1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New RIDL vulnerability hits Intel - Advises Disabling Hyper-Threading Below 8th, 9th Gen CPUs

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, May 14, 2019.

  1. Mufflore

    Mufflore Ancient Guru

    Messages:
    11,321
    Likes Received:
    568
    GPU:
    Redacted by NDA
    My decision to not upgrade until Intel have sorted their s**t out is truly vindicated.
    I'm sticking with my 6700K until they start making noises they have a handle on this.
    See you in 5+ years.
    ... or when AMD beat the performance for IPC, clock speed and memory.
     
    Last edited: May 20, 2019
  2. HeavyHemi

    HeavyHemi Ancient Guru

    Messages:
    6,265
    Likes Received:
    592
    GPU:
    GTX1080Ti
    Yes, similar to existing attacks, attackers can only mount our attacks in practical settings once they have the ability to execute (unprivileged) code on the victim machine. We could convince ourselves this is still an obstacle, but we should first be prepared to disable JavaScript (and similar) in the browser, abandon cloud computing, etc.

    https://mdsattacks.com/
     
  3. K.S.

    K.S. Ancient Guru

    Messages:
    1,537
    Likes Received:
    319
    GPU:
    RTX 2080 GAMING OC
    How many awkward "LOL's" does it take to make a douchebag? Apparently none if you're already one...
     
  4. user1

    user1 Maha Guru

    Messages:
    1,392
    Likes Received:
    446
    GPU:
    hd 6870

  5. Lavcat

    Lavcat Master Guru

    Messages:
    435
    Likes Received:
    14
    GPU:
    AMD Radeon VII
    Most people here seem to know more than I do. Should I disable hyperthreading on my 5930?
     
  6. Astyanax

    Astyanax Ancient Guru

    Messages:
    3,322
    Likes Received:
    878
    GPU:
    GTX 1080ti
  7. moo100times

    moo100times Member Guru

    Messages:
    108
    Likes Received:
    43
    GPU:
    295x2 @ stock
    I would re-benchmark after all these patches have been applied. I am pretty sure that even an OCed sandybridge is going to struggle significantly against first gen ryzen now. These necessary security updates have made many systems so slow they border on unusable beyond simple office jobs.
     
  8. ocsystem

    ocsystem Member Guru

    Messages:
    107
    Likes Received:
    5
    GPU:
    GTX1060 6G strix
    Fk these vulnerabilities. I don't care. Performance hit again incoming
     
  9. Dribble

    Dribble Active Member

    Messages:
    63
    Likes Received:
    28
    GPU:
    Geforce 1070
    It's probably also true the hackers are targeting Intel because that's what nearly all the servers use. If AMD gets popular they will end up in the crosshairs.
     
  10. Fox2232

    Fox2232 Ancient Guru

    Messages:
    9,739
    Likes Received:
    2,199
    GPU:
    5700XT+AW@240Hz
    Mate, those were not hackers who let tech world know about those vulnerabilities. Get your reasoning into order. Hackers could have known for 8 years, and nobody would be any wiser.
     
    carnivore likes this.

  11. ocsystem

    ocsystem Member Guru

    Messages:
    107
    Likes Received:
    5
    GPU:
    GTX1060 6G strix
    Not at all
     
  12. Denial

    Denial Ancient Guru

    Messages:
    12,343
    Likes Received:
    1,529
    GPU:
    EVGA 1080Ti
    I mean.. IIRC wasn't the vector for attack exposed like 10+ years ago? When spectre/meltdown first hit I remember reading that researchers proposed the idea of doing these attacks back in like 2006 but no one bothered to really explore it - at least publicly.
     
    fantaskarsef likes this.
  13. mbk1969

    mbk1969 Ancient Guru

    Messages:
    7,924
    Likes Received:
    4,561
    GPU:
    GeForce GTX 1070
    We have no information about hackers. We have information about researchers. In old times researchers would be called "hackers" because back then that was the meaning of the word - people who understand principles and penetrate layers of tech.

    PS I can assume also that targeting servers is completely different model of threats comparing to home/office computers. I mean I can see the threat of user visiting malicious site and getting attacked. But I can`t see a server visiting malicious site.

    PPS And researchers should have server HW and SW which are not a cheap things. So I doubt they researched servers at all.
     
    Last edited: May 20, 2019
    Fox2232 likes this.
  14. DW75

    DW75 Maha Guru

    Messages:
    1,142
    Likes Received:
    556
    GPU:
    ROG GTX1080 Ti OC
    I am sure the hyper-hacking memes will start appearing online anytime now.
     
  15. Dribble

    Dribble Active Member

    Messages:
    63
    Likes Received:
    28
    GPU:
    Geforce 1070
    If the only people who cared were researchers it wouldn't be a problem. However it's not them we worry about, it's illegal hacker groups, state sponsored hacking, or corporate espionage.

    I don't know why you think servers are different - these are cpu vulnerabilities that work just as well on servers as home machines.

