• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Yet another Intel CPU security vulnerability!

welshrat said:
So many vulnerabilities I can't keep track, so unsure if this new one was posted.

https://www.overclock3d.net/news/cpu_mainboard/intel_cpus_hit_by_new_cacheout_attack/1
Click to expand...

Yep, CacheOut is a ZombieLoad variant renamed for presenting at ENIGMA yesterday.

We present CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. We show that despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data.

Moreover, unlike previous MDS issues, we show in our work how an attacker can exploit the CPU's caching mechanisms to select what data to leak, as opposed to waiting for the data to be available. Finally, we empirically demonstrate that CacheOut can violate nearly every hardware-based security domain, leaking data from the OS kernel, co-resident virtual machines, and even SGX enclaves.
Click to expand...

Further attacks, L1DES and Vector Registry Sampling, had their embargo end today as well. They just keep on coming! It also seems to go without saying that the latest required fixes even further impact performance of existing CPUs. I'm so glad I switched to Threadripper. At this rate my prevous 8700K may as well have been an i3. :p
 
jigger said:
And many more to come.
Click to expand...

You'll get endless variants of speculative execution attacks but they are for the most part variants of the same kind of root issue. I'm surprised so far there doesn't seem to have been a significant remote vulnerability with the IME as that really would be game over.

Rainmaker said:
Yep, CacheOut is a ZombieLoad variant renamed for presenting at ENIGMA yesterday.



Further attacks, L1DES and Vector Registry Sampling, had their embargo end today as well. They just keep on coming! It also seems to go without saying that the latest required fixes even further impact performance of existing CPUs. I'm so glad I switched to Threadripper. At this rate my prevous 8700K may as well have been an i3. :p
Click to expand...

Pretty nasty one in a shared user/server environment as in cases where the user has authentication at some level they can skip a lot of steps needed to try and get anything useful into a position to leak which made stuff like MDS more interesting from an academic perspective than anything that could realistically be used.
 
Orange Nexus said:
At this point, the patches/mitigation hurt more than the actual vulnerabilities.
Click to expand...
There is some truth to this as I don't think a real exploit has been found in the wild which uses any of these vulnerabilities. I suspect the only entity with the resources and motivation to leverage them would be a state actor going after a very specific target.
 
IT Troll said:
There is some truth to this as I don't think a real exploit has been found in the wild which uses any of these vulnerabilities. I suspect the only entity with the resources and motivation to leverage them would be a state actor going after a very specific target.
Click to expand...

The scary bit is They could have already been exploited, We just know about it :confused:
 
kitfit1 said:
Of course it's been exploited. The NSA has been exploiting it for years and years. That is the main reason that Tump is going after Huaewi. Because they won't be using Intel chips, which renders the NSA useless.
Click to expand...

Other way around really - Huawei is a risk of Chinese state backdoors besides if such functionality existed then the NSA would likely discover it and use it themselves potentially anyhow. Also most Huawei devices don't exist in situations where otherwise an Intel processor would be used - the alternative is still likely something based on ARM.

I can believe some of these vulnerabilities exist so as to give the likes of the NSA covert entry into devices in foreign countries though - while not particularly useful against the average desktop user some are peculiarly useful for cross normal hard boundaries in server and infrastructure, etc. type environments given enough time and resources to work at it while leaving very little to no trace it ever happened.
 
Rroff said:
Other way around really - Huawei is a risk of Chinese state backdoors besides if such functionality existed then the NSA would likely discover it and use it themselves potentially anyhow. Also most Huawei devices don't exist in situations where otherwise an Intel processor would be used - the alternative is still likely something based on ARM.

I can believe some of these vulnerabilities exist so as to give the likes of the NSA covert entry into devices in foreign countries though - while not particularly useful against the average desktop user some are peculiarly useful for cross normal hard boundaries in server and infrastructure, etc. type environments given enough time and resources to work at it while leaving very little to no trace it ever happened.
Click to expand...

Of course there is a risk of backdoors in Huawei kit, that is all there is though, a risk. There is absolute certainty there are backdoors in Intel kit though.
 
kitfit1 said:
Of course there is a risk of backdoors in Huawei kit, that is all there is though, a risk. There is absolute certainty there are backdoors in Intel kit though.
Click to expand...

The battle of the backdoors China and America i am glad i care nothing about my security as nothing ever was or is secure on a pc.


Is Russia losing out then? Britain? It seems like there are only two players but the USA is the dominant backdoor player.
 
Rofflay said:
The battle of the backdoors China and America i am glad i care nothing about my security as nothing ever was or is secure on a pc.


Is Russia losing out then? Britain? It seems like there are only two players but the USA is the dominant backdoor player.
Click to expand...

Do you have other devices on the same network?
 
jigger said:
Do you have other devices on the same network?
Click to expand...

No and unsure what they could ever find out anyways, I simply game and browse i have no info or money anyone could find useful. So for me it has little consequence but for others with data senitive info it might be a nightmare.

But i still have to DL all the patches and lose my performance.
 
Rofflay said:
No and unsure what they could ever find out anyways, I simply game and browse i have no info or money anyone could find useful. So for me it has little consequence but for others with data senitive info it might be a nightmare.

But i still have to DL all the patches and lose my performance.
Click to expand...

Or you can buy amd and not worry about someone at the nsa watching you through your webcam masturbating to midget tranny porn. Just a thought :p
 
AMD has PSP which is their equivalent of IME. If you're really concerned about platform security, you would want something that isn't x86 and doesn't contain closed source hardware and firmware. Open Power being the only real alternative that operates at a speed close to x86.
 
Grim5 said:
Or you can buy amd and not worry about someone at the nsa watching you through your webcam masturbating to midget tranny porn. Just a thought :p
Click to expand...

I like the extra kink from them watching me. But seriously even then it makes zero difference to my life but yes i will be buying Ryzen in 2021 Q1.
 
Microsoft had to patch all this stuff to avoid a PR disaster, the fact they have a registry override gives an indicator of what they really think of the risk factor.
 
You must log in or register to reply here.
Back
Top Bottom