Intel processors Vulnerable to New BranchScope Attack

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Mar 28, 2018.

  1. blazngun

    blazngun Guest

    Messages:
    23
    Likes Received:
    11
    GPU:
    GTX 760
    You are spot on about gameplay tsunami. I have been saying for years that a good game can "look like crap" but still be awesome fun. Vast majority of new games look pretty but "are crap". It doesnt matter if its flashy and polished if its crap to play.
     
    mbk1969 likes this.
  2. jaggerwild

    jaggerwild Master Guru

    Messages:
    940
    Likes Received:
    378
    GPU:
    EVGA RTX 2070 SUP
    OK, so this effects everybody or only VM users? Yeah, Id like the choice to wait on an update to make sure as well. Rather then spending extra time re installing an OS then patching it 15 times.
     
    airbud7 likes this.
  3. tensai28

    tensai28 Ancient Guru

    Messages:
    1,543
    Likes Received:
    414
    GPU:
    rtx 4080 super
    I still haven't installed the bios update for the last vulnerability and haven't been hacked until now (nor has anyone). I'm not gonna be a sucker and lose performance over nothing. Same goes with this if it hurts performance in any way.
     
    airbud7 likes this.
  4. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    15,696
    Likes Received:
    9,574
    GPU:
    4090@H2O
    Again? I still haven't installed Spectre patches...
     

  5. anticupidon

    anticupidon Ancient Guru

    Messages:
    7,878
    Likes Received:
    4,126
    GPU:
    Polaris/Vega/Navi
    another one?
    what's with all those vulnerabilities popping up lately?
     
  6. NaturalViolence

    NaturalViolence Guest

    Messages:
    80
    Likes Received:
    25
    GPU:
    EVGA/GTX260 C216/896MB
    You're making a mountain out of a mole hill. There has been one patch so far (per OS), it only effects the performance of VM software, and even then the performance hit is minimal. And to top it off Intel is implying here that the existing workaround will work with this exploit too.
     
  7. DrCrow

    DrCrow Member

    Messages:
    11
    Likes Received:
    2
    GPU:
    GB GTX 770
    need to revive this thing No Vulnerabilities :D
    [​IMG]
     
    mbk1969 likes this.
  8. Fox2232

    Fox2232 Guest

    Messages:
    11,808
    Likes Received:
    3,371
    GPU:
    6900XT+AW@240Hz
    Back in those days you did not need CPU vulnerabilities. MS's OSes were full of holes. There was hardly any library safe. Network, Direct Input, Direct Sound, ...
    NTFS was music from future. System was ready to commit suicide upon inserting infected flashdrive with autostart...
    Those were funny times. What was that dumb ass communication tool with which you could send messages over network to any MS PC and it did pop out?
     
    DrCrow likes this.
  9. DrCrow

    DrCrow Member

    Messages:
    11
    Likes Received:
    2
    GPU:
    GB GTX 770
    WinPopup ?
     
    Fox2232 likes this.
  10. D3M1G0D

    D3M1G0D Guest

    Messages:
    2,068
    Likes Received:
    1,341
    GPU:
    2 x GeForce 1080 Ti
    I still haven't locked my door and I haven't been robbed yet (nor has anyone). I'm not gonna be a sucker and lose convenience over nothing. Same goes with this if it makes it less convenient to get into my house. :p
     

  11. waltc3

    waltc3 Maha Guru

    Messages:
    1,445
    Likes Received:
    562
    GPU:
    AMD 50th Ann 5700XT
    Nope, you appear to have it backwards...;) Correct industry standard is for public release to come 90-days or more after the CPU manufacturers are made aware of the problem. The 24-hours given the silly recent financially motivated and failed attacks on AMD architecture were a dead giveaway that the info was false and/or very misleading.

    I found the following quote from near the end of the article to be highly interesting:

    Given our observations with mfence and lfence successfully mitigating Spectre and SpectrePrime in our experiments,
    we believe that any software techniques that mitigate Melt-down and Spectre will also be sufficient to mitigate Melt-
    downPrime and SpectrePrime.

    mfence and lfence are current Intel instructions which defeat so-called MeltdownPrime and SpectrePrime, entirely.

    More and more, these "security bulletins" remind me of the old days when the favorite topic was windows 9x/XP vulnerabilities, which blazed across the public consciousness like a 5-alarm fire, only to conclude at the bottom of the articles and in very fine print: "The listed vulnerabilities occur in only currently unpatched Windows 9x and XP systems." Then you look at the date of the patches and find they occurred three years ago but the "security bulletin" put out by "security researcher" Company X was only generated last week.

