New CacheOut Speculative Execution Vulnerability Hits Intel

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Jan 28, 2020.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    37,005
    Likes Received:
    6,077
    GPU:
    AMD | NVIDIA
    toyo likes this.
  2. Angantyr

    Angantyr Master Guru

    Messages:
    692
    Likes Received:
    177
    GPU:
    GTX 980Ti EVGA SC+
    At this point I'm just numb to endless barrage of vulnerabilities that Intel keeps receiving. What can even be said at this point.

    [​IMG]
     
    toyo, carnivore, anticupidon and 2 others like this.
  3. Evildead666

    Evildead666 Maha Guru

    Messages:
    1,281
    Likes Received:
    265
    GPU:
    Vega64/EKWB/Noctua
    Hey, at least the older CPU's like my i5-3570K aren't involved for once :)
     
  4. ngoni615

    ngoni615 Member

    Messages:
    34
    Likes Received:
    4
    GPU:
    GTX 1080ti 11gb
    But the older cpus are also affected lol including the 3570K. It is a "Core" series cpu and therefore you are not spared. lol One of the many reasons why i decided to go AMD
     

  5. Only Intruder

    Only Intruder Maha Guru

    Messages:
    1,194
    Likes Received:
    166
    GPU:
    Sapphire Fury Nitro
    Yup, and this includes the Core2 line as well, so ye olde Q6600 as an example... Heck when the Spectre and Meltdown software mitigations were released, it tanked performance on the Q6600 tremendously... So much so that a 3.5GHz overclock was necessary to maintain 2.4GHz stock performance, it really did cut performance by about 40%.
     
  6. D3M1G0D

    D3M1G0D Ancient Guru

    Messages:
    2,071
    Likes Received:
    1,331
    GPU:
    2 x GeForce 1080 Ti
    I've said this before, but Intel needs a brand new architecture to stop these exploits. The Core architecture is fundamentally insecure and these exploits will keep popping up (and patching them is like putting a bandaid on a gaping wound). Hopefully they have something in the works.

    This must be good for for their bottom line though. Businesses will order more Intel CPUs to make up for the performance loss from patching their current Intel CPUs, and each exploit leads to more sales. Hurray for Intel! :p
     
  7. -:[CC]:-

    -:[CC]:- New Member

    Messages:
    4
    Likes Received:
    1
    GPU:
    1080TI@2,1/12ghz
    The following specifically states that physical admin access(authenticated local access) is required;
    https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/
    An attack to exploit this vulnerability can not be rendered remotely, IE through a network share or web browser.

    I can do alot with all cpus/systems if i have physical admin access(authenticated local access) U better patch me :)
     
    toyo likes this.
  8. Gomez Addams

    Gomez Addams Active Member

    Messages:
    77
    Likes Received:
    49
    GPU:
    2 x Titan RTX, 24GB
    I think all of this stuff about speculative execution vulnerabilities is much ado about nothing. The most important thing to remember is the attacker must install and run the malicious software on the target machine. If that is prohibited then nothing will happen at all.

    Here's my conspiracy theory about these things : after the "sky is falling" announcements, what did people do? Most immediately installed updates on their machines. I think those updates were actually installing backdoors so the NSA and other governmental TLA's can monitor your activities. I have not and will not install any "updates" for this because I consider it to be a non-issue. Especially if you don't allow malicious software to run in the first place. Start there and the rest will take care of itself.
     
  9. warlord

    warlord Ancient Guru

    Messages:
    2,825
    Likes Received:
    945
    GPU:
    Null
    Enthusiasts and blackmarket paid IT wannabes still bragging about Intel cpus for epeen. IntelĀ® needs severe punishment for the last decade of deception, laziness and zero innovation. In AMD we trust!
     
  10. Fox2232

    Fox2232 Ancient Guru

    Messages:
    9,939
    Likes Received:
    2,292
    GPU:
    5700XT+AW@240Hz
    Well, threads are not processes. While browser may have one or more PIDs, there may be dozens to hundreds threads hiding underneath.
    But still, this is kind of bad as there are going to be scenarios where even disabling HT won't result in full protection.
     

