New RIDL vulnerability hits Intel - Advises Disabling Hyper-Threading Below 8th, 9th Gen CPUs

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, May 14, 2019.

  1. Aura89

    Aura89 Ancient Guru

    Messages:
    8,413
    Likes Received:
    1,483
    GPU:
    -
    Do....you not know anyone who is not particularly tech-savy and owns a PC?

    Have you ever looked at one?

    Have you ever seen the gigantic amount of programs they have downloaded, that were not actually the program they were looking for, but was instead a malicious software?

    I'm hoping your "nobody" refers to the general populous of this form, and not the general populous of the world, as we, people like us on this forum, are a minority. Anyone who has ever done PC repair, or helped out their family/friends, knows this.
     
    Neo Cyrus, Jagman and anticupidon like this.
  2. BetA

    BetA Ancient Guru

    Messages:
    4,527
    Likes Received:
    486
    GPU:
    G1-GTX980@1400Mhz
    *Delete
     
  3. Neo Cyrus

    Neo Cyrus Ancient Guru

    Messages:
    10,780
    Likes Received:
    1,393
    GPU:
    黃仁勳 stole my 4090
    Most people I know manage to clutter even their Android phones with crapware as if it's a Windows 98 public computer... in like 2 days.

    "Everything changed I don't know wtf is going on."
    "Does that include your launcher?"
    "What's a launcher?"
    "The interface you interact with."
    "I don't understand. Just fix it for me."
     
  4. Humanoid_1

    Humanoid_1 Guest

    Messages:
    959
    Likes Received:
    66
    GPU:
    MSI RTX 2080 X Trio
    Not true at all.

    A few examples:

    Just a few days ago a followed a legit news letter email link from another major tech website you all would know and as the page was loading to the article I got redirected to a malicious site trying to get me to click certain links to resolve a "problem".... it was pretty well done and many regular people might have followed them as it came from a Very trustworthy site.
    - The issue came from one of their banner ads that some group somehow snuck into their rotation.
    (actually the third time in as many years I have had that happen from their site.)

    or

    Similarly major websites like yahoo and a whole bunch of major trusted safe sites had malicious banner ads in their rotation some years back.

    or

    recently British Airways got hacked, last year I think it was, and a group installed credit card skimming javascript on their website + also happened to about 5000+ sites (think another was Adidas) in the same year by different groups...
    - they could similarly use such exploits as we are talking about instead.


    You cannot say "I do not visit bad websites so I am safe from such exploits..."


    EDIT:
    On that note don't use a debit card online if you have significant cash in the linked account without some kind of cover. Here in the UK some banks cover such losses on debit cards while others like mine, HSBC, do not... (I specifically asked my Advance Account manager about it a few months back)
    When you use a credit card it is not "your" money that gets spent when you use it, it is the card companies and as long as you report the issue within a reasonable time frame you are not held liable from such thefts.
    Paypal also cover you, don't ask me the details on them offhand, and refunded me money that got stolen from my account some years back. - The ONLY site I had used it on was Indiegogo which is a trustworthy site like kickstarter. No idea how the data got stolen - someone in the US emptied my paypal account to buy some mmorpg game currency I have never heard of lol
     
    Last edited: May 16, 2019

  5. chispy

    chispy Ancient Guru

    Messages:
    9,979
    Likes Received:
    2,693
    GPU:
    RTX 4090
    The performance hit when HT is disable is big , yet Intel is advising to turn off HT crippling the performance on the cpus even more :/ sad days coming up ahead ...
     
  6. Venix

    Venix Ancient Guru

    Messages:
    3,440
    Likes Received:
    1,944
    GPU:
    Rtx 4070 super
    come on all of us , how many times we sit to fix someone's else pc while they claim that the pc is suddenly just slow and they did "nothing" to it ?
    and then BOOM you open the browser default page ... the sweet page so ...right of the bat browser hijacker ! and then you just gaze upwards to see the norton taskbar ..bellow that the ask taskbar bellow that the yahoo taskbar !
    Or people that getting locked out of their own windows because they forget their password ... i even have an old usb drive that straight up deletes the password for windows account the few times i used it ... their face is priceless they look at me like i am some international class cracker !

    long story short ..never underestimate how bad is the general populous on keeping their pc "healthy"
     
    Neo Cyrus, Aura89 and Jagman like this.
  7. Astyanax

    Astyanax Ancient Guru

    Messages:
    17,011
    Likes Received:
    7,353
    GPU:
    GTX 1080ti
    don't bother, just use a web browser which has timing based mitigations and sandboxing and you'll only be at risk if your machine is already infected.
     
