Yet another Intel CPU security vulnerability!

Rroff · 24 Sep 2019 at 14:39

I still have no idea what got you so riled up.

LePhuronn · 24 Sep 2019 at 17:23

What in the Blue Hell have I stumbled upon :eek:

labbby · 24 Sep 2019 at 17:45

Well the last page escalated quickly

nomadd · 24 Sep 2019 at 18:01

FWIW, I'm still thinking of buying a 9900ks when they release next month..

IT Troll · 24 Sep 2019 at 22:01

nomadd said:
FWIW, I'm still thinking of buying a 9900ks when they release next month..

Nothing to worry about as a typical home user. Just don't go hosting any VMs to strangers.

Scooter72 · 25 Sep 2019 at 10:44

IT Troll said:
Nothing to worry about as a typical home user. Just don't go hosting any VMs to strangers.

Well said. Sound advice. As serious as the mounting vulnerabilities with Intel are and the valid concern over the mitigation and its affect on performance - for the vast majority of users and systems you should not loose any sleep. There are literally millions of other exploits in the wild which require no heavy lifting from the bad guys that you SHOULD be more concerned about.

The new zero day in IE is a great example of that. And affects Intel and AMD systems equally.

Ice Tea · 10 Dec 2019 at 23:49

https://www.theregister.co.uk/2019/12/10/intel_sgx_youve_been_plunderstruck/

Using undocumented interfaces for manipulating chip voltage, they demonstrated they could recover cryptographic keys based on RSA-CRT and AES-NI crypto libraries and create memory safety errors like out-of-bounds array accesses and heap corruption.

plunderstruck

faceman123 · 11 Dec 2019 at 09:50

LePhuronn said:
What in the Blue Hell have I stumbled upon

labbby said:
Well the last page escalated quickly

lmao, what..... fanboys have gone full tilt, surprised this thread hasn't been locked.

NinjaCool · 11 Dec 2019 at 11:19

So 242 publicly disclosed Intel vulnerabilities vs AMD's 16 and that's not even including the latest round :eek:

humbug · 11 Dec 2019 at 12:50

Ice Tea said:
https://www.theregister.co.uk/2019/12/10/intel_sgx_youve_been_plunderstruck/

plunderstruck

Are Intel's CPU's actually capable of keeping any data safe?

Ice Tea · 11 Dec 2019 at 13:25

humbug said:
Are Intel's CPU's actually capable of keeping any data safe?

It amazes me that Intel parts still fetch such a high price secondhand seeing as some of these flaws will never be fully patched, i'm guessing some people just don't care.

alec · 11 Dec 2019 at 13:31

Ice Tea said:
It amazes me that Intel parts still fetch such a high price secondhand seeing as some of these flaws will never be fully patched, i'm guessing some people just don't care.

Even worse for a second hand buyer is that flaws are patched and make the CPU slower. Second hand CPU is unlikely to end in a high security requirement machine, but is likely to need every ounce of power it has.

humbug · 11 Dec 2019 at 14:05

Ice Tea said:
It amazes me that Intel parts still fetch such a high price secondhand seeing as some of these flaws will never be fully patched, i'm guessing some people just don't care.

Most Desktop enthusiasts or professionals alike actually don't care or believe its real, a lot of them think the whole thing is a conspiracy.

Jimmy Weirdarms · 11 Dec 2019 at 14:34

humbug said:
Most Desktop enthusiasts or professionals alike actually don't care or believe its real, a lot of them think the whole thing is a conspiracy.

And quite a number presume that the exploits to do this stuff are so exotic that they don't have to worry, or tht browser-makers can/should protect them entirely.

(For the record I don't imagine AMD is entirely perfect, I think they probably come under less scrutiny than intel at the moment).

humbug · 11 Dec 2019 at 15:27

Jimmy Weirdarms said:
And quite a number presume that the exploits to do this stuff are so exotic that they don't have to worry, or tht browser-makers can/should protect them entirely.

(For the record I don't imagine AMD is entirely perfect, I think they probably come under less scrutiny than intel at the moment).

Can't remember the exact time in this conversation.

Kevin Krewell. Analyst, Used to work for both AMD and Nvidia, his opinion is Intel have Frankensteined what is a very old architecture to eek more and more performance out of it, its basically a heavily butchered Core Duo that's as a result full of holes and Intel are just flapping around trying to plug them up.