  11. squalles

    squalles Master Guru

    Messages:
    754
    Likes Received:
    32
    GPU:
    Galax GTX 1080 EXOC OC
    im scaried now, any hacker can stolen my save game on witcher 3
     
  12. HybOj

    HybOj Active Member

    Messages:
    91
    Likes Received:
    52
    GPU:
    ASUS GTX 970 DCmini
    No worries mate, intel will take care of that security issue, it will just take some CPU performance from you, as always. I think thats not a problem for you, you can always buy a better intel CPU and be prepared for new issues, which will come
     
    carnivore likes this.
  13. Gomez Addams

    Gomez Addams Active Member

    Messages:
    77
    Likes Received:
    49
    GPU:
    2 x Titan RTX, 24GB
    There is NO case where that could happen. In addition, I have not read of any exploit where the data acquired was from the same process as the exploit. It is always left over from the context switches of other processes. I have not read that disabling HT can mitigate the attack either. It just might make it occur less frequently since fewer threads would run simultaneously when HT is disabled.

    Personally, I view this is a chicken-and-egg type of problem. There will no exploits of this nature what so ever if no malicious code ever runs on your machine. That is the place to take preventative measures.
     
  14. karma777police

    karma777police Member Guru

    Messages:
    130
    Likes Received:
    50
    GPU:
    1080
    Honestly do not care about any of these security issues.
     
  15. JamesSneed

    JamesSneed Master Guru

    Messages:
    667
    Likes Received:
    225
    GPU:
    GTX 1070
    Here we go again. This is another case where you need to run the exploit as admin and really at that point I think you got larger issues than someone trying to mine the CPU's cache for hidden gems.
     

  16. squalles

    squalles Master Guru

    Messages:
    754
    Likes Received:
    32
    GPU:
    Galax GTX 1080 EXOC OC
    its true, maybe with more 3 or 4 security fixes and losing performance, finally amd can beat the i7 8700k
     
  17. TieSKey

    TieSKey Member Guru

    Messages:
    136
    Likes Received:
    31
    GPU:
    Gtx870m 3Gb
    The paper literally says u DONT need privileged access (heck, the world privileged is not even used while unprivileged appears like 5+ times).
    Just in case, privileged means u are the OS or an admin/root user. Unprivileged means any common user.

    Intel says "requiring authenticated local access", that just means u are logged into an OS an able to run "normal" programs.

    --------------

    So no, a js script won't hick-jack your pc, but if u ever get some malware, it can get data from the whole system w/o having to gain admin access, which is quite difficult in itself.

    The real threat is u can launch an azure/aws/google VM for 1 USD and use this attack to steal data from other VMs running on the same physical CPU.

     
  18. waltc3

    waltc3 Maha Guru

    Messages:
    1,031
    Likes Received:
    310
    GPU:
    AMD 50th Ann 5700XT
    Intel's vulnerability list in the CPUs it's shipped in just the past five years seems a clear warning on the perils of milking architectures. Intel is going to have to do what AMD has already done: design an entirely new x86 CPU architecture from the ground up. I cannot see a logical rationale for anyone buying Intel's CPUs at the present time.
     
  19. schoolofmonkey

    schoolofmonkey Master Guru

    Messages:
    201
    Likes Received:
    11
    GPU:
    ROG RTX2080ti Strix
    Yes they do need a architecture change, but this doesn't make a new architecture invulnerable, it just means it's too new to find the appropriate exploits.
    There will be some exploits that AMD have overlooked, but given how new their architecture is it will take time to fined it, same if Intel change theirs.

    Personally I applaud Intel/AMD for getting one board with the researches, it shows they are willing to learn from their mistakes and innovate, everything takes time, everything is exploitable given the right circumstances.
     
    airbud7 likes this.
  20. tsunami231

    tsunami231 Ancient Guru

    Messages:
    9,937
    Likes Received:
    419
    GPU:
    EVGA 1070Ti Black
    eh what ever at this point I dont care, I use my pc to game and visit a handfull of websites, that it

    The whole meltdown/spectre flaw open the gates and since then they all looking for security issue to out, and cause panic just to have there time in the news. Should flaws and security issue be fix yes, should they be outed to the public so everyone knows? no it shouldnt it just causing panic and witch hunts.

    Even then most flaws arnt even know to majoirty of people nor do they care.
     
    Last edited: Jan 29, 2020
    airbud7 likes this.

Share This Page