Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Horrific Security Flaw Affects Decade of Intel Processors
www.popularmechanics.com ^ | 03 January 2018 | By Eric Limer

Posted on 01/03/2018 1:55:39 PM PST by Red Badger

The fix requires major OS rewrites which will probably make your computer run slower.

An extremely severe security flaw has been found to affect nearly every Intel processor made in the past decade or more, giving any hackers who might know how to exploit it access to protected information systemwide. The Register reports that programmers are rushing to make the sweeping changes necessary to protect against the vulnerability on Linux and Windows operating systems, with such fixes required on macOS as well. Even worse, you can expect these vital updates to noticeably slow down your computer.

The design flaw in Intel's x86-64 hardware—first introduced in 2004 and still in use in the lion's share of modern-day processors—allows programs without the proper permissions to access the part of an operating system known as the kernel, a low-level chunk of code that controls literally everything in your system.

The exact details of the vulnerability are still somewhat under wraps, but as The Register has pieced together from multiple, technical sources, it appears the flaw is based in a feature called "speculative execution." This trick allows a processor to do things before it's absolutely sure they need to be done, so the results are ready as quickly as possible if needed and simply ignored if not. In Intel's x86-64 hardware, however, it appears that programs may be able to speculatively execute code they would not have permission to run under normal circumstances, allowing carefully-constructed, malicious code to essentially read your entire operating system's mind without the proper permission. The potential bounty of such an attack includes passwords, login files, and pretty much anything you'd ever want to keep secret.

It's hard to zero in on the most troubling part of this flaw. Intel's x86-64x processors are the most widely-used chips in virtually every form of laptop. If you don't know what processor you have, you almost certainly have one with this flaw. If you do have an AMD processor, however, congratulations—they are confirmed to be safe from the exploit.

In addition to the ubiquity of Intel processors, the low-level nature of this vulnerability means that hackers who may have learned to exploit it would have access to an unprecedented number of machines. And considering x86-64 has been around and prevalent since 2004, possible hackers have had access for over 10 years. No researchers have yet come forward with an example program that exploits this flaw, but that's hardly proof that hackers, or the NSA, didn't figure out how to make use of this exploit years ago.

On top of it all, the fix requires extremely deep and wide-reaching changes at the root levels of an operating system's software—changes that could impact performance of Intel machines by as much as 30 percent. The only alternative? A new computer with a different processor, or one powerful enough to make up for the performance hit. Even worse, these performance hits won't just come to your computer, but also the army of distant servers that run countless internet-connected services in the cloud.

So what can you do? Not much. If you have a computer with a competing AMD processor, pat yourself on the back and breathe easy. Otherwise, make sure that your computer's operating system is up to date with the latest security updates, though fixes for this particular problem may not be widely available for days or even weeks. Intel has yet to publicly comment on the vulnerability, but the consequences will likely reverberate for years.


TOPICS: Computers/Internet; Education; History; Society
KEYWORDS: cpu; flaw; hack; intel; intelprocessors; windowspinglist
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 101-111 next last

1 posted on 01/03/2018 1:55:39 PM PST by Red Badger
[ Post Reply | Private Reply | View Replies]

To: Swordmaker; ShadowAce

Ping!....................


2 posted on 01/03/2018 1:56:03 PM PST by Red Badger (Road Rage lasts 5 minutes. Road Rash lasts 5 months!.....................)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

I smell a lawsuit...


3 posted on 01/03/2018 1:57:05 PM PST by WayneS (An appeaser is one who feeds a crocodile, hoping it will eat him last. - Winston Churchill)
[ Post Reply | Private Reply | To 1 | View Replies]

To: WayneS

Class action..................


4 posted on 01/03/2018 1:58:35 PM PST by Red Badger (Road Rage lasts 5 minutes. Road Rash lasts 5 months!.....................)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Red Badger

These people are going to create artificial intelligence? They can’t even make a processor work right, let alone the software that runs on it.


5 posted on 01/03/2018 2:01:41 PM PST by I want the USA back (Lying Media: willing and eager allies of hate-America savages.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

Hang on a bit till we know more.
If this is related to Intel Vpro, 90% of systems out there are not effected as they don’t use Vpro.


6 posted on 01/03/2018 2:02:42 PM PST by Zathras
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

My question is always, Did an H1B visa employee do this? Before I retired I had to monitor everything they did.


7 posted on 01/03/2018 2:04:51 PM PST by w1andsodidwe (TRUMP. He makes me smile, too.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

This is a very big deal and will substantially impact Intel’s stock and future revenues.

This is a long-term short opportunity.


8 posted on 01/03/2018 2:05:27 PM PST by Mariner (War Criminal #18)
[ Post Reply | Private Reply | To 1 | View Replies]

To: I want the USA back

>>These people are going to create artificial intelligence?

The people who write viruses, malware, and adware algorithms are probably more likely to create AI first. This is just another reason why they should be hanged immediately as horse thieves were when caught.


9 posted on 01/03/2018 2:06:51 PM PST by Bryanw92 (Asking a pro athlete for political advice is like asking a cavalry horse for tactical advice.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: w1andsodidwe

A flaw like this may have been intentional via the NSA...................


10 posted on 01/03/2018 2:08:19 PM PST by Red Badger (Road Rage lasts 5 minutes. Road Rash lasts 5 months!.....................)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Red Badger

A bug?

My guess is that was a feature.

Brought to you by the US government.


11 posted on 01/03/2018 2:09:01 PM PST by 9YearLurker
[ Post Reply | Private Reply | To 1 | View Replies]

To: I want the USA back; Bryanw92

12 posted on 01/03/2018 2:10:48 PM PST by Red Badger (Road Rage lasts 5 minutes. Road Rash lasts 5 months!.....................)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Red Badger

Ok, the race is on. Will Apple fix theirs before Microsoft.

Who’s OS will take the biggest hit in speed.


13 posted on 01/03/2018 2:11:27 PM PST by ImJustAnotherOkie
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

This is why I’m still running PowerPC based xServes to run websites.

Justified!


14 posted on 01/03/2018 2:14:40 PM PST by glorgau
[ Post Reply | Private Reply | To 1 | View Replies]

To: WayneS

Somebody discovered the back-door that the NSA demanded.


15 posted on 01/03/2018 2:16:40 PM PST by Tallguy
[ Post Reply | Private Reply | To 3 | View Replies]

To: ImJustAnotherOkie

Dunno, but my battery will last a lot longer...


16 posted on 01/03/2018 2:16:42 PM PST by null and void (Have a MAGAnificent New Year! It'll be YUGE!)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Red Badger

Beat me to it!


17 posted on 01/03/2018 2:17:17 PM PST by Tallguy
[ Post Reply | Private Reply | To 10 | View Replies]

To: I want the USA back

The problem started with upper management back 7 years ago.
To save $, they outsourced validation to Costa Rica and fired all the experienced validation engineers in Portland.
Middle management was forced by threats of termination to make it happen.

Rumors were dancing around back 1.5 years ago they had an issue.


18 posted on 01/03/2018 2:17:59 PM PST by Zathras
[ Post Reply | Private Reply | To 5 | View Replies]

To: Red Badger

Makes me really happy I always buy AMD processors.


19 posted on 01/03/2018 2:19:18 PM PST by cyberstoic
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

The guys at AMD must be doing handstands right now.


20 posted on 01/03/2018 2:19:44 PM PST by mkleesma (`Call to me, and I will answer you and tell you great and unsearchable things you do not know.')
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 101-111 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson