• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Zombieload: Another Intel CPU bug found

Storrm

Storrm

Storrm

Associate
Joined
5 Nov 2003
Posts
322
https://zombieloadattack.com/

Mitigation requires disabling hyper threading (30% performance hit) and new microcode (3-9% hit). This is on top of previous exploit mitigation techniques. Very soon Intel CPU’s will be going backwards!!! Web page shows a proof of concept video and shows how data can be siphoned from other apps running in other processes. Even cloud based and VM systems are affected.
 
Storrm said:
https://zombieloadattack.com/

Mitigation requires disabling hyper threading (30% performance hit) and new microcode (3-9% hit). This is on top of previous exploit mitigation techniques. Very soon Intel CPU’s will be going backwards!!! Web page shows a proof of concept video and shows how data can be siphoned from other apps running in other processes. Even cloud based and VM systems are affected.
Click to expand...

Most of these are variants of the same underlying problem - now that it has been discovered how to circumvent any protection against these kind of attacks they will just keep on coming.

AFAIK nothing has changed in respect that for the average home user aslong as you make sure you are using a patched browser if something is taking advantage of these vulnerabilities you have much bigger security problems to worry about.
 
I know these will be far more relevant to businesses and not end users, but surely there has to be a point where people start looking at these issues and thinking it's too much risk.
 
Sargatanas2511 said:
I know these will be far more relevant to businesses and not end users, but surely there has to be a point where people start looking at these issues and thinking it's too much risk.
Click to expand...
Nope, because IT departments are inherently lazy and bean counters/business owners are largely tech retards. It is far easier to just buy more Intel servers to recover the lost performance than to change the infrastructure to something else. And if an IT bod has sufficient consideration for his job and industry, they won't have the energy or inclination to actually argue sense into the clueless bean counters and bosses.
 
LePhuronn said:
Nope, because IT departments are inherently lazy and bean counters/business owners are largely tech retards. It is far easier to just buy more Intel servers to recover the lost performance than to change the infrastructure to something else. And if an IT bod has sufficient consideration for his job and industry, they won't have the energy or inclination to actually argue sense into the clueless bean counters and bosses.
Click to expand...

Any company holding sensitive or private data has a legal responsibility to hold that data securely. The bean counters are the ones that will be fined or jailed because they have ultimate responsibility. Because of that the IT bods should be making those responsibility's loud and clear to the bean counters.
 
kitfit1 said:
Any company holding sensitive or private data has a legal responsibility to hold that data securely. The bean counters are the ones that will be fined or jailed because they have ultimate responsibility. Because of that the IT bods should be making those responsibility's loud and clear to the bean counters.
Click to expand...

Well it could be a bit of good fortune for competitors to angle in on. Also I can imagine big companies like AWS and Microsoft in their Azure departments will make sure they are heard when looking at these issues and the future.
 
LePhuronn said:
Nope, because IT departments are inherently lazy and bean counters/business owners are largely tech retards. It is far easier to just buy more Intel servers to recover the lost performance than to change the infrastructure to something else. And if an IT bod has sufficient consideration for his job and industry, they won't have the energy or inclination to actually argue sense into the clueless bean counters and bosses.
Click to expand...

As a bean counter AND IT department lead, I resent this remark. Everyone I know in both fields does the best with the resources they have and have had budget reduced in real terms year on year for what seems like forever.

Losing a chunk of performance here and there is an annoyance but thankfully it hasn't impacted our business obligations. It will, however, be remembered when purchasing new gear :p
 
d_brennen said:
As a bean counter AND IT department lead, I resent this remark. Everyone I know in both fields does the best with the resources they have and have had budget reduced in real terms year on year for what seems like forever.

Losing a chunk of performance here and there is an annoyance but thankfully it hasn't impacted our business obligations. It will, however, be remembered when purchasing new gear :p
Click to expand...
And as a bean counter and former IT department lead, you're the shiny example that proves the rule, and would so loved to have worked with in the past :p
 
LePhuronn said:
Nope, because IT departments are inherently lazy and bean counters/business owners are largely tech retards. It is far easier to just buy more Intel servers to recover the lost performance than to change the infrastructure to something else. And if an IT bod has sufficient consideration for his job and industry, they won't have the energy or inclination to actually argue sense into the clueless bean counters and bosses.
Click to expand...

As before though if often comes down to significant lead times on qualifying a new platform and the money for significant system migrations, etc. especially as that oftens means planning downtime and dealing with likely disruption when things don't work as intended - most people are reluctant to be the one signing off on something like that and would rather kick the can down the road as much as possible - nothing ever really happens until the first serious incident like a data breach then it is all panic stations and throwing vast amounts of money at it with lots of hang wringing.
 
Rroff said:
As before though if often comes down to significant lead times on qualifying a new platform and the money for significant system migrations, etc. especially as that oftens means planning downtime and dealing with likely disruption when things don't work as intended - most people are reluctant to be the one signing off on something like that and would rather kick the can down the road as much as possible - nothing ever really happens until the first serious incident like a data breach then it is all panic stations and throwing vast amounts of money at it with lots of hang wringing.
Click to expand...
The corporate wheels turn so slowly :( part of the reason why I stopped being tech bod and went back to development.
 
Rroff said:
As before though if often comes down to significant lead times on qualifying a new platform and the money for significant system migrations, etc. especially as that oftens means planning downtime and dealing with likely disruption when things don't work as intended - most people are reluctant to be the one signing off on something like that and would rather kick the can down the road as much as possible - nothing ever really happens until the first serious incident like a data breach then it is all panic stations and throwing vast amounts of money at it with lots of hang wringing.
Click to expand...

And the obligatory "I told you so", don't forget.

Management lose their **** when the internet is out for 10 minutes (prearranged) for firewall upgrades but won't pay me to work out of hours. I've worked at the weekend and silly hours because of this attitude, without being paid just so I don't get the blame when something really bad hits the fan.

They rely on IT totally but threat IT as another admin drone department
 
I wonder how long it takes before there's first class action suit in US against Intel because of selling such leaky CPUs.
It's not like Intel lacked time and resources (or had anything else to do) to rebuilt their speculative code execution.
 
Honestly, I regret my 8700K so much. Not long after purchasing we had Spectre and Meltdown 'mitigations' that whacked a ton of performance away (up to 30%) and the 'fixes' (and new exploits) just keep on coming. Now it's recommended to disable HT? Jesus. I want a refund.

ETA: Obligatory lulz.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom