New RIDL vulnerability hits Intel - Advises Disabling Hyper-Threading Below 8th, 9th Gen CPUs

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, May 14, 2019.

  1. HeavyHemi

    HeavyHemi Guest

    Messages:
    6,952
    Likes Received:
    960
    GPU:
    GTX1080Ti
    Yes, similar to existing attacks, attackers can only mount our attacks in practical settings once they have the ability to execute (unprivileged) code on the victim machine. We could convince ourselves this is still an obstacle, but we should first be prepared to disable JavaScript (and similar) in the browser, abandon cloud computing, etc.

    https://mdsattacks.com/
     
  2. How many awkward "LOL's" does it take to make a douchebag? Apparently none if you're already one...
     
  3. user1

    user1 Ancient Guru

    Messages:
    2,746
    Likes Received:
    1,279
    GPU:
    Mi25/IGP
  4. Lavcat

    Lavcat Master Guru

    Messages:
    552
    Likes Received:
    44
    GPU:
    Radeon 7900 XTX
    Most people here seem to know more than I do. Should I disable hyperthreading on my 5930?
     

  5. Astyanax

    Astyanax Ancient Guru

    Messages:
    17,011
    Likes Received:
    7,353
    GPU:
    GTX 1080ti
  6. moo100times

    moo100times Master Guru

    Messages:
    566
    Likes Received:
    323
    GPU:
    295x2 @ stock
    I would re-benchmark after all these patches have been applied. I am pretty sure that even an OCed sandybridge is going to struggle significantly against first gen ryzen now. These necessary security updates have made many systems so slow they border on unusable beyond simple office jobs.
     
  7. ocsystem

    ocsystem Master Guru

    Messages:
    210
    Likes Received:
    13
    GPU:
    AMD 6600xt
    Fk these vulnerabilities. I don't care. Performance hit again incoming
     
  8. Dribble

    Dribble Master Guru

    Messages:
    369
    Likes Received:
    140
    GPU:
    Geforce 1070
    It's probably also true the hackers are targeting Intel because that's what nearly all the servers use. If AMD gets popular they will end up in the crosshairs.
     
  9. Fox2232

    Fox2232 Guest

    Messages:
    11,808
    Likes Received:
    3,371
    GPU:
    6900XT+AW@240Hz
    Mate, those were not hackers who let tech world know about those vulnerabilities. Get your reasoning into order. Hackers could have known for 8 years, and nobody would be any wiser.
     
    carnivore likes this.
  10. ocsystem

    ocsystem Master Guru

    Messages:
    210
    Likes Received:
    13
    GPU:
    AMD 6600xt
    Not at all
     

  11. Denial

    Denial Ancient Guru

    Messages:
    14,206
    Likes Received:
    4,118
    GPU:
    EVGA RTX 3080
    I mean.. IIRC wasn't the vector for attack exposed like 10+ years ago? When spectre/meltdown first hit I remember reading that researchers proposed the idea of doing these attacks back in like 2006 but no one bothered to really explore it - at least publicly.
     
    fantaskarsef likes this.
  12. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,541
    Likes Received:
    13,561
    GPU:
    GF RTX 4070
    We have no information about hackers. We have information about researchers. In old times researchers would be called "hackers" because back then that was the meaning of the word - people who understand principles and penetrate layers of tech.

    PS I can assume also that targeting servers is completely different model of threats comparing to home/office computers. I mean I can see the threat of user visiting malicious site and getting attacked. But I can`t see a server visiting malicious site.

    PPS And researchers should have server HW and SW which are not a cheap things. So I doubt they researched servers at all.
     
    Last edited: May 20, 2019
    Fox2232 likes this.
  13. Dribble

    Dribble Master Guru

    Messages:
    369
    Likes Received:
    140
    GPU:
    Geforce 1070
    If the only people who cared were researchers it wouldn't be a problem. However it's not them we worry about, it's illegal hacker groups, state sponsored hacking, or corporate espionage.

    I don't know why you think servers are different - these are cpu vulnerabilities that work just as well on servers as home machines.

    As to why target servers, well servers are important because they are inside companies. e.g. If I move my company to the cloud and it's running on amazon servers then the machines aren't mine, a machine, or a bit of the machine is allocated to me for an amount of time (which can literally be minutes) then it gets allocated to someone else. If that machine gets hacked (e.g. hacker group could just pay for some time on the amazon cloud, or someone on a hacked machine could interact with it), then suddenly I can see/hack any company that gets allocated time on that machine. That is really valuable to the hacker.

    All most home machines are good for it adding to a botnet to DDOS with or to mine crypto on in the background, much less valuable.
     
  14. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,541
    Likes Received:
    13,561
    GPU:
    GF RTX 4070
    Because the attacks on home user computer and on server computer are completely different. It is much harder to attack servers. And overall RIDL/MDS is not vulnerability which makes easier to attack computers.
     
  15. Dribble

    Dribble Master Guru

    Messages:
    369
    Likes Received:
    140
    GPU:
    Geforce 1070
    If you read my previous post I gave you an example of how easy it is to attack a server farm in the cloud - just rent some time on any cloud based service - something you can setup in a few minutes for a few $. That gets you onto a machine that if you can take over will then run all sorts of other businesses software, or now you control 1 machine and are inside the clouds internal network will then allow you to attack the rest.
     
