• Navigation
+ Reply to Thread
Page 4 of 4 FirstFirst ... 2 3 4
Results 61 to 74 of 74
  1. #61
    2600klub
    Sweaty Dick Punching Enthusiast

    Join Date
    Dec 2008
    Posts
    5,452
    BG Level
    8
    FFXI Server
    Bismarck

    https://www.zdnet.com/article/intel-...vulnerability/

    Intel processors are impacted by a new vulnerability that can allow attackers to leak encrypted data from the CPU's internal processes.

    The new vulnerability, which has received the codename of PortSmash, has been discovered by a team of five academics from the Tampere University of Technology in Finland and Technical University of Havana, Cuba.

    Researchers have classified PortSmash as a side-channel attack. In computer security terms, a side-channel attack describes a technique used for leaking encrypted data from a computer's memory or CPU, which works by recording and analyzing discrepancies in operation times, power consumption, electromagnetic leaks, or even sound to gain additional info that may help break encryption algorithms and recovering the CPU's processed data.

    Researchers say PortSmash impacts all CPUs that use a Simultaneous Multithreading (SMT) architecture, a technology that allows multiple computing threads to be executed simultaneously on a CPU core.

    In lay terms, the attack works by running a malicious process next to legitimate ones using SMT's parallel thread running capabilities. The malicious PortSmash process than leaks small amounts of data from the legitimate process, helping an attacker reconstruct the encrypted data processed inside the legitimate process.
    tldr

    VMs and cloud providers be worried, average consumer don't give a fuck.

  2. #62
    The Real Cookiemonster
    Join Date
    Jan 2007
    Posts
    1,870
    BG Level
    6
    FFXIV Character
    Dark Depravity
    FFXIV Server
    Sargatanas

    mother!"#¤%!"¤&%

  3. #63
    BG's #1 Hatsune Miku fan!
    Join Date
    Dec 2009
    Posts
    7,440
    BG Level
    8

    It just keeps getting better and better.

  4. #64
    Can you spare some gil?
    Join Date
    Feb 2009
    Posts
    8,577
    BG Level
    8

    Huh, turns out shifting over to Ryzen was worth it for us.

  5. #65
    2600klub
    Sweaty Dick Punching Enthusiast

    Join Date
    Dec 2008
    Posts
    5,452
    BG Level
    8
    FFXI Server
    Bismarck

    The researchers claim all SMT( HT ) processors are vulnerable but only have a working POC ( available on github ) for intel skylake and kaby lake.
    AMD could be vulnerable to this one as well.

  6. #66
    2600klub
    Sweaty Dick Punching Enthusiast

    Join Date
    Dec 2008
    Posts
    5,452
    BG Level
    8
    FFXI Server
    Bismarck

    Awww sheeet, we got another one.

    https://www.theregister.co.uk/2019/0...er_intel_flaw/

    "We have discovered a novel microarchitectural leakage which reveals critical information about physical page mappings to user space processes," the researchers explain.

    "The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments."
    Moghimi doubts Intel has a viable response. "My personal opinion is that when it comes to the memory subsystem, it's very hard to make any changes and it's not something you can patch easily with a microcode without losing tremendous performance," he said.

    "So I don't think we will see a patch for this type of attack in the next five years and that could be a reason why they haven't issued a CVE."

  7. #67
    Ranger
    9900klub

    Join Date
    Apr 2005
    Posts
    11,474
    BG Level
    9
    FFXIV Character
    Sonomaa Kihten
    FFXIV Server
    Gilgamesh
    FFXI Server
    Bahamut
    WoW Realm
    Durotan
    Blog Entries
    12

    holy crap, its like it never ends, though I guess there are no walls that can be completely solid

  8. #68
    2600klub
    Sweaty Dick Punching Enthusiast

    Join Date
    Dec 2008
    Posts
    5,452
    BG Level
    8
    FFXI Server
    Bismarck

    Quote Originally Posted by Sonomaa View Post
    holy crap, its like it never ends, though I guess there are no walls that can be completely solid
    It never fucking ends.

    https://www.intel.com/content/www/us...-sa-00233.html

    Google has disabled SMT ( Hyperthreading ) in chrome OS by default now:

    https://www.theregister.co.uk/2019/0...g_mitigations/

    Apples advisory recommends turning off hyper threading:

    https://support.apple.com/en-us/HT210107

    Microsoft recommends turning off hyper threading:

    https://portal.msrc.microsoft.com/en...sory/ADV190013

  9. #69
    Special at 11:30 or w/e
    Sweaty Dick Punching Enthusiast

    Join Date
    Feb 2012
    Posts
    10,267
    BG Level
    9
    FFXIV Character
    Kalmado Espiritu
    FFXIV Server
    Gilgamesh
    FFXI Server
    Sylph
    Blog Entries
    4

    Glossed over a reddit thread about it and holy shit this is bad. 30% or more in performance loss depending on the application it looks like. I would be massively pissed if I paid a premium for those higher end Intel chips.

  10. #70
    Salvage Bans
    Join Date
    Mar 2008
    Posts
    852
    BG Level
    5
    FFXIV Character
    Niya Kouya
    FFXIV Server
    Odin

    Good thing I will go back to team red on my next build once Ryzen 3000 is out...

  11. #71
    Yoshi P
    Join Date
    Dec 2006
    Posts
    5,360
    BG Level
    8
    WoW Realm
    Arthas

    How much does this matter to the end user, if you aren't doing unsafe shit?

  12. #72
    Mr. Bananagrabber
    Sweaty Dick Punching Enthusiast

    Join Date
    Dec 2005
    Posts
    47,687
    BG Level
    10
    FFXI Server
    Asura

    It will never come up for like 99.99% of users.

    To date I don't think there was any documented instances of Spectre or Meltdown being used maliciously, and I don't know if we'll ever see something from this either. Like, if this exploit got used on your computer it would be really bad, but the average user would have to go out for their way to let this shit happen.

  13. #73
    It's all dicks and airplanes
    Join Date
    Jun 2009
    Posts
    2,030
    BG Level
    7
    FFXIV Character
    Cia Mir
    FFXIV Server
    Balmung

    Quote Originally Posted by fantasticdan View Post
    How much does this matter to the end user, if you aren't doing unsafe shit?
    Essentially none. It's mostly relevant for businesses and cloud based things. I turn all their microcode patches off as it's a performance hit for nothing really.

  14. #74
    Kevin Chang
    Join Date
    Oct 2007
    Posts
    9,661
    BG Level
    8
    FFXI Server
    Sylph

    https://www.reddit.com/r/hardware/co...msterdam_into/

    Intel was trying to silence the story

+ Reply to Thread
Page 4 of 4 FirstFirst ... 2 3 4