• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Intel bug incoming? Meltdown and Spectre exploits

Rroff said:
At the end of the day to a degree he can only go on what AMD tells him and/or is authenticated by 3rd parties.

I don't think AMD is affected in any degree like Intel are but they do seem to be largely running a policy of keep quiet, keep heads down and hope Intel takes any flack and if there are any issues they get missed in the **** storm heading Intel's way. The wording of their statement is very much political deflection which I'm reading as they aren't as immune to this as they'd like people to think even though they aren't seriously exposed by it.
Click to expand...

The way ive read this play out is Intel is in trouble, and they are trying to do two things, 1) deflect by saying it affects everyone, not just them and 2) take others down with them at the same time.

AMD on the other hand are keeping their mouth shut other than saying it does not affect us like it affects Intel, then just watching it all play out...

Then out of the woodwork comes the stories of Intels CEO flogging off shares, which i personally think wont amount to anything, stories of law suits for potentially breaking federal laws etc against Intel, people receiving patches on server and benchmarking performance, you only need to read that tweet a few posts up to see that there is some performance degradation of quite serious levels in specific workloads.

AMD dont need to say anything if they are confident, just let Intel and the Internet hang Intel, sit back, market their servers and eat popcorn...

I was thinking this morning, some serious EPYC sales were announced with EPYC launch and since, companies like Microsoft took a gamble on it, Microsoft were party to the Google demo that has kicked this whole thing off... Others have started to endorse EPYC, this could actually be just the tip of the iceberg right now tbh.

Intel will come out of this a bit poorer i think, and may lose some marketshare, but they will lose a lot of trust, and also mindshare, AMD need to play clever right now and hoover up more sales off the back of this whole fiasco.
 
SiDeards73 said:
Then out of the woodwork comes the stories of Intels CEO flogging off shares, which i personally think wont amount to anything, stories of law suits for potentially breaking federal laws etc against Intel, people receiving patches on server and benchmarking performance, you only need to read that tweet a few posts up to see that there is some performance degradation of quite serious levels in specific workloads.
Click to expand...

I had a quick look at his Intel shares history it is pretty hard to defend - he has regular set sells of ~70K every few months going back quite a long time (all other movements are small like 1-4K) and then suddenly two big movements one right before the previous AMT vulnerability (~150K) and then this ~890K dump right before this came to light.
 
smilingcrow said:
In the current climate of looking for suspicion anywhere I think they have used an unnecessarily ambiguous phrase there with 'near zero'.
If they had said that no vulnerabilities have currently been found then that is clear and doesn't claim that they might not appear in the future.
But to say 'near zero' has me concerned as that can be typical PR speak.
Click to expand...

I think you'll find from a legal standpoint they have to use "Near Zero" type comments bit like bleach adverts saying it kills 99.9% of all known germs... to say its zero affected leaves them wide open to be sued, you cannot be zero protected permanently, not unless you take the CPU out of the motherboard and leave it in the box you bought it in.
 
Rroff said:
I had a quick look at his Intel shares history it is pretty hard to defend - he has regular set sells of ~70K every few months going back quite a long time (all other movements are small like 1-4K) and then suddenly two big movements one right before the previous AMT vulnerability (~150K) and then this ~890K dump right before this came to light.
Click to expand...

Yeah read your post after i posted, that is indefensible then, he could end up in prison, i doubt it, but thats federal law, back in the 90's i work for Societe Generale, for their trading wing, and i saw 2 traders go to prison for insider trading, yeah that was here in the UK but it was peanut money in comparison to what Kraznich is potentially guilty of.
 
beany_bot said:
If it turns out he had knowledge of this bug before selling his shares then yes it will amount 100% to insider trading.
Click to expand...

It would be pretty hard to prove without hard evidence but still. Its hard to look at the pattern of trading and see innocence.
 
smilingcrow said:
In the current climate of looking for suspicion anywhere I think they have used an unnecessarily ambiguous phrase there with 'near zero'.
If they had said that no vulnerabilities have currently been found then that is clear and doesn't claim that they might not appear in the future.
But to say 'near zero' has me concerned as that can be typical PR speak.
Click to expand...

Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.
Click to expand...

That is exactly what they have said actually.

The issue is this, Variant 1 and 2 are spectre, variant 3 is meltdown. AMD are immune to meltdown and this is by several magnitudes the worst of the three. Variant one is fixed with no real performance hit (for AMD, I don't know if Intel have fixed this also?), variant two has not been exploited on AMD systems, it has been exploited on Intel systems, Google demonstrated a variant 2 attack on a Haswell system and failed to demonstrate anything but variant one on an AMD system afaik.