  16. chispy

    chispy Ancient Guru

    Messages:
    9,979
    Likes Received:
    2,693
    GPU:
    RTX 4090
    From Tom's Hardware: Source - https://www.tomshardware.com/news/intel-amd-mitigations-performance-impact,39381.html

    From Fudzilla: Source - https://www.fudzilla.com/news/pc-ha...ctre-and-meltdown-mitigation-slow-intel-chips

    From Phoronix: Source - https://www.phoronix.com/scan.php?page=article&item=mds-zombieload-mit&num=1

    Phoronix has been testing chips to see how bad Spectre and Meltdown patches harmed the performance of CPUs and the news is horrible for Intel.

    Phoronix benchmarked across multiple Intel platforms, including the 6800K (Broadwell-E), 8700K (Coffee Lake), 7980XE (Skylake-SP), Ryzen 7 2700X, and Threadripper 2990WX.

    It found while the impacts vary tremendously from virtually nothing too significant on an application-by-application level, the collective whack is ~15-16 per cent on all Intel CPUs without Hyper-Threading disabled. Disabling increases the overall performance impact to 20 per cent (for the 7980XE), 24.8 per cent (8700K) and 20.5 per cent (6800K).

    The AMD CPUs were not tested with HT disabled, because disabling SMT isn’t a required fix for the situation on AMD chips, but the cumulative impact of the decline is much smaller. AMD loses just three per cent with all fixes enabled. The impact of these changes is enough to change the relative performance weighting between the tested solutions. With no fixes applied, across its entire test suite, the CPU performance ranking is:

    1. 7980XE (288)
    2. 8700K (271)
    3. 2990WX (245)
    4. 2700X (219)
    5. 6800K. (200)

    With the full suite of mitigations enabled, the CPU performance ranking is:

    1. 2990WX (238)
    2. 7980XE (231)
    3. 2700X (213)
    4. 8700K (204)
    5. 6800K (159)

    AMD, in other words, now leads the aggregate performance metrics, moving from 3rd and 4th to 1st and 3rd. The cumulative impact of these patches could result in more tests where Intel and AMD switch rankings because of performance impacts that only hit one vendor
     

  17. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,541
    Likes Received:
    13,561
    GPU:
    GF RTX 4070
    Why do you think that renting a machine in the cloud gives easy way to hack the whole cloud? Are you a hacker or at least a specialist on cloud stuff?
     
  18. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,725
    Likes Received:
    1,854
    GPU:
    EVGA 1070Ti Black
    yah this ridiculous I told my uncle about this crap and he say he dont care, he dont want windows doing updates anyway. but he want to move away from intel too.

    I said once before I will way it again. majority of people wont know about this stuff and majority of those people that do probably wont know how to go about pluging things manually, and as such unless MS literately plug all this stuff with there "updates" and MS updates have been sketchy at best lately at at worse causing system to not boot and "system restore" failing at is purpose. Some of this stuff will never be plugged with out Intel issuing fixes in first place. and Intel dont seem to care enough to plug all these issue on all there effect cpu. then again the older the cpu the more hit there is on cpu. and I bet if they did plug it on some of the older cpu will really brutalize the cpu performance back to the stone age.

    which leave the "probably" 1% that do know about this stuff and have knowledge and will to manual plug this stuff. And some of use dont even want the fixes cause they performance hit are obvious to them. Intel just seem to be getting hit after hit, and they still trying run business as usual.

    I know I asked this before but i not sure if it been answer, but has Intel said anything about this? as thing stand right here right now, my next pc will be AMD Ryzen, I dont see performance hit just yet on my 6700k but sooner or later I will cause it will add up at some point.
     
    chispy likes this.
  19. MasterBash

    MasterBash Guest

    Messages:
    819
    Likes Received:
    18
    GPU:
    EVGA GTX970 SSC+
    Ryzen 3000 cant come out soon enough. Since 2018, my PC has slowed down greatly with all those fixes (4770k)... Its definitely very noticeable.
     
    HitokiriX and chispy like this.
  20. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    15,696
    Likes Received:
    9,574
    GPU:
    4090@H2O
    Thanks for sharing, that clearly shows that Intel CPUs are not not necessarily the fastest around in every segment. And it shows that over the years I've lost performance with Intel far more than if I'd have taken an AMD system back then.
    It also gives us a hint of what will happen next: Probably more exploits who's fixes cripple Intel more than AMD, if they touch AMD at all.
    I can't see why it's not the logical consequence of many people, not all, to switch to AMD with their upcoming releases if they perform well enough. AMD might be "the safer bet" not only because of security these days, but also about performance, especially beyond 1080p gaming.
     
    chispy likes this.
  21. moo100times

    moo100times Master Guru

    Messages:
    566
    Likes Received:
    323
    GPU:
    295x2 @ stock
    I'm glad for you. Since the last update even opening video or audio from browser or system is causing a 1 second freeze when previously no lag or issues, even with multiple software open. Cannot even play enter the gungeon with chrome open now due to ridiculous game slowdown.
     

Share This Page