    Increasingly it becomes difficult to separate "researchers" from the malware hackers, and to determine the actual motivations behind the persons supplying the information in the first place. I have much more confidence in "proof of concepts" (often highly debatable) that AMD and Intel pay for themselves as opposed to the ones that pop up to make headlines without having given the customary advance notice to the cpu manufacturers that the public disclosure of such information demands. This bulletin is *not* one of those, fortunately, although it seems a concept "proven" for which even mere exiting software solutions already exist.
     
    mbk1969 likes this.
  12. Fox2232

    Fox2232 Guest

    Messages:
    11,808
    Likes Received:
    3,371
    GPU:
    6900XT+AW@240Hz
    "mitigate"
     
  13. D3M1G0D

    D3M1G0D Guest

    Messages:
    2,068
    Likes Received:
    1,341
    GPU:
    2 x GeForce 1080 Ti
    I think he was being sarcastic.
     
    Kaarme likes this.
  14. TheDeeGee

    TheDeeGee Ancient Guru

    Messages:
    9,636
    Likes Received:
    3,413
    GPU:
    NVIDIA RTX 4070 Ti
    With all these holes i don't see Intel and AMD release a CPU which is gonna be 25% faster than the previous generation.

    Might even turn out to be slower because of all the hardware fixes that have to be applied.
     
    fantaskarsef likes this.
  15. tensai28

    tensai28 Ancient Guru

    Messages:
    1,543
    Likes Received:
    414
    GPU:
    rtx 4080 super
    Obviously not the same. You are comparing a non existing threat to a very much existing threat. How many people around the world have been hacked by these exploits? The answer is zero. Now how many people around the world have had their houses broken into? Well, I don't know the exact number but I'm sure it's a lot more than zero. If you patch your bios now, you are loosing out on performance for nothing.
     
    Last edited: Mar 30, 2018

  16. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    15,696
    Likes Received:
    9,574
    GPU:
    4090@H2O
    I was thinking the exactly same thread, posted it some weeks ago in one of the spectre / meltdown threads.

    Either Intel has to give us something better than they would have done in terms of performance, or there will be no performance gain at all, meaning no sales. Because of h/w level fixing of such exploits definately takes some performance with it, they would have to give a 15% boost, deduct 5-10% for the fixes, and stick to their usual 5-10% boost for their next generation :D

    It's just a joke that first they had half a year for their fixes and did nothing, then they produced faulty, buggy patches, and just when you think they have gotten a hold of themselves again, there's another vulvernability they even introduced with the patches against vulvernabilities... if I wouldn't know better I'd say that can't be real :D
     
  17. D3M1G0D

    D3M1G0D Guest

    Messages:
    2,068
    Likes Received:
    1,341
    GPU:
    2 x GeForce 1080 Ti
    Meltdown and Spectre samples have been found in the wild, and these attacks don't leave an obvious trace. It is a very real threat, and choosing not to apply patches is precisely the same as leaving your door unlocked. Just because the chances of being robbed is very small doesn't mean that you can dismiss it.

    Security measures impact performance, there's no two ways about it. Security screenings at airports cause delays (you can't just walk into an airport and get to the terminal immediately) and are an obvious inconvenience but they are necessary, and the same goes for computers. If all security features were removed from your system then it would perform much faster, but it would be completely exposed (is it worth having a system that is twice as fast, but which anyone can hack into?). The fact of the matter is that your computer is running faster than it should be, and these patches represent the correct performance level of your system.

    The thing is, I'm willing to bet that even if a report came in that thousands of PCs have been hacked through Meltdown, you would still not patch your system (you would insist that it's statistically insignificant, or that hackers would not target you). I'm convinced that you would never sacrifice performance for anything.
     
  18. tensai28

    tensai28 Ancient Guru

    Messages:
    1,543
    Likes Received:
    414
    GPU:
    rtx 4080 super
    Well you are wrong, the second I hear of even a single PC being hacked, I will immediately patch my system so please don't make assumptions. That being said I would like some proof that this has been put in the wild and hacked an actual users PC otherwise I'm calling this post BS because I have yet to hear of this.
     
  19. D3M1G0D

    D3M1G0D Guest

    Messages:
    2,068
    Likes Received:
    1,341
    GPU:
    2 x GeForce 1080 Ti
    http://www.tomshardware.com/news/meltdown-spectre-malware-found-fortinet,36439.html
     
    fantaskarsef likes this.
  20. user1

    user1 Ancient Guru

    Messages:
    2,748
    Likes Received:
    1,279
    GPU:
    Mi25/IGP
    This attack is much like the Spectre, so yes this effects everyone, once again all that has to be done is execute malicious code on a machine, which could be something like javascript (every webpage uses javascript these days),thankfully it it is highly likely that the existing microcode+os patches for spectre are effective against this or can be easily modified to include it.

    There has been talk about these types of exploits being possible for many many years, No one published a working Proof of concept until recently, now that it is known to be possible, more people are interested in the topic and are looking for them,
    think of it like a newly formed branch of a tree with many smaller sub-branches budding forth.
     
    jaggerwild likes this.

Share This Page