New PlunderVolt Vulnrebility Hits Intel processors - vCore vs Intel SGX

https://www.zdnet.com/article/new-plundervolt-attack-impacts-intel-cpus/
https://www.semiaccurate.com/2019/12/10/intels-benchmarking-antics-questioned/

Finally my current CPU is old enough to not be vulvernable...

 

Laughs in Sandy Bridge

 

Merry Christmas Intel, and a Happy New Year >: )

 

And I'm in the process of planning my next upgrade... so I can make use of this vulvernability again!
(j/k, going red this time)

 

This has become such a sad joke at this point we're even considering replacing Intel servers with AMD ones at work. It would actually save us money when we don't have to buy vendor support just to patch the firmware every time a new Intel vulnerability is discovered.

 

Makes sense. Although I have to say, until most of the hardware is AMD, when exploiters hit their weaknesses with force, the tables turning again... etc. etc.

 

Aw crap here we go again.

 

Intell is on the roll. Nothing is going in their favor lately.

 

*Keeps shooting dead body with tommy gun*

I can't remember what that was from but it's what popped in my head when reading your comment..

 

*sighs*

I was going to give my 4790 to me nephew, not I feel guilty in doing so.
Looks like a ryzen 2600 will be it.

 

The joke is that some people think this is a serious security issue in home computer.

 

The thing about that is the independent security analyst have generally been testing AMD CPUs as well. Beyond the initial wave that effected even ARM CPUs, AMD has seemingly been in the clear.

 

One of previous exploits TPM fail, allowed the extraction of TPM keys via thousands of SSL requests. If someone needed 45,000 clients to support in such an attack, I wonder where they'd come from. Let any one of these exploits end up being wormable and yeah it would still be an issue for home users. Something like stuxnet had a definite specific target, but ended up everywhere else. The exploit that was based on could certainly have transformed in to anything else for any other purpose. I don't consider these things as completely non-issues for home users.

 

CVE score at least of 7.9, good job Intel!

Nice to have an escalation of privileges to take control over AES data... https://plundervolt.com/doc/plundervolt.pdf

This is serious, it is at least a CVE score of 7.9, on a hardware component (which need BIOS patching) involving at least 5 generations of intel core processors. Spectre wasn't serious, but this is: easy to trigger, easy to replicate, easy to code and once is done the attacker has full access to everything, no software can help this, only a firmware update. What could be worst? A version with remote target or lower privileges required.

 

Intel more holes than a 20 year old pub dart board.

 

when looking at these report....
its looks bad with all these vulnerability report on intel cpu, yet i have to read someone really successful using the exploit in real world, that infecting few dozen user PC
when that happen it will obviously get red-flag, not only "yellow-ish-flag"

and again people think the OS(windows) itself, or even the user itself complete free from exploit ?
if yes, then why till now, there still lots of people getting scammed ?

in the end there nothing perfect, everything exploitable
it just for user obviously we prefer "safer" product.... but if we realize it again that "safer" one is just like the word said, "safer" aka. more-safe than other, and Not complete/perfect-safe either

 

Not all exploits and bugs are the same. A CVE score of at least 7.9 on a hardware component is really serious, especially if the only solution is a firmware update. If you read the paper you can clearly see how easily is manipulate AES with this.

 

Any patch coming soon will SURELY affect overclockers!

 

Home Alone movie, the kid uses that scene from a movie on tv to freak out the hotel staff. Not sure if the other movie was a real one or not.