I was thinking more in lines of personal computers rather than servers. With regards to password I'm assuming it would be system passwords rather than stuff typed in?
-
Competitor rules
Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.
Everything. Once in it's full control, do what you like.
There's already an example application that can grab anything you type in, kinda like a keylogger but easier to employ. Mozilla I think also has a Javascript-based exploit example.
- Joined
- 30 Jul 2006
- Posts
- 12,130
I await with eager anticipation a flurry of 'phone calls from helpful people in India with offers to "Sort out the Intel bug of which you will now have heard".
Update your AV software, the update wont show unless your AV software adds a registry key to show it's safe to install it.
I just use windows 10 defender security.. Take it I'll get the update? Or may already have it, as it updated yesterday?
Already done and the reg key is there, but nothing coming down on WU. For once, Kaspersky is ahead of the curve.
Associate
Of course it's good to minimise the risk you place yourself in by being aware of threats and avoiding them - it's something everyone ought to do, but unfortunately many will just not be capable of doing so. Granted you may know well enough not to ever use a Javascript-enabled web browser on untrusted web pages, but even legitimate web sites can be compromised with malware. I'd expect the performance impact to be limited in your use cases, and not enough to justify not patching.
Ok maybe I'm an idiot, maybe not though.
If someone writes a piece of code that manages to reliably extract information from the processor it is run on, but because nobody had ever thought of doing it before, is it suddenly the processor manufacturers fault or the guy who wrote the code.
This seems to be what's happening to INTEL right now, in my view. Just because an exploit has been found in their processors, they have been doing the same thing for the last 10 years or so, but all of a sudden they are to blame for people finding an exploit.
Makes no sense to me.
You haven't read the technical details - not that I blame you, as it's unlikely to be fully understood by laypeople. There is a bug in that Intel CPUs are ignoring the permission bit when speculatively executing instructions; this isn't something that speculative execution requires of a CPU (and most other CPU architectures don't behave in this way), but it's a shortcut that Intel took in their design. Meltdown is just the first such way to exploit this bug; it's not impossible that there may be other ways found to exploit this in future (although fortunately they might also be blocked by the KPTI patch too).
Permabanned
oh dear, good point
Soldato
This is why some of you haven't received the patch and probably shouldn't be applying it manually.
Soldato
Excuse my ignorance, but will the windows update come down to AMD CPU users (I have a Ryzen CPU) or is this just intel?
Permabanned
Everyone afaik. There was a decision for Linux to exclude AMD, that's what a lot of the chatter was about, but that's not Windows.
Soldato
Yes. I received it.
Soldato
Yes I have that key.
Soldato
Doesn't explain why I still have not received the Windows update though? I have the Allow Key from Avast in my Reg. Windows is fully up to date 1709 and I still waiting for the update.
Soldato
BIOS
Version 10032018/01/028.23 MBytes
ROG MAXIMUS X HERO BIOS 1003
Improve system performance.
Improved DRAM compatibility
Latest BIOS update for my Motherboard doesn't list anything about Security though.
Version 10032018/01/028.23 MBytes
ROG MAXIMUS X HERO BIOS 1003
Improve system performance.
Improved DRAM compatibility
Latest BIOS update for my Motherboard doesn't list anything about Security though.
Associate
With proof of concepts and patches being released to the public, it's just a matter of time before they are leveraged into (for example) scripts that are injected into vulnerable web sites. It's dangerous to assume that no news of attack = no attack.
Yes (this is done for Linux for example) and see this by Armageus:
Perhaps it would be useful to start a new thread for an FAQ that can be stickied to the top of the forum?
It's no good having performance if your passwords, data, accounts etc. have been stolen. Perhaps it makes sense to spend 2x on a CPU for just a little extra performance, if you're either absolutely needing to have a minimum amount of performance (and can't parallelise effectively), or you're using it for revenue generation and the extra revenue outweighs the extra cost. For discretionary use though, it's never made sense to do so.
The 10 years worth of Intel CPUs bug is Meltdown, which the BIOS update doesn't relate to. The BIOS update is a mechanism for delivering microcode updates for one of the variants of Spectre.