Intel’s Newest Cascade Lake Chips Hit By New ‘Zombieload’ Flaw

[humbug]

+1

They robbed us blind and innovated very little for so long. I would not be on a 6 core cpu for £175 if not for competition from AMD right now.

Intel are anti competitive, they used their financial muscle to stop the growth of a competitor who were making better products, once they succeeded in almost bankrupting that competitor now unchallenged they set about refreshing the same tired old products for muggings to pay through the nose to own. That policy of do little after illegally burying your competition and reap the rewards has come back to bite them, mmmm'GOOD!

 

[Gerard]

Intel are anti competitive, they used their financial muscle to stop the growth of a competitor who were making better products, once they succeeded in almost bankrupting that competitor now unchallenged they set about refreshing the same tired old products for muggings to pay through the nose to own. That policy of do little after illegally burying your competition and reap the rewards has come back to bite them, mmmm'GOOD!

The lawsuit was damning, i remember reading a lot of it and all the talk about "penalties" from intel if an oem stocked amd cpu's. They got off light with the fine they got, i'm sure amd would have got a much larger payout had the trial went the duration.

 

[sideways14a]

I actually saw this personally as i remember we had issues getting athlon64s and opteron servers at the time. iirc i mind asking a dell rep at a trade show and he couldn't have been more vague and random about it if he had smoked a bowl before coming out.
Then there was bumpgate that i ****** me off as well with the number of pc's it affected and the amount of time i had to **** away on replacements but thats a different whine.

 

[IT Troll]

You're arguing with the messenger, the authors of the research clearly say the only way to mitigate is to disable SMT.

I don't have a problem with the researcher's message. They are clear on how this vulnerability works and what steps are required to instigate an attack. They don't have an attack which can be staged from within a browser and they certainly don't provide evidence that all browsers are vulnerable simply from browsing certain websites. The researchers have managed to demonstrate a proof of concept in JavaScript but this only worked reliably when run from a specially prepared shell outside of the browser and when using a timer method which has been removed from modern browsers. Reported the facts is fine, making stuff up is not.

You may just be a home user but if you work on your pc then why open yourself or others' data to more risk?

You may be a lawyer, a realtor, a medical practitioner and at same time game on the side.

Sure, it's all about understanding the risk and threat. If you are working with customer data in an environment where an MDS attack could be staged, then you should absolutely mitigate appropriately. The beauty of an MDS attack is in being able to cross user, container and virtual machine security boundaries. On a multi-tenant system this can done without the victim being aware or compliant. On a typical home system there will only be a single user session, so an MDS type attack makes no sense, there is no co-tenant or boundary to cross. To launch an MDS attack on that home computer a hacker would first have to get their malicious code running within your user session through another attack vector; most typically spam. But it would make no sense for the payload to then restrict itself to sampling a few bytes of data through a side-channel attack. It would be be much more effective and practical to run a key-logger, ransomware, miner, etc.

 

[=XDC=FluphyBunny]

Still no attack on my intel system, I must just be lucky.

 

[TNA]

Still no attack on my intel system, I must just be lucky.

Lol. Don't cry. I had a Intel system also for ages before upgrading. To my knowledge I was not attacked either. Does not mean I should bury my head in the sand and assume nothing bad will ever happen.

 

[sideways14a]

Yeah i mean i have never been burgled but i always lock my doors.

 

[Rainmaker]

Don't forget financially bribing OEMs and threatening them with being cut off if they sold any AMD units, paying small fortunes to have Intel-only units on sale so that AMD would go under. Screw Intel, they deserve to reap what they've sown. And again, it's not that researchers are 'focusing on Intel' as someone above keeps saying. Every flaw so far found has been tested on AMD and ARM too - they're just not vulnerable. If it makes you feel better to think Intel is just 'bigger' or being 'picked on' then fill your boots, but it doesn't change the fact that others just aren't affected.

 

[zx128k]

They are because Intel have the biggest market share and thus the most information about their product. AMD are just making a come back. Zen 2 is new and different. It would take years to research and attack. Spectre affected ARM and AMD cpu for example as well as Intel but Intel appeared to be the focus for investigation. Meltdown affected some arm cpu''s but mostly just Intel cpu''s. I guess then, researchers found out more information about Intel cpu's that implied there was gold to be had from more research. They picked Intel''s cpu apart until they found Intel never bothered with performance slowing things like security concerns.

 

[KiNgPiN83]

Yeah i mean i have never been burgled but i always lock my doors.

This is brilliant! Haha! And if i was drinking a tea at the time it would've definitely been all over my screen and keyboard.

 

[TNA]

Yeah i mean i have never been burgled but i always lock my doors.

Hahaha well said.

 

[humbug]

They are because Intel have the biggest market share and thus the most information about their product. AMD are just making a come back. Zen 2 is new and different. It would take years to research and attack. Spectre affected ARM and AMD cpu for example as well as Intel but Intel appeared to be the focus for investigation. Meltdown affected some arm cpu''s but mostly just Intel cpu''s. I guess then, researchers found out more information about Intel cpu's that implied there was gold to be had from more research. They picked Intel''s cpu apart until they found Intel never bothered with performance slowing things like security concerns.

