1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New RIDL vulnerability hits Intel - Advises Disabling Hyper-Threading Below 8th, 9th Gen CPUs

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, May 14, 2019.

  1. Aura89

    Aura89 Ancient Guru

    Messages:
    7,575
    Likes Received:
    841
    GPU:
    -
    Lots of anti-AMD trolls coming out of the woodworks with this information to try and shift focus away from intels problems and trying to make it out that its nothing big, forget about it, claiming AMD trolls everywhere.

    Do we have intel PR reps here all of the sudden?

    Sorry Intel PR reps, your company has problems and people are getting fed up with it. Deal with the facts, and take that back to your boss'.
     
    Darkest, K.S. and Keitosha like this.
  2. jwb1

    jwb1 Master Guru

    Messages:
    447
    Likes Received:
    45
    GPU:
    MSI GTX 1080 Ti
    Sorry, I don't deal with deep state or conspiracy theories. Fact is, Intel discovered these flaws before any of the research labs and has since been working with them to handle this the proper way to announce and fix the issues. This is the proper way to handle such situations.

    Intel nor AMD is immune to security flaws. And in additionally, If anyone wants to attack Intel for pricing, which somehow some people here have attributed this new report of security too, that is a separate discussion and subjective.

    If anyone here is so betrayed or upset at Intel for these security flaws, I would hope they reacted the very same way when AMD had theirs. And the defense cannot be: AMD had less flaws. That is hypocrisy. If security is upmost important to you, then you should not have a computer.
     
    Last edited: May 15, 2019
  3. Evildead666

    Evildead666 Maha Guru

    Messages:
    1,169
    Likes Received:
    203
    GPU:
    Vega64/EKWB/Noctua
    If its an official Bios,you may as well do it.
    just follow all the usual precautions.

    My problems were because I had to create my own Bios, and flashed many times in a row, and one of those went bad.
    When I got my new Bios chip I just left it alone. lol :) enough is enough sometimes.
    My Asrock Z77 isnt going to get an official update.
     
    Txatxiquesi likes this.
  4. Aura89

    Aura89 Ancient Guru

    Messages:
    7,575
    Likes Received:
    841
    GPU:
    -
    No, it really isn't.

    When you purchase items from a company that is majorly more expensive then their competitors, you rightfully so expect that you should have less issues with said item. It doesn't matter if its a toaster, pants, cars, umbrellas, houses or whatever you want to talk about, if its more expensive, you have higher expectations. And when those higher expectations are not abided by, you have more angry customers.

    They are directly related, not seperate.
     
    Darkest, ZXRaziel, Keitosha and 4 others like this.

  5. jwb1

    jwb1 Master Guru

    Messages:
    447
    Likes Received:
    45
    GPU:
    MSI GTX 1080 Ti
    No, with security as important as it is, as everyone here seems to think it is, you cannot give one company more of a pass because they have less issues with it, but still has issues. I have felt since the beginning of all these security flaws coming out against Intel and AMD that both have dealt with it fairly.

    BTW, I have had zero issues in real life with my Intel products. I can also say the same for AMD as well.
     
  6. D3M1G0D

    D3M1G0D Ancient Guru

    Messages:
    1,855
    Likes Received:
    1,190
    GPU:
    2 x GeForce 1080 Ti
    No. When you have two competing products, and one of them has more flaws than the other, than that IS a valid point of criticism. This is not hypocrisy. If car A is less safe than a competing car B, then criticism of car A is warranted (the fact that both are not absolutely, 100% secure under all conditions and scenarios is besides the point). To say that you cannot criticize either (or that you must criticize both) because they both cannot guarantee absolute safety is absurd.
     
    Darkest, Keitosha, carnivore and 5 others like this.
  7. Fox2232

    Fox2232 Ancient Guru

    Messages:
    9,677
    Likes Received:
    2,157
    GPU:
    5700XT+AW@240Hz
    Wanna something really funny? And no, it is not deep state conspiracy. It is google.

    They are working on removing/replacing IME. And they are far from alone. They are for years able to partially cut it down, and disable after it is done with 1st boot phase (otherwise it would be running as long as PC).
    Moment someone manages to replace it, that someone will own all intel's chips out there... Working for them.
     
    Aura89 likes this.
  8. jwb1

    jwb1 Master Guru

    Messages:
    447
    Likes Received:
    45
    GPU:
    MSI GTX 1080 Ti
    Nice try comparing this to a car, it is not even close. How many times have you heard someone say, don't buy a Ford its crap? Then you hear someone say Ford is great.

    Its your opinion, however. But I disagree.

    And again most people who buy CPUs don't even take these security issues into account. Most people don't even look into safety when buying a car. The one's that do and are really worried, well, again don't buy a computer or a car.
     