  8. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    15,693
    Likes Received:
    9,573
    GPU:
    4090@H2O
    Same as saying: Don't connect your PC to the internet and never connect anything via USB to it, you'll never get a virus.
    And I'm sure it's the user's job to sandbox so that Intel doesn't have to fix their crap. Yeah... no.
     
  9. moo100times

    moo100times Master Guru

    Messages:
    566
    Likes Received:
    323
    GPU:
    295x2 @ stock
    These issues have gone past the point of being funny, coincidental or fanboy based smears. Repeated security issues that even trying to fix (and older systems are likely to not get new required bios) with regular, step-wise degradation of performance through patches is too much. I was going AMD anyway, but looks like I will be pushing others this way for the foreseeable future
     
  10. TheDeeGee

    TheDeeGee Ancient Guru

    Messages:
    9,633
    Likes Received:
    3,413
    GPU:
    NVIDIA RTX 4070 Ti

  11. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,541
    Likes Received:
    13,557
    GPU:
    GF RTX 4070
    Or:
    - launch browser (or dedicated client app)
    - log-in to online bank
    - do operations
    - log-out
    - close browser (or client app)
    - trim stand-by memory lists
    Any side-channel threat is dismissed.
     
    Last edited: May 16, 2019
  12. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    15,693
    Likes Received:
    9,573
    GPU:
    4090@H2O
  13. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    7,975
    Likes Received:
    4,342
    GPU:
    Asrock 7700XT
    Huh? Intel explicitly said not to turn off HT. The other people who discovered the vulnerability are saying to turn off HT, and only for specific (older) models.
     
  14. anticupidon

    anticupidon Ancient Guru

    Messages:
    7,877
    Likes Received:
    4,122
    GPU:
    Polaris/Vega/Navi
    If any manufacturer outhere want to push ARM on the desktop, this is the time.
    Add Coreboot/Libreboot to it, and a huge army of privacy concerned people will buy it in a heartbeat.
    And running any flavour of your favourite Linux distribution is just an epic win.
    Just take my money already...
     
    HandR, Evildead666 and schmidtbag like this.
  15. D3M1G0D

    D3M1G0D Guest

    Messages:
    2,068
    Likes Received:
    1,341
    GPU:
    2 x GeForce 1080 Ti
    I think Intel said that turning off HT isn't the only way to mitigate the issue, saying the risks are small if you use official signed software. Google is turning it off by default on ChromeOS to eliminate any chances while others are leaving it on for their consumer products. I think it's likely that turning off HT is the best way to deal with the issue, but some are taking their chances due to the huge performance hit.
     

  16. Alessio1989

    Alessio1989 Ancient Guru

    Messages:
    2,941
    Likes Received:
    1,239
    GPU:
    .
    nobody has anything to worry about for now, unless someone find a piece of javascript code that is able to trigger all this. TPM has nothing to do about with this security hardware design holes, nor MD5 hashing.
     
  17. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    7,975
    Likes Received:
    4,342
    GPU:
    Asrock 7700XT
    I don't know about you but I can't wait for stuff like the Pinebook Pro to be released. I can phase out my old Haswell i3 laptop, which has been losing performance due to the mitigations.
    I'm not too keen on using Mali drivers but that laptop seems to be the best ARM-based Linux-ready daily driver laptop to be released. I'd rather get something like the Asus NovaGo since there are better Snapdragon drivers, but Linux support is basically undetermined, last I checked.
     
  18. Fox2232

    Fox2232 Guest

    Messages:
    11,808
    Likes Received:
    3,371
    GPU:
    6900XT+AW@240Hz
    Actually, Linus Torvalds said that as there is up to 40% impact on linux form certain intel "fixes", it is better to just turn off HT which is primary cause.
    (That's because intel's kernel patch enforces those fixes instead of making them optional.)
     
  19. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    7,975
    Likes Received:
    4,342
    GPU:
    Asrock 7700XT
    I think I actually mentioned that very thing earlier in this thread (under a different context;I didn't mention Linus). But, Linus isn't a spokesperson for Intel. Like I said, people outside of Intel recommend to turn off HT, but Intel themselves do not suggest doing so.
     
    Fox2232 likes this.
  20. Aura89

    Aura89 Ancient Guru

    Messages:
    8,413
    Likes Received:
    1,483
    GPU:
    -
    Hello intel.
     
    Keitosha likes this.

Share This Page