New RIDL vulnerability hits Intel - Advises Disabling Hyper-Threading Below 8th, 9th Gen CPUs

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, May 14, 2019.

  1. Aura89

    Aura89 Ancient Guru

    Messages:
    7,668
    Likes Received:
    915
    GPU:
    -
    Do....you not know anyone who is not particularly tech-savy and owns a PC?

    Have you ever looked at one?

    Have you ever seen the gigantic amount of programs they have downloaded, that were not actually the program they were looking for, but was instead a malicious software?

    I'm hoping your "nobody" refers to the general populous of this form, and not the general populous of the world, as we, people like us on this forum, are a minority. Anyone who has ever done PC repair, or helped out their family/friends, knows this.
     
    Neo Cyrus, Jagman and anticupidon like this.
  2. BetA

    BetA Ancient Guru

    Messages:
    4,178
    Likes Received:
    163
    GPU:
    MSI GTX670 PEOC@1350Mhz
    *Delete
     
  3. Neo Cyrus

    Neo Cyrus Ancient Guru

    Messages:
    9,238
    Likes Received:
    314
    GPU:
    GTX 1080 Ti @ 2GHz
    Most people I know manage to clutter even their Android phones with crapware as if it's a Windows 98 public computer... in like 2 days.

    "Everything changed I don't know wtf is going on."
    "Does that include your launcher?"
    "What's a launcher?"
    "The interface you interact with."
    "I don't understand. Just fix it for me."
     
  4. Humanoid_1

    Humanoid_1 Master Guru

    Messages:
    947
    Likes Received:
    64
    GPU:
    MSI RTX 2080 X Trio
    Not true at all.

    A few examples:

    Just a few days ago a followed a legit news letter email link from another major tech website you all would know and as the page was loading to the article I got redirected to a malicious site trying to get me to click certain links to resolve a "problem".... it was pretty well done and many regular people might have followed them as it came from a Very trustworthy site.
    - The issue came from one of their banner ads that some group somehow snuck into their rotation.
    (actually the third time in as many years I have had that happen from their site.)

    or

    Similarly major websites like yahoo and a whole bunch of major trusted safe sites had malicious banner ads in their rotation some years back.

    or

    recently British Airways got hacked, last year I think it was, and a group installed credit card skimming javascript on their website + also happened to about 5000+ sites (think another was Adidas) in the same year by different groups...
    - they could similarly use such exploits as we are talking about instead.


    You cannot say "I do not visit bad websites so I am safe from such exploits..."


    EDIT:
    On that note don't use a debit card online if you have significant cash in the linked account without some kind of cover. Here in the UK some banks cover such losses on debit cards while others like mine, HSBC, do not... (I specifically asked my Advance Account manager about it a few months back)
    When you use a credit card it is not "your" money that gets spent when you use it, it is the card companies and as long as you report the issue within a reasonable time frame you are not held liable from such thefts.
    Paypal also cover you, don't ask me the details on them offhand, and refunded me money that got stolen from my account some years back. - The ONLY site I had used it on was Indiegogo which is a trustworthy site like kickstarter. No idea how the data got stolen - someone in the US emptied my paypal account to buy some mmorpg game currency I have never heard of lol
     
    Last edited: May 16, 2019

  5. chispy

    chispy Ancient Guru

    Messages:
    8,758
    Likes Received:
    893
    GPU:
    RTX 2080Ti - RX 580
    The performance hit when HT is disable is big , yet Intel is advising to turn off HT crippling the performance on the cpus even more :/ sad days coming up ahead ...
     
  6. Venix

    Venix Master Guru

    Messages:
    958
    Likes Received:
    327
    GPU:
    Palit 1060 6gb
    come on all of us , how many times we sit to fix someone's else pc while they claim that the pc is suddenly just slow and they did "nothing" to it ?
    and then BOOM you open the browser default page ... the sweet page so ...right of the bat browser hijacker ! and then you just gaze upwards to see the norton taskbar ..bellow that the ask taskbar bellow that the yahoo taskbar !
    Or people that getting locked out of their own windows because they forget their password ... i even have an old usb drive that straight up deletes the password for windows account the few times i used it ... their face is priceless they look at me like i am some international class cracker !

    long story short ..never underestimate how bad is the general populous on keeping their pc "healthy"
     
    Neo Cyrus, Aura89 and Jagman like this.
  7. Astyanax

    Astyanax Ancient Guru

    Messages:
    3,637
    Likes Received:
    974
    GPU:
    GTX 1080ti
    don't bother, just use a web browser which has timing based mitigations and sandboxing and you'll only be at risk if your machine is already infected.
     