    Last edited: May 15, 2019
  9. Fox2232

    Fox2232 Ancient Guru

    Messages:
    9,677
    Likes Received:
    2,157
    GPU:
    5700XT+AW@240Hz
    So, you claim that someone who cares about security does not "buy" therefore own computer? How do you freaking live in modern world without digital device enabling you to deal with all the administration all developed countries require you to do?

    Ah, I get it. Someone who cares about security degrades himself to idiot who spends his free time traveling around from office to office with tons of papers...

    And at same time, you just came to conclusion that anyone here posting "Does NOT care about security", because they own device able to connect to digital network and may have some vulnerability.

    (You are brilliantly stupid. Because you form arguments which you design in way that you feel as being right either way. Since anyone arguing against you already discredited himself in your eyes, by using potentially insecure device and therefore not caring about security.)
     
    Darkest and Aura89 like this.
  10. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    4,338
    Likes Received:
    1,308
    GPU:
    HIS R9 290
    If being patched the first day is the only thing you care about then apparently you aren't aware (or don't care) that these patches will involve a substantial performance decrease.
    You do realize that the whole reason why these attacks are so scary is the fact they're undetectable, right? Most people who get rabies or Lyme disease don't know they were infected for days or even weeks, until its too late. This is no different.
    To my recollection, people were in fact upset at AMD about their previous flaws. But, AMD doesn't command much of the market. AMD's total assets are worth nearly 1/3 of Intel's net revenue in any given year. Intel has been recycling pretty much the same architecture for roughly 5 years. And yet, AMD, ARM, IBM, and Oracle all have fewer hardware vulnerabilities than Intel. What is Intel's excuse? You claim they knew of this stuff for years, so why didn't they do anything about it? This is why people are rightfully pissed off - Intel was willfully negligent, despite having practically infinite resources to address the problem. And now that they're so wide-spread, this means tens of millions of computers are at risk, many of which cannot be accommodated properly. Of the ones that do get fixed, people are losing the performance they paid for. How biased can you possibly be to not see how that's a problem?
     
    Darkest, ZXRaziel, Keitosha and 11 others like this.

  11. Denial

    Denial Ancient Guru

    Messages:
    12,312
    Likes Received:
    1,495
    GPU:
    EVGA 1080Ti
    This was really well said.
     
    Darkest, HandR, Aura89 and 1 other person like this.
  12. vbetts

    vbetts Don Vincenzo Staff Member

    Messages:
    14,607
    Likes Received:
    1,184
    GPU:
    RTX 2070FE
    Oh my gosh you couldn't go anywhere without hearing about the TLB bug on the original Phenom.

    But I highly doubt Intel or AMD know of these security issues years ahead of time, there really isn't anything to back this up either. If Intel knew about RIDL for example, why market and sell products with HT then? Honestly security issues like this are not really of any affect for your home user, unless you have that one guy on the internet that just likes to mess with people. More or less security issues like this have more problems in business and public sectors, where those computers are actually targeted for some sort of data or just one company messing with another. To be fair this didn't affect AMD so much, not because some of the major security flaws did not affect them(which some did), but AMD just doesn't have that big a presence in the public or business sectors unless you're talking servers, which even then Intel still has more space in.
     
  13. Exodite

    Exodite Ancient Guru

    Messages:
    1,876
    Likes Received:
    147
    GPU:
    Sapphire Vega 56
    Yeah, this is my primary interest in this issue I admit.

    Sure, the vulnerabilities are definitely an issue but I pretty much expect these kinds of things to keep popping up semi-regularly for the foreseeable future - and not just for Intel chips.

    What's curious is how much harder Intel has been hit than other vendors. That raises those very questions you articulated quite well, what's going on at Intel? What are they doing differently than the others that leave them so much worse off?

    I suppose it could be just bad luck, that their particular vulnerabilities have been discovered earlier, but those questions need to be asked IMO.
     
  14. D3M1G0D

    D3M1G0D Ancient Guru

    Messages:
    1,855
    Likes Received:
    1,190
    GPU:
    2 x GeForce 1080 Ti
    Living in a world of extremes, are we? ;)

    No one expects computers (or cars) to be absolutely, 100% safe - if 100% safety was our criteria for buying a product, nobody would buy anything. Products are often times compared to their closest rivals and judged as such, which is why it's perfectly valid to criticize Intel CPUs for being less secure than AMD CPUs (just like how it's valid to criticize AMD CPUs for having less IPC than Intel CPUs).

    And I don't know about you, but I always look at the safety features of a car - one of the reasons why I bought my current car is the blind spot detector (and the rear camera). A competing car with inferior/superior safety features would absolutely be a factor.
     
