Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, May 3, 2018.

  1. SpajdrEX

    SpajdrEX AMD Vanguard

    Messages:
    2,336
    Likes Received:
    630
    GPU:
    RTX2070 SUPER
    Thanks, after i wrote my request i realized something like this exists. It increased score with any benchmark i used, not by much, but every boost counts :)
     
    Robbo9999 likes this.
  2. anticupidon

    anticupidon Ancient Guru

    Messages:
    5,044
    Likes Received:
    1,594
    GPU:
    Polaris/Vega/Navi
    Here we go again, more bad news!
    Working now in cybersecurity is either very lucrative for evil doers and a pure nightmare for sysadmins and the whole world.
     
  3. SpajdrEX

    SpajdrEX AMD Vanguard

    Messages:
    2,336
    Likes Received:
    630
    GPU:
    RTX2070 SUPER
    Yep i'm afraid we will do soon or later another wave of security patching for our customer.
     
  4. Mufflore

    Mufflore Ancient Guru

    Messages:
    11,918
    Likes Received:
    872
    GPU:
    1080Ti + Xtreme III
    There are orders of magnitude more hacking bots than there are humans doing it.
    Bots can do extremely complex jobs with utmost precision, very fast, hidden and without any effort once programmed.
    There is nothing to limit how many can run simultaneously.
    When they locate a valuable resource a human can take over and decide how best to handle it.
    You can be sure you are entered in a database for later use or to be sold to anyone.
    You might never know your identity has been stolen until you see a credit report. It can screw your life up trying to sort it out... if you truly can.
    Thats just one thing, it is cause for worry.
     

  5. nosirrahx

    nosirrahx Master Guru

    Messages:
    241
    Likes Received:
    76
    GPU:
    HD7700
    It was asked earlier what there was to worry about these exploits.

    The biggest issue comes in the form of multipart exploit kits. These "kits" use a whole toolbox of exploits to gain access to your system typically with the goal of downloading and executing payload without user interaction.

    The more exploitable components in your system (OS, browser, hardware) the easier it is to "drive by" infect your system.

    In the worst cases 100% safe sites can become compromised with exploit born malware and you can be a 100% "safe surfer" and still get infected.

    It was several years ago now but there was an ISP with a compromised webmail page. Simply opening your webmail page would infect you directly if you were vulnerable. The exploit was silent and so was the payload (added your system to a botnet).
     
    Fox2232 likes this.
  6. alanm

    alanm Ancient Guru

    Messages:
    9,384
    Likes Received:
    1,619
    GPU:
    Asus 2080 Dual OC
    Yes, bots can do great damage. But by their very nature can only be effective if spreading across large numbers of PCs which increases their chance of being detected in the wild by AV or malware companies. Secondly, bots still need 'humans' to make sense out of any useful data out of the millions of PCs they sift through.

    This topic is so funny because lots of people were recently arguing and boasting about how they dont need AV or ant-malware products, that they "know what they are doing" and can spot any malware, bots or other threats just by "being careful" and observant with what they click on or what goes on with their PCs.

    So we have 2 extremes of viewpoints, the alarmists vs the "experts" who are aware of every little thing that goes on in their PCs and are "safe" simply due to that and dont need no fricking AVs. I'm happy to sit in the middle and watch all these contradictory arguments unfold. :D
     
  7. bombardier

    bombardier Master Guru

    Messages:
    233
    Likes Received:
    24
    GPU:
    RTX 2080 Ti GAMING
    Obsolescence.
     
    HonoredShadow likes this.
  8. easytomy

    easytomy Member

    Messages:
    49
    Likes Received:
    8
    GPU:
    AMD
    Last time I checked, a botnet needs to have access / exploit a security vulnerability on the operating system, not on the CPU. So if a company is susceptible to a botnet / has no AV ... it doesn't matter what vulnerabilities the CPUs it has. Security will still be compromised.
     
    alanm likes this.
  9. Yxskaft

    Yxskaft Maha Guru

    Messages:
    1,446
    Likes Received:
    110
    GPU:
    GTX Titan Sli
    Security researchers have pointed out that AVs are given access to everything and malware can simply target vulnerabilities in the AVs themselves to get access to the PC, and we have seen AVs getting updates to prevent that from happening.

    I agree that the so-called power users are too extreme with what they think they control, but the argument of AVs' safety is also questioned.
     