You really do think this is a conspiracy, well. its not possible to reason with Flat-Earthers.

 

[zx128k]

You really do think this is a conspiracy, well. its not possible to reason with Flat-Earthers.

Think about your own straw man, I won't waste time on it.

 

[humbug]

Think about your own straw man, I won't waste time on it.

Please do..

 

[zx128k]

Please do..

Please don't take offense, there is clearly no conspiracy. Remember Intel basically own x86 and x86-64 (Intel 64). Sure AMD are making a come back but Intel is a big monopoly. If you are going to research speculative execution in microprocessors, Intel is a good place for real world investigation. Wide support, lots of information, long history and easily available to buy cpu's for many decades. Intel are the de facto standard. Other CPU's were affected to differing degrees but Intel cpu's were the only ones that are completely affected by all flaws.

Thus implying conspiracy would be a straw man, when its quite reasonable to assume Intel CPU's were the focus because of their place in the market.

 

[humbug]

Please don't take offense, there is clearly no conspiracy. Remember Intel basically own x86 and x86-64 (Intel 64). Sure AMD are making a come back but Intel is a big monopoly. If you are going to research speculative execution in microprocessors, Intel is a good place for real world investigation. Wide support, lots of information, long history and easily available to buy cpu's for many decades. Intel are the de facto standard. Other CPU's were affected to differing degrees but Intel cpu's were the only ones that are completely affected by all flaws.

Thus implying conspiracy would be a straw man, when its quite reasonable to assume Intel CPU's were the focus because of their place in the market.

Intel don't Own X86_64, the _64 part is AMD and Intel couldn't function if AMD withdrew their licence for it, just as AMD couldn't function if Intel withdrew their X86 licence to AMD, its a symbiotic relationship and its why they are in a cross licensing agreement, they would kill eachother off if they weren't.

Look, the same people already tested AMD for these flaws, they don't have them, just because they don't mention AMD in these doesn't mean they aint testing them, they are simply naming the CPU with issues, and not those that don't, The assumption that because Intel has issues must mean AMD do too and with AMD's name missing from it it must then be a conspiracy, i think that's ludicrous.

No offence take or given

 

[zx128k]

Intel don't Own X86_64, the _64 part is AMD and Intel couldn't function if AMD withdrew their licence for it, just as AMD couldn't function if Intel withdrew their X86 licence to AMD, its a symbiotic relationship and its why they are in a cross licensing agreement, they would kill eachother off if they weren't.

Look, the same people already tested AMD for these flaws, they don't have them, just because they don't mention AMD in these doesn't mean they aint testing them, they are simply naming the CPU with issues, and not those that don't, The assumption that because Intel has issues must mean AMD do too and with AMD's name missing from it it must then be a conspiracy, i think that's ludicrous.

No offence take or given

They more or less control it via market dominance.

For Intel their CPU's are affected going back a long time. After spectre and meltdown which affected many cpu's but which both affected Intel CPU's. The focus has been on Intel CPU's. At this point they have now found so many flaws in Intel's architecture it's hard to remember it all and keep up with the new discoveries. You have to remember that these attacks are novel new security attacks. AMD's cpu architecture is different, it is not affected and thus these attacks could not have been created by studying AMD's cpu's. This is way its logical to state Intel was the focus, flaws like zombieload/zombieload 2 and RIDL exist only in their cpu's architecture. These flaws don't include AMD who are not vulnerable. There is no point to focus on AMD, only Intel. All the focus can only be on Intel because RIDL and Zombieload/ zombieload 2 only affect them.

 

[=XDC=FluphyBunny]

Lol. Don't cry. I had a Intel system also for ages before upgrading. To my knowledge I was not attacked either. Does not mean I should bury my head in the sand and assume nothing bad will ever happen.

Cry? You ok? To my knowledge no ones system has been compromised? If you read this thread you would think think intels chips were giving away people’s information.

This isn’t to say they don’t deserve the bad press, they do (karma for their previous anti-competitive behaviour) but many here need a sanity check.

Also AMD nor Intel give a **** about people’s “ fanboyism”. Something else people need to realise.

 

[TNA]

Cry? You ok? To my knowledge no ones system has been compromised? If you read this thread you would think think intels chips were giving away people’s information.

This isn’t to say they don’t deserve the bad press, they do (karma for their previous anti-competitive behaviour) but many here need a sanity check.

Also AMD nor Intel give a **** about people’s “ fanboyism”. Something else people need to realise.

I am fine thanks

No fanboy here. I don't give a **** about either company. I do give a **** about my wallet and security though. Hence I went AMD on this occasion as they offer much better price for performance and not riddled with security issues.

 

[Deleted member 209350]

People who bought the i9 variants must be annoyed, having to turn off hyperthreading you may as well have gone with the single threaded i7's