  8. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    10,898
    Likes Received:
    3,044
    GPU:
    2080Ti @h2o
    Same as saying: Don't connect your PC to the internet and never connect anything via USB to it, you'll never get a virus.
    And I'm sure it's the user's job to sandbox so that Intel doesn't have to fix their crap. Yeah... no.
     
  9. moo100times

    moo100times Member Guru

    Messages:
    113
    Likes Received:
    45
    GPU:
    295x2 @ stock
    These issues have gone past the point of being funny, coincidental or fanboy based smears. Repeated security issues that even trying to fix (and older systems are likely to not get new required bios) with regular, step-wise degradation of performance through patches is too much. I was going AMD anyway, but looks like I will be pushing others this way for the foreseeable future
     
  10. TheDeeGee

    TheDeeGee Ancient Guru

    Messages:
    6,190
    Likes Received:
    629
    GPU:
    MSI GTX 1070

  11. mbk1969

    mbk1969 Ancient Guru

    Messages:
    8,046
    Likes Received:
    4,783
    GPU:
    GeForce GTX 1070
    Or:
    - launch browser (or dedicated client app)
    - log-in to online bank
    - do operations
    - log-out
    - close browser (or client app)
    - trim stand-by memory lists
    Any side-channel threat is dismissed.
     
    Last edited: May 16, 2019
  12. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    10,898
    Likes Received:
    3,044
    GPU:
    2080Ti @h2o
  13. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    4,492
    Likes Received:
    1,387
    GPU:
    HIS R9 290
    Huh? Intel explicitly said not to turn off HT. The other people who discovered the vulnerability are saying to turn off HT, and only for specific (older) models.
     
  14. anticupidon

    anticupidon Ancient Guru

    Messages:
    4,010
    Likes Received:
    777
    GPU:
    integrated
    If any manufacturer outhere want to push ARM on the desktop, this is the time.
    Add Coreboot/Libreboot to it, and a huge army of privacy concerned people will buy it in a heartbeat.
    And running any flavour of your favourite Linux distribution is just an epic win.
    Just take my money already...
     
    HandR, Evildead666 and schmidtbag like this.
  15. D3M1G0D

    D3M1G0D Ancient Guru

    Messages:
    1,952
    Likes Received:
    1,249
    GPU:
    2 x GeForce 1080 Ti
    I think Intel said that turning off HT isn't the only way to mitigate the issue, saying the risks are small if you use official signed software. Google is turning it off by default on ChromeOS to eliminate any chances while others are leaving it on for their consumer products. I think it's likely that turning off HT is the best way to deal with the issue, but some are taking their chances due to the huge performance hit.
     

  16. Alessio1989

    Alessio1989 Maha Guru

    Messages:
    1,397
    Likes Received:
    232
    GPU:
    .
    nobody has anything to worry about for now, unless someone find a piece of javascript code that is able to trigger all this. TPM has nothing to do about with this security hardware design holes, nor MD5 hashing.
     
  17. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    4,492
    Likes Received:
    1,387
    GPU:
    HIS R9 290
    I don't know about you but I can't wait for stuff like the Pinebook Pro to be released. I can phase out my old Haswell i3 laptop, which has been losing performance due to the mitigations.
    I'm not too keen on using Mali drivers but that laptop seems to be the best ARM-based Linux-ready daily driver laptop to be released. I'd rather get something like the Asus NovaGo since there are better Snapdragon drivers, but Linux support is basically undetermined, last I checked.
     
  18. Fox2232

    Fox2232 Ancient Guru

    Messages:
    9,755
    Likes Received:
    2,203
    GPU:
    5700XT+AW@240Hz
    Actually, Linus Torvalds said that as there is up to 40% impact on linux form certain intel "fixes", it is better to just turn off HT which is primary cause.
    (That's because intel's kernel patch enforces those fixes instead of making them optional.)
     
  19. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    4,492
    Likes Received:
    1,387
    GPU:
    HIS R9 290
    I think I actually mentioned that very thing earlier in this thread (under a different context;I didn't mention Linus). But, Linus isn't a spokesperson for Intel. Like I said, people outside of Intel recommend to turn off HT, but Intel themselves do not suggest doing so.
     
    Fox2232 likes this.
  20. Aura89

    Aura89 Ancient Guru

    Messages:
    7,668
    Likes Received:
    915
    GPU:
    -
    Hello intel.
     
    Keitosha likes this.

Share This Page