Discussion in 'Frontpage news' started by anticupidon, Nov 12, 2019.
Oh my goodness I'm happier each day with going AMD!!!
WTF Intel!?!? Man........!
There's a reason why we try to make our systems foolproof - to protect it from fools
It's been documented that many of the exploits were likely known for some time by the department of defense and Intel coordinated with the NSA and further on specifics towards closing loopholes in them far back as 2007 if memory serves (Still trying to find the old source I'd read on that part - will post if changes). A close similarity - example - some offerings Dell now provides to consumers in "Dell Intel Vpro" are what Intel had been doing for years prior to now and more in the government and military sector.
The thing is not so much a conspiracy but a byproduct and re-active measure instead of proactive practices. The real irony in my opinion is that if someone were to buy a Vpro solution at this point - Intel does not "officially support" it since it's not to-spec from the OEM. Or so they have stated in press-release. Politics aside; Intel has poorly handled the exploits in their technology over the past decade and half.
Proof of discovery (irregardless of circumstance)
Joanna Rutkowska; proof of concept, Spectre - 2010
The Intel 80/spl times/86 processor architecture: pitfalls for secure systems NSA, Meltdown - 1995
It's not hard to surmise from the above the national intelligence apparatus were aware. Still looking for that other article I wanted.
What I don't understand is the present news of congress/senate going after Intel for releasing supposed recent information to China before the DOD. Nothing out there is really that recent in circumspect. If the government is running sensitive platforms on at-risk(high) hardware year after year; it's on them. Further discussion delves into claims of national security and public safety interest; I think it's a can of worms, i.e. business licenses' etc ...
Taking Stock - Cyber Sec Harvard Paper
Huge security flaws revealed - Washington Post
Triple Meltdown - WIRED
Yes - this is very true - there is only so much that can be automated and programmed/"engineered" around sheer stupidity
looks like the performance impact of the TAA mitigations are pretty bad, looks like its better to just disable TSX altogether.
Sounds like there is logo "Intel Inside" on building...
It's better to disable TSX because the mitigation is just as detrimental to performance as TSX disabled?
Yes it actually appears to be worse to keep tsx enabled with the mitigations, than just disabling tsx altogether.
Atleast so far, with the current patches on linux.
Damn that isn't good.
EDIT: sigh eh no sense of getting upset I'm glad people are pen-testing I just wish they'd pen-test competition as aggressively. Far as ASF goes - looks like AMD never released it on any SKUs. Perhaps they saw something. All we'll ever do at this point is speculate.
While this doesn’t really affect us too much, I’d imagine companies with thousands of servers won’t be happy. It’ll be a huge performance drop for them. Rumor has it that companies are ditching Intel and either going full AMD Epyc or some other custom solution. But Intel is losing tons of contracts.
Intel Is Patching the Patch for the Patch for Its ‘Zombieload’ Flaw
I agree with this, i need someone to explain to me why we are freaking out over this when these vulnerabilities require physical access. I feel like if a bad actor has physical access to a machine you've already lost the battle.