Intel havent designed a new ground up architecture in more than a decade, they haven't needed to.

Actually an interesting conversation.

Rroff · 11 Dec 2019 at 15:38

NinjaCool said:
So 242 publicly disclosed Intel vulnerabilities vs AMD's 16 and that's not even including the latest round

The Intel number is going to keep climbing (almost infinitely) as there will always be new variants found to apply some aspects of Spectre - but that doesn't mean it is necessarily a new exploit that existing mitigations don't protect against.

Jimmy Weirdarms said:
And quite a number presume that the exploits to do this stuff are so exotic that they don't have to worry, or tht browser-makers can/should protect them entirely.

(For the record I don't imagine AMD is entirely perfect, I think they probably come under less scrutiny than intel at the moment).

A lot of this is the consequence of constantly rehashing a decades old architecture - almost any hardware security gets compromised if it has been around long enough (see emulators for older games machines, etc.) and is enough of a target - some of these attacks have taken years of teasing out with increasingly more advanced understanding (some incredible "deep dives" in some cases) of clever side-channel techniques and the application of things like machine learning in more recent years to find convergences of how systems work that produce exploitable behaviour in seemingly unconnected parts, etc. anyone talking about these architectures being fundamentally flawed or full of security holes due to sloppy work, etc. most likely don't know what they are talking about.

Jimmy Weirdarms · 11 Dec 2019 at 15:42

Rroff said:
The Intel number is going to keep climbing (almost infinitely) as there will always be new variants found to apply some aspects of Spectre - but that doesn't mean it is necessarily a new exploit that existing mitigations don't protect against.

Today's disclosure sounds like something entirely separate to spectre, to me.

Rroff · 11 Dec 2019 at 15:53

Jimmy Weirdarms said:
Today's disclosure sounds like something entirely separate to spectre, to me.

Yes and an interesting use of undocumented behaviour - funny enough I was reading up a few days ago on the security concerns presented by undocumented features (in this case named pipes in Windows).

I was just saying that the numbers aren't entirely meaningful in magnitude as there will be a lot of variants of the same exploits found now the cat is out the bag on things like Spectre though as there will be many different ways to reuse that behaviour - which don't necessarily present a new threat though could be a stepping stone to new threat discoveries.

humbug · 11 Dec 2019 at 16:02

Rroff said:
Yes and an interesting use of undocumented behaviour - funny enough I was reading up a few days ago on the security concerns presented by undocumented features (in this case named pipes in Windows).

I was just saying that the numbers aren't entirely meaningful in magnitude as there will be a lot of variants of the same exploits found now the cat is out the bag on things like Spectre though as there will be many different ways to reuse that behaviour - which don't necessarily present a new threat though could be a stepping stone to new threat discoveries.

This is probably true but it doesn't take away from the fact that the architecture is quite obviously flawed in its now butchered state and no amount of cork is going to plug it up completely.

Rroff · 11 Dec 2019 at 16:26

Jimmy Weirdarms said:
And quite a number presume that the exploits to do this stuff are so exotic that they don't have to worry, or tht browser-makers can/should protect them entirely.

To expand a bit on this - a lot of these attacks require the target data to be in some way forced to be frequently in a location it can be leaked from and usually in a manner that requires a hands on approach - in a normal desktop session this might happen 1-3 times and with the attacker having no idea when that might be - even assuming they had any kind of unprotected potential remote connection to the machine via a website for instance (I don't think there has been any behaviour identified that naturally happens 1000s of times a second) and to feasibly leak data using these attacks you need that data to be appearing very frequently (it usually takes hours under ideal conditions - and days under slightly less ideal conditions and potentially decades at a natural pace) in a location you can leak it from. Which is why I'm largely unconcerned as a desktop user as if someone is exposed to these attacks in a meaningful way then they already have much bigger security concerns in the first place but very concerned in a multi-user/business/server type environment which gives a would be attacker many chances to initiate a procedure constantly so as to leak data as they can for instance be potentially launched using a normal procedure (such as one of the examples being failed login attempts*) and unprivileged code in combination - although that example is highly theoretical as any properly setup system will monitor for and take counter action against multiple failed logins.

EDIT: * This isn't a dictionary attack but that failed logins momentarily load privileged auth information into a buffer that it is possible for unprivileged code to leak from - eventually.