    As to why target servers, well servers are important because they are inside companies. e.g. If I move my company to the cloud and it's running on amazon servers then the machines aren't mine, a machine, or a bit of the machine is allocated to me for an amount of time (which can literally be minutes) then it gets allocated to someone else. If that machine gets hacked (e.g. hacker group could just pay for some time on the amazon cloud, or someone on a hacked machine could interact with it), then suddenly I can see/hack any company that gets allocated time on that machine. That is really valuable to the hacker.

    All most home machines are good for it adding to a botnet to DDOS with or to mine crypto on in the background, much less valuable.
     

  16. mbk1969

    mbk1969 Ancient Guru

    Messages:
    7,924
    Likes Received:
    4,561
    GPU:
    GeForce GTX 1070
    Because the attacks on home user computer and on server computer are completely different. It is much harder to attack servers. And overall RIDL/MDS is not vulnerability which makes easier to attack computers.
     
  17. Dribble

    Dribble Active Member

    Messages:
    63
    Likes Received:
    28
    GPU:
    Geforce 1070
    If you read my previous post I gave you an example of how easy it is to attack a server farm in the cloud - just rent some time on any cloud based service - something you can setup in a few minutes for a few $. That gets you onto a machine that if you can take over will then run all sorts of other businesses software, or now you control 1 machine and are inside the clouds internal network will then allow you to attack the rest.
     
  18. chispy

    chispy Ancient Guru

    Messages:
    8,758
    Likes Received:
    891
    GPU:
    RTX 2080Ti - RX 580
    From Tom's Hardware: Source - https://www.tomshardware.com/news/intel-amd-mitigations-performance-impact,39381.html

    From Fudzilla: Source - https://www.fudzilla.com/news/pc-ha...ctre-and-meltdown-mitigation-slow-intel-chips

    From Phoronix: Source - https://www.phoronix.com/scan.php?page=article&item=mds-zombieload-mit&num=1

    Phoronix has been testing chips to see how bad Spectre and Meltdown patches harmed the performance of CPUs and the news is horrible for Intel.

    Phoronix benchmarked across multiple Intel platforms, including the 6800K (Broadwell-E), 8700K (Coffee Lake), 7980XE (Skylake-SP), Ryzen 7 2700X, and Threadripper 2990WX.

    It found while the impacts vary tremendously from virtually nothing too significant on an application-by-application level, the collective whack is ~15-16 per cent on all Intel CPUs without Hyper-Threading disabled. Disabling increases the overall performance impact to 20 per cent (for the 7980XE), 24.8 per cent (8700K) and 20.5 per cent (6800K).

    The AMD CPUs were not tested with HT disabled, because disabling SMT isn’t a required fix for the situation on AMD chips, but the cumulative impact of the decline is much smaller. AMD loses just three per cent with all fixes enabled. The impact of these changes is enough to change the relative performance weighting between the tested solutions. With no fixes applied, across its entire test suite, the CPU performance ranking is:

    1. 7980XE (288)
    2. 8700K (271)
    3. 2990WX (245)
    4. 2700X (219)
    5. 6800K. (200)

    With the full suite of mitigations enabled, the CPU performance ranking is:

    1. 2990WX (238)
    2. 7980XE (231)
    3. 2700X (213)
    4. 8700K (204)
    5. 6800K (159)

    AMD, in other words, now leads the aggregate performance metrics, moving from 3rd and 4th to 1st and 3rd. The cumulative impact of these patches could result in more tests where Intel and AMD switch rankings because of performance impacts that only hit one vendor
     
  19. mbk1969

    mbk1969 Ancient Guru

    Messages:
    7,924
    Likes Received:
    4,561
    GPU:
    GeForce GTX 1070
    Why do you think that renting a machine in the cloud gives easy way to hack the whole cloud? Are you a hacker or at least a specialist on cloud stuff?
     
  20. tsunami231

    tsunami231 Ancient Guru

    Messages:
    9,689
    Likes Received:
    363
    GPU:
    EVGA 1070Ti Black
    yah this ridiculous I told my uncle about this crap and he say he dont care, he dont want windows doing updates anyway. but he want to move away from intel too.

    I said once before I will way it again. majority of people wont know about this stuff and majority of those people that do probably wont know how to go about pluging things manually, and as such unless MS literately plug all this stuff with there "updates" and MS updates have been sketchy at best lately at at worse causing system to not boot and "system restore" failing at is purpose. Some of this stuff will never be plugged with out Intel issuing fixes in first place. and Intel dont seem to care enough to plug all these issue on all there effect cpu. then again the older the cpu the more hit there is on cpu. and I bet if they did plug it on some of the older cpu will really brutalize the cpu performance back to the stone age.

    which leave the "probably" 1% that do know about this stuff and have knowledge and will to manual plug this stuff. And some of use dont even want the fixes cause they performance hit are obvious to them. Intel just seem to be getting hit after hit, and they still trying run business as usual.

    I know I asked this before but i not sure if it been answer, but has Intel said anything about this? as thing stand right here right now, my next pc will be AMD Ryzen, I dont see performance hit just yet on my 6700k but sooner or later I will cause it will add up at some point.
     
    chispy likes this.

Share This Page