New CacheOut Speculative Execution Vulnerability Hits Intel

At this point I'm just numb to endless barrage of vulnerabilities that Intel keeps receiving. What can even be said at this point.

Spoiler: Just Great

 

Hey, at least the older CPU's like my i5-3570K aren't involved for once

 

But the older cpus are also affected lol including the 3570K. It is a "Core" series cpu and therefore you are not spared. lol One of the many reasons why i decided to go AMD

 

Yup, and this includes the Core2 line as well, so ye olde Q6600 as an example... Heck when the Spectre and Meltdown software mitigations were released, it tanked performance on the Q6600 tremendously... So much so that a 3.5GHz overclock was necessary to maintain 2.4GHz stock performance, it really did cut performance by about 40%.

 

I've said this before, but Intel needs a brand new architecture to stop these exploits. The Core architecture is fundamentally insecure and these exploits will keep popping up (and patching them is like putting a bandaid on a gaping wound). Hopefully they have something in the works.

This must be good for for their bottom line though. Businesses will order more Intel CPUs to make up for the performance loss from patching their current Intel CPUs, and each exploit leads to more sales. Hurray for Intel!

 

The following specifically states that physical admin access(authenticated local access) is required;
https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/
An attack to exploit this vulnerability can not be rendered remotely, IE through a network share or web browser.

I can do alot with all cpus/systems if i have physical admin access(authenticated local access) U better patch me

 

I think all of this stuff about speculative execution vulnerabilities is much ado about nothing. The most important thing to remember is the attacker must install and run the malicious software on the target machine. If that is prohibited then nothing will happen at all.

Here's my conspiracy theory about these things : after the "sky is falling" announcements, what did people do? Most immediately installed updates on their machines. I think those updates were actually installing backdoors so the NSA and other governmental TLA's can monitor your activities. I have not and will not install any "updates" for this because I consider it to be a non-issue. Especially if you don't allow malicious software to run in the first place. Start there and the rest will take care of itself.

 

Enthusiasts and blackmarket paid IT wannabes still bragging about Intel cpus for epeen. Intel® needs severe punishment for the last decade of deception, laziness and zero innovation. In AMD we trust!

 

Well, threads are not processes. While browser may have one or more PIDs, there may be dozens to hundreds threads hiding underneath.
But still, this is kind of bad as there are going to be scenarios where even disabling HT won't result in full protection.

 

im scaried now, any hacker can stolen my save game on witcher 3

 

No worries mate, intel will take care of that security issue, it will just take some CPU performance from you, as always. I think thats not a problem for you, you can always buy a better intel CPU and be prepared for new issues, which will come

 

There is NO case where that could happen. In addition, I have not read of any exploit where the data acquired was from the same process as the exploit. It is always left over from the context switches of other processes. I have not read that disabling HT can mitigate the attack either. It just might make it occur less frequently since fewer threads would run simultaneously when HT is disabled.

Personally, I view this is a chicken-and-egg type of problem. There will no exploits of this nature what so ever if no malicious code ever runs on your machine. That is the place to take preventative measures.

 

Here we go again. This is another case where you need to run the exploit as admin and really at that point I think you got larger issues than someone trying to mine the CPU's cache for hidden gems.

 

its true, maybe with more 3 or 4 security fixes and losing performance, finally amd can beat the i7 8700k

 

The paper literally says u DONT need privileged access (heck, the world privileged is not even used while unprivileged appears like 5+ times).
Just in case, privileged means u are the OS or an admin/root user. Unprivileged means any common user.

Intel says "requiring authenticated local access", that just means u are logged into an OS an able to run "normal" programs.

--------------

So no, a js script won't hick-jack your pc, but if u ever get some malware, it can get data from the whole system w/o having to gain admin access, which is quite difficult in itself.

The real threat is u can launch an azure/aws/google VM for 1 USD and use this attack to steal data from other VMs running on the same physical CPU.

 

Intel's vulnerability list in the CPUs it's shipped in just the past five years seems a clear warning on the perils of milking architectures. Intel is going to have to do what AMD has already done: design an entirely new x86 CPU architecture from the ground up. I cannot see a logical rationale for anyone buying Intel's CPUs at the present time.

 

Yes they do need a architecture change, but this doesn't make a new architecture invulnerable, it just means it's too new to find the appropriate exploits.
There will be some exploits that AMD have overlooked, but given how new their architecture is it will take time to fined it, same if Intel change theirs.

Personally I applaud Intel/AMD for getting one board with the researches, it shows they are willing to learn from their mistakes and innovate, everything takes time, everything is exploitable given the right circumstances.

 

eh what ever at this point I dont care, I use my pc to game and visit a handfull of websites, that it

The whole meltdown/spectre flaw open the gates and since then they all looking for security issue to out, and cause panic just to have there time in the news. Should flaws and security issue be fix yes, should they be outed to the public so everyone knows? no it shouldnt it just causing panic and witch hunts.

Even then most flaws arnt even know to majoirty of people nor do they care.

 

just an fyi i have not suffered this problem on linux, performance is largely the same maybe 10% loss max. using a penryn quad.