Most importantly so far the mechanism for variant 2 is using speculative execution which most modern processors use, but it's basically all about branch prediction and the branch prediction method being effected by other programs in a different security area.

Prior research (see the Literature section at the end) has shown that it is possible for code in separate security contexts to influence each other's branch prediction. So far, this has only been used to infer information about where code is located (in other words, to create interference from the victim to the attacker); however, the basic hypothesis of this attack variant is that it can also be used to redirect execution of code in the victim context (in other words, to create interference from the attacker to the victim; the other way around).
Click to expand...

from https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html

Basically branch prediction is being misused, however again this has been demonstrated on Intel systems, with intel branch prediction, they have a major flaw that enables Spectre attacks to potentially work. Again from what i gather this has only been proven to work on Intel, but due to the very nature of speculative execution it's possible that in the future attacks will be developed that can do something similar to AMD. What AMD are saying with their statement is the methods being used to exploit variant 2 on Intel is not at all applicable to AMD, but because the basis of their attack is speculative execution which AMD uses, there is a chance different methods to exploit speculative execution will harm AMD chips.

But again, current attacks trying to exploit variant 2 work on Intel and do not work on AMD, they are saying there is a near zero risk because no current tries have worked because AMD and Intel have very different branch prediction methods. Presumably this means while Intel's prediction allows programs in different security areas to effect the prediction on each other, AMD strictly don't allow that. But maybe some other tricks in branch prediction will be utilised. Either way it's likely, because Intel was exploited fairly easy and AMD still haven't is that it won't be easy or quick to do and might never happen. Intel is already vulnerable to variant 2, AMD is not.

EDIT:- to rephrase the last part, Intel is vulnerable to current attempts to exploit variant 2 attacks, AMD is not.

The best way to think about it is variant 2 is a concept, that a processor can be tricked into letting one program be effected or eventually gain access to data from another via coaxing branch prediction to access the wrong data. This concept makes every speculative execution core potentially vulnerable... the specific method demonstrated to work as a variant 2 attack(having prediction effect the prediction being run in a different security area) only works on Intel's specific implementation of branch prediction, it does not work on AMD full stop due to different architectures, yet in the future it's possible a different vector of attack on branch prediction could be exploited but no one knows how yet.

Basically AMD is only vulnerable to variant 2 because everyone now considers speculative execution to potentially be risky... not because any method has found a flaw in AMD's implementation of speculative execution.

SO this means, variant 3, AMD is immune, variant 1, fixed with a non performance harming patch, variant 2 type attacks have been used on Intel chips and NOT on AMD chips, but maybe different attacks that use branch prediction in the future would be classified as variant 2 and thus AMD can't say that future attacks can't harm them because they would have to use a different method to attack branch prediction, the only currently known method does not hurt AMD.
 
Last edited:
SiDeards73 said:
Yeah read your post after i posted, that is indefensible then, he could end up in prison, i doubt it, but thats federal law, back in the 90's i work for Societe Generale, for their trading wing, and i saw 2 traders go to prison for insider trading, yeah that was here in the UK but it was peanut money in comparison to what Kraznich is potentially guilty of.
Click to expand...

Company I interviewed for in Tower 42 many years back folded a couple of years later or so after a load of their staff got done for fraud and insider trading - funny thing was if they'd stuck to one thing they'd have probably got away with it but the whole lot left a paper trail.

Seems like a good thing now that for various reasons I didn't go through with the job but at the time it seemed like a good opportunity.
 
'Near zero' is a BS PR term with no meaning. They can only report on the current situation which is a binary Yes or No. Nearly No is plain ridiculous.
I'm looking at building a Ryzen system in the next fortnight and 'near zero' doesn't fill me with complete confidence so I will have to read their statements in more detail and get a mystic to interpret them; "Near Zero" is a very Zen like statement! :)
 
Last edited:
smilingcrow said:
'Near zero' is a BS marketing term with no meaning. They can only report on the current situation which is a binary Yes or No. Nearly No is plain ridiculous.
I'm looking at building a Ryzen system in the next fortnight and 'near zero' doesn't fill me with complete confidence so I will have to read their statements in more detail and get a mystic to interpret them; "Near Zero" is a very Zen like statement! :)
Click to expand...

A question was asked and the awnser given. What has that got to do with marketing...
 
You must log in or register to reply here.
Back
Top Bottom