• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Yet another Intel CPU security vulnerability!

Selekt0r

Selekt0r

Selekt0r

Associate
Joined
18 Oct 2002
Posts
1,778
Location
Kent, UK
I'd have serious reservations now about running VPSes, etc. on an Intel system patched or otherwise - even though most of these attacks are as they said not particularly appealing as low hanging fruit to a would be attacker. Intel needs a complete architecture revamp as they've become far too much of a static target.

Fortunately not something of concern to most if any home users in this case.
 
It's not like the patches cause massive performance loss.

"Intel chip vulnerability nicknamed “ZombieLoad” has been revealed to the public, and though it’s already being patched by three major operating system makers, there’s some bad news: full protection could reduce your CPU’s performance by up to 40%." During testing this month, Apple says that it found “as much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks,” though actual performance impacts will vary between machines. Because of that steep performance drop, Apple has implemented a partial mitigation in macOS Mojave 10.14.5, leaving users to decide whether they want to disable hyper-threading for full protection. https://venturebeat.com/2019/05/14/...es-os-patches-with-up-to-40-performance-hits/

https://www.techspot.com/article/1850-how-screwed-is-intel-no-hyper-threading/

To quickly summarize the results, core heavy application performance was typically reduced anywhere from 25-35%.

https://www.youtube.com/watch?time_continue=403&v=O9t7u5pM1cE
 
Last edited:
Most system will never get fully patched as the performance hit is just to big. A fully patched Intel system would get destroyed by a fully patched AMD system and still be less secure.
 
FredFlint said:
Most system will never get fully patched as the performance hit is just to big. A fully patched Intel system would get destroyed by a fully patched AMD system and still be less secure.
Click to expand...

Yeah Intel are in trouble and we haven’t seen the end of what can only be seen as many horribly handled cases of gross incompetence.
 
jigger said:
Yeah Intel are in trouble and we haven’t seen the end of what can only be seen as many horribly handled cases of gross incompetence.
Click to expand...
It's hard to believe they are so incompetent, I think a lot of it is Intel doing anything it can to get performance up and just throwing security under the bus is an easy way to do it.
 
Screen-Shot-2017-04-20-at-14.39.53.png
 
FredFlint said:
It's hard to believe they are so incompetent, I think a lot of it is Intel doing anything it can to get performance up and just throwing security under the bus is an easy way to do it.
Click to expand...

It isn't really like that - though I won't discount a degree of it - most hardware security gets compromised eventually if it is in use long enough in one way or another for example emulators for older gaming hardware that originally had DRM or built in copy protection, etc. the problem is so much underlying tech in Intel CPUs hasn't moved on fundamentally in so long - I pretty much guarantee that Zen, etc. if there is enough attention on it still in a decade or so would be opened up similarly - this is an 8 year old implementation that builds on tech that goes back another few years before that and only just been exploited now. The problem is Intel holding back any real evolution of CPU design for so long.
 
Rroff said:
It isn't really like that - though I won't discount a degree of it - most hardware security gets compromised eventually if it is in use long enough in one way or another for example emulators for older gaming hardware that originally had DRM or built in copy protection, etc. the problem is so much underlying tech in Intel CPUs hasn't moved on fundamentally in so long - I pretty much guarantee that Zen, etc. if there is enough attention on it still in a decade or so would be opened up similarly - this is an 8 year old implementation that builds on tech that goes back another few years before that and only just been exploited now. The problem is Intel holding back any real evolution of CPU design for so long.
Click to expand...

The closed encryption in rome is pretty epyc, going to take a serious amount of work to break that down. Most of what we are seeing from Intel, granted it's an old uarch is just laziness is it not? Some of the earlier vulnerabilities look to me like skipping checks (clock cycles) for improved performance.
 
Vince said:
The closed encryption in rome is pretty epyc, going to take a serious amount of work to break that down. Most of what we are seeing from Intel, granted it's an old uarch is just laziness is it not? Some of the earlier vulnerabilities look to me like skipping checks (clock cycles) for improved performance.
Click to expand...

LOL but yeah what is a serious amount of work is often not so much in a decade or so time with advances in computing power and understanding of maths and techniques that can be used to identify patterns, etc. such as assistance from machine learning.

I won't say there aren't some issues due to laziness probably under the assumption that stuff was so obscure no one would ever realistically break into it - but a lot of these systems have held up many many years before finally being cracked - if it was purely down to laziness and incompetence a lot of these issues would have come up fairly early on in the Core 2 days, etc.

EDIT: Another aspect that often goes unremarked on is that Intel now runs a bug bounty program with potentially lucrative rewards for people who find serious weaknesses - which means more people than ever are looking at Intel archs in depth - meaning a higher chance of these issues coming to light even though that isn't great PR for Intel.
 
Rroff said:
LOL but yeah what is a serious amount of work is often not so much in a decade or so time with advances in computing power and understanding of maths and techniques that can be used to identify patterns, etc. such as assistance from machine learning.

I won't say there aren't some issues due to laziness probably under the assumption that stuff was so obscure no one would ever realistically break into it - but a lot of these systems have held up many many years before finally being cracked - if it was purely down to laziness and incompetence a lot of these issues would have come up fairly early on in the Core 2 days, etc.
Click to expand...

Tech marches on :) and your right, what seems insurmountable now could be trivial around the corner.
 
Vince said:
Tech marches on :) and your right, what seems insurmountable now could be trivial around the corner.
Click to expand...

To be fair under the spotlight I suspect a contemporary AMD architecture would probably hold up longer than Intel's security wise - but in the current context I don't think it has as much to do with incompetence (at least at design level) as people like to think.

I still shudder at the possibility of Intel's management engine being exposed to a remote execution intrusion as that is pretty much game over for any internet connected Intel system.
 
Rroff said:
It isn't really like that - though I won't discount a degree of it - most hardware security gets compromised eventually if it is in use long enough in one way or another for example emulators for older gaming hardware that originally had DRM or built in copy protection, etc. the problem is so much underlying tech in Intel CPUs hasn't moved on fundamentally in so long - I pretty much guarantee that Zen, etc. if there is enough attention on it still in a decade or so would be opened up similarly - this is an 8 year old implementation that builds on tech that goes back another few years before that and only just been exploited now. The problem is Intel holding back any real evolution of CPU design for so long.
Click to expand...

Yeah it’s not like people should expect Intel security to hold up on a brand new chip or an unreleased one....
 
Rroff said:
Oh I thought you were disagreeing with me about how the main problem is how long Intel have been reusing fundementally the same architecture.
Click to expand...

The problems effects all Intel CPU’s now and into the future. Your point about breaking security sometime in future is pointless.
 
You must log in or register to reply here.
Back
Top Bottom