  10. alanm

    alanm Ancient Guru

    Messages:
    9,384
    Likes Received:
    1,619
    GPU:
    Asus 2080 Dual OC
    Many years ago on Win XP, some malware got through and used my AVs scanning engine to spread itself throughout my PC. So the more I scanned looking for it, the more it spread itself. It was a rather crude malware that targeted exe files and corrupted them. Caused a lot of damage, had to format my entire PC. Fortunately we've come a long way since then.
     

  11. Mufflore

    Mufflore Ancient Guru

    Messages:
    11,918
    Likes Received:
    872
    GPU:
    1080Ti + Xtreme III
    Hehe yeah, they now encrypt the whole PC straight away.
     
    alanm likes this.
  12. 386SX

    386SX Master Guru

    Messages:
    940
    Likes Received:
    933
    GPU:
    AMD Vega64 RedDevil
    Could be my ex, but she isn't called Intel ... :p
     
    Venix likes this.
  13. DiceAir

    DiceAir Maha Guru

    Messages:
    1,351
    Likes Received:
    14
    GPU:
    Galax 980 ti HOF
    All this security issues one after the other. By the time we get all this fix we all will go back to core 2 duo performance....lol.
     
    chispy likes this.
  14. Venix

    Venix Maha Guru

    Messages:
    1,288
    Likes Received:
    445
    GPU:
    Palit 1060 6gb
    Dude do not make such comments while people drinking morning coffee ! I spiled coffee all over my carpet! (Yes i was fast enough to save my keyboard!!!)
     
  15. Fox2232

    Fox2232 Ancient Guru

    Messages:
    10,524
    Likes Received:
    2,535
    GPU:
    5700XT+AW@240Hz
    Last time I checked, 60% of systems in botnets get infected by person clicking something containing malicious code. Like link in browser where add contains spectre/meltdown code or something exploiting bug in browser.

    You assume OS level vector and think that CPU level vector means nothing. But if CPU level vector exists then OS level protection for other things is good for nothing. Same goes for antivirus. Because those exploits are about gaining access to either protected data in memory or admin privileges which are then used to install whatever / cripple protections.
     

  16. nosirrahx

    nosirrahx Master Guru

    Messages:
    241
    Likes Received:
    76
    GPU:
    HD7700
    It does not work that way. All that is required is for the vulnerable component to be passed specifically crafted data to trigger an unintended outcome. If the vulnerable component is not patched to correctly handle this malformed data it will malfunction as the attacker intends.

    These CPU exploits wont be attacked on their own, they will be attacked in a multipart exploit attack. Think of data injection paired with permission elevation paired with unauthorized access...... That is how exploits work, they come in the form of a multi-part kit.

    It is likely that these CPU exploits would be pretty far down the execution chain meaning that other exploits would open the door and then these CPU exploits would attain root access. Exploits that already exist but are not used due to limited functionality could be weaponized with these CPU exploits to make them actually useful.

    Exploits also come with 2 variations. First is the exploit itself can be refactored with different code to attain the same objective, this makes it hard to block with security software. On top of that is the obfuscation layer. This layer does not change the core functionality of the exploit but it does change how the exploit package "looks" further impeding security software.
     
  17. chispy

    chispy Ancient Guru

    Messages:
    8,843
    Likes Received:
    966
    GPU:
    RTX 2080Ti - RX 590
    +1 This ^ :( , i still have 2 Intel running PCs at home and 2 AMD :confused:
     
  18. nosirrahx

    nosirrahx Master Guru

    Messages:
    241
    Likes Received:
    76
    GPU:
    HD7700
    Unfortunately this could be a concern. While most things are not too seriously affected Intel did screw another Intel product, Optane. I have done some limited testing and my 900P lost 25% of its 4KQ1T1 performance after patching the BIOS.

    I am building a new workstation soon with a 905P drive for the OS/apps. I will be testing 1709 base + old BIOS VS 1803 updated + newest BIOS to see just how bad the drop is.
     
    Mufflore likes this.
  19. chispy

    chispy Ancient Guru

    Messages:
    8,843
    Likes Received:
    966
    GPU:
    RTX 2080Ti - RX 590
    Keep us updated on your findings. thanks in advanced.

    Kind Regards: Chispy
     
  20. nz3777

    nz3777 Ancient Guru

    Messages:
    2,449
    Likes Received:
    206
    GPU:
    Gtx 980 Strix
    Can someone please explain in plain English what Specture and meltdown do exactly? Other then security issues do you also loose cpu performance with these attacks? If so what % of gaming performance would a person loose buying a 8700k for example? I am having a hard time understanding why all this crap is happening,Hackers trying to exploit Intel and Amd for $ I assume?
     

Share This Page