  15. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    4,338
    Likes Received:
    1,308
    GPU:
    HIS R9 290
    Just to be devil's advocate: if you believe the conspiracy theories, these vulnerabilities could've been deliberate backdoors for the NSA or whatever, where Intel just hoped nobody would find out. Personally, I roll my eyes to the back of my head whenever I hear such things, but, it also isn't totally unrealistic.
    Also worth pointing out that these recent vulnerabilities operate at a very low level, and are very difficult to detect. Spectre has been around for well over a decade and the time of its publicized discovery was incredibly inconvenient to them. It struck at a time when Intel wasn't ready for a major architecture change. So, if Intel were aware prior to that, they probably were hoping nobody would find out, or else that would mean next-gen products would have a noticeably lower IPC. That doesn't bode well for sales and investors. If Intel were to quietly fix this problem, that would raise attention that all the other products had a vulnerability. So, given the circumstances since 2017, I can understand why Intel might have kept quiet (assuming they knew all along). Doesn't mean I agree with their actions, but it makes sense.
    Funny thing is I would argue kind of the opposite. The average home user doesn't know how to maintain their computers, don't have good firewalls, and other vulnerabilities that make them very easy targets. Servers in mainframes, meanwhile, don't tend to be directly connected to the internet. They're also heavily secured, both digitally and physically. So, those aren't prime targets. Small companies with their own in-house servers I think are the most vulnerable.
    I may be wrong about this because I don't know how specifically these recent hardware vulnerabilities are exploited, but I don't think AMD's presence has much to do with whether or not they're affected. For example, AMD is vulnerable to one of the Spectre variants (V1 I think?), so, wouldn't that mean an exploit targeting that variant affect both Intel and AMD CPUs?
    EDIT: obviously, my hypothetical scenario assumes the CPUs aren't patched.
     
    Last edited: May 15, 2019
    vbetts likes this.

  16. Gripen90

    Gripen90 Master Guru

    Messages:
    856
    Likes Received:
    12
    GPU:
    2x RTX 2080Ti SLi
    There are more holes in an Intel CPU now than there are holes in a swiss cheese.o_O:rolleyes:
     
  17. Aura89

    Aura89 Ancient Guru

    Messages:
    7,575
    Likes Received:
    841
    GPU:
    -
    Just because you don't want to be part of reality, doesn't mean reality and facts don't exist. Have fun living in your make-believe world.

    Gotta agree, how many people came in with their computer due to ransomware/fake microsoft/etc. Gaining direct access to computers when i worked on computer repairs was astonishing. All it takes is these guys finding a way to profit on these vulnerabilities and it'll happen. Sure, this isn't as scary to the populous as people using these vulnerabilities on the government and their systems and what they control, but its not nothing as well.

    Also to the point people have been trying to make: Yes, random normal PC customers do care about these vulnerabilities. When spectre and the lot were announced, i had customers asking to make sure their computer didn't have those issues, or what new intel processors didn't have them. It's not something that is simply not on the typical pc users mind, but often, they forget to ask.
     
    Last edited: May 15, 2019
  18. D3M1G0D

    D3M1G0D Ancient Guru

    Messages:
    1,855
    Likes Received:
    1,190
    GPU:
    2 x GeForce 1080 Ti
    Yup. I am terrified by the kinds of things I see whenever I'm asked to look at someone's PC. My sister still uses Windows 8 and hasn't updated it in over a year (whenever the update pop-up appears she just dismisses it). There's no telling what kind of vulnerabilities she susceptible to. I try to keep all my PCs up-to-date and take security seriously, but people like me are the exception (we gurus are not the typical PC user).

    This particular vulnerability goes back almost a decade and it's a surefire bet that the majority won't apply the OS patches or firmware updates (they probably don't even know how). I'm sure hackers will have a field day with this one.
     
  19. Clawedge

    Clawedge Ancient Guru

    Messages:
    2,459
    Likes Received:
    659
    GPU:
    Radeon 570
    Last edited: May 16, 2019
    vbetts likes this.
  20. Erick

    Erick Member

    Messages:
    47
    Likes Received:
    8
    GPU:
    AMD R9 Fury 4GB HBM
    Nobody has anything to worry about....unless you are downloading malicious software or is constantly running to the dark web looking for 'patchers' and 'fake serials'. Consumers will not pay for TPM's to protect their hardware.

    MD5 hashes are known to be weak encryption, so if anyone has to worry, its those who use it in a corporate environment. They are all protected by Trusted Platform Module environments like Bitlocker on top of encrypted hard disks. If they are not using these security techniques....then they are screwed.
     

Share This Page