attempting to put XP32 on one the latest quad-core (perhaps even some very older dual-cores) does more harm than good.
Attempting to put Win10 one a machine designed for XP32 is nearly impossible.

The earliest press release touches on the same subject, however subtly.

We may never see a list of exactly what Intel CPU's are vulnerable, however the early XP32 CPU's are certainly less likely.

There's some very, very old threads here regarding the capabilities on software monitoring users and their use in OS beyond XP. Reflecting back on those thoughts certainly allows thought for these most recent Intel vulnerabilities.
__________________
Best Don
wilderness is offline   Reply With Quote Reply
Old 01-05-2018, 06:33 PM   #12
headhawg
crusty old guy
 
headhawg's Avatar
 
Join Date: Aug 2003
Location: Snarkytown USA
Posts: 3,909
Quote:
Originally Posted by wilderness View Post
headhawg,
Although somewhat correct, not entirely.
Motherboards and CPU's, were designed with specific OS's in mind.
Attempting to put XP32 on one the latest quad-core (perhaps even some very older dual-cores) does more harm than good.
Attempting to put Win10 one a machine designed for XP32 is nearly impossible.
Either I don't understand what you mean or I will respectfully disagree. It's a matter of economics. Why would Intel or ASUS care what OS Microsoft is trying to sell? Those companies are trying to sell processors and motherboards. As long as the OS code could compile correctly it will run. M$ would need to be concerned about new CPU instructions, but that's what the compilers are for. Motherboards are tied to the CPU/chipset but not the OS unless it can't be compiled. So your XP machine might be safe as it may have a CPU that isn't on the Spectre/Meltdown list. I can assure you that I can run XP (both 32 and 64 bit flavors) on my current machine which has a Core I5 Ivy Bridge processor. Win8 would have been the current OS at the time that CPU family was released so I fail to see how your explanation is valid.

Last edited by headhawg; 01-05-2018 at 06:38 PM.
headhawg is offline   Reply With Quote Reply
Old 01-05-2018, 09:58 PM   #13
_______
Veteran
 
Join Date: Feb 2013
Location: Washoe County, Nevada
Posts: 2,253
https://seekingalpha.com/article/413...ties-explained

I found the storage locker analogy embedded here somewhat useful in explaining the flaw.

I’m not entirely incompetent in my understanding of computers but will admit that this was beyond my understanding. I hope the analogy withstands scrutiny from others who have more complete knowlege. Let me know.
_______ is offline   Reply With Quote Reply
Old 01-06-2018, 12:08 AM   #14
AltonKelsey
Veteran
 
AltonKelsey's Avatar
 
Join Date: May 2016
Posts: 1,831
Based on my reading of the flaw , anyone running a motherboard bios that is not going to be updated by the manufacturer, has a problem.

Without that bios patch, a windows patch is only a partial solution.

I don't see them issuing patches for the 1000's of older bios still in use.
AltonKelsey is offline   Reply With Quote Reply
Old 01-06-2018, 09:09 AM   #15
headhawg
crusty old guy
 
headhawg's Avatar
 
Join Date: Aug 2003
Location: Snarkytown USA
Posts: 3,909
Intel's spin on the problem: Side-channel Analysis
headhawg is offline   Reply With Quote Reply
Reply




Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

» Advertisement
Powered by vBadvanced CMPS v3.2.3

All times are GMT -4. The time now is 02:36 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Copyright 1999 - 2023 -- PaceAdvantage.Com -- All Rights Reserved
We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program
designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.