Horrific Security Flaw Affects Decade of Intel Processors

www.popularmechanics.com ^ | 03 January 2018 | By Eric Limer

[catnipman]

“If this is related to Intel Vpro”

i see nothing in this tech article that says security bug is related to Vpro:

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Tech article states:

“It is understood the bug is present in modern Intel processors produced in the past decade.”

[Swordmaker]

Serious Intel vulnerability that may effect all Macs that we can do nothing about at this point except to make sure you keep bad guys away from your Mac and also keep all Trojans off your Macs. . . At least Mac users have an advantage over all Windows users in that it is much easier to keep Malware off Apple products, because Windows users with Intel inside are vulnerable to this as well. . . In fact ALL Intel processors may be affected. Just a word of warning for all Intel users. — PING!

Pinging dayglored for the Windows Ping List. . .

Intel Inside Vulnerability Alert!
Ping!

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

[dila813]

AMD winning again

[Little Ray]

If I ran a software company producing browsers or operating systems, I would have death squads hunting these people...

[Durus]

Are you talking about Intel?

[VanDeKoik]

My Desktop (HP Pro) is AMD, and those three letters have never looked so good right now!

But my laptops are screwed, though.

[dila813]

Yeah, same at least my main is good

[Bryanw92]

>>If I ran a software company producing browsers or operating systems, I would have death squads hunting these people...

They’re easy to find. Just go to McAfee, Norton, Kaspersky, etc. They know who makes the viruses for them to extort money from us with.

[palmer]

I am skeptical as well. The Intel response is that they realize there is a vulnerability (they refuse to call it a bug): https://newsroom.intel.com/news/intel-responds-to-security-research-findings/ and they will patch around it. But if it is like the rowhammer DRAM attack in the past, using it for exploitation will be difficult and the attack will be easy to prevent.

[w1andsodidwe]

Your experience is the same as my experience. And they hated working for me, because they don’t respect women.The fact that I checked their code and made them redo it if it was slip shod didn’t help. Had to be tough with them.

[steve86]

The new, patched kernel code runs slower on AMD processors as well, because what used to be huge hardware optimizations on any contemporary family of CPUs are entirely bypassed (for example, by constantly flushing caches), to keep privileged information safe. This is why the Linux command du -s now runs only half as fast, even on an AMD processor. The only way to get around this would be to have a different copy of the O/S for Intel and AMD! Might be where things are headed!

[AFreeBird]

Apple uses intel on Macs. But phones and pads don’t.

[AFreeBird]

Roflmao! I had one of those too. It was running DOS and it did seem faster.

[AFreeBird]

You’d think that after all these years - they’d know that.

[LegendHasIt]

Not a flaw.
It is a feature.

[Mr. Jeeves]

No researchers have yet come forward with an example program that exploits this flaw, but that's hardly proof that hackers, or the NSA, didn't figure out how to make use of this exploit years ago.

Actually, it sounds more like an NSA-mandated back door than a bug.

[ImJustAnotherOkie]

Duhh

[mrsmith]

Computers in China won’t have to have the patch...

[circlecity]

I’m sure Intel knew about this they just wanted to market those high benchmark speeds so they kept it quiet.

[Gideon7]

Thanks for the link. Intel’s statement says that the media reports are inaccurate.

The demonstrated exploit could only extract a few bytes, and based on the twitter comments it looks probabilistic and timing sensitive based the behavior of the CPU cache loader. It is plausible that this creates a potential side channel for information leakage, and the fact that the PCID hardware feature (which tags cache lines with a context ID) can allegedly mitigate the problem seems to confirm it that the cache is the source of the information side channel.