Intel Claims Security Flaw Also Impacts Non-Intel Chips, Exploits Can't Corrupt, Modify or Delete Data [Updated]

Bingo. It’s mind boggling how people can be so naive when it comes to these issues. Intel has had backdoors for a long time in their processors. This is no secret or conspiracy theory. Also, it is completely rational to assume that Intel would keep open “flaws” that three letter agencies have discovered but “bad actors” haven’t as long as possible to allow three letter agencies to work their magic and Intel can claim ignorance.

But then again, all this is just conspiracy theory tin foil hat crap, you know ... just like those crazy people who thought Apple was manipulating their devices performance. ...... oh wait.

 

All the doom and gloomers have of course noticed the massive 30% performance impact they've lived with since Dec 6, right?

 

Not really. My laptop is so thin it probably never gets anywhere near peak performance for the I7 its running anyway. 30% thinner than the previous generation MBP though

 

It was a rule 10b5-1 sale which means it had been planned well in advance and the rule is there to prevent inside trading.

The timing is just very unfortunate.

 

AND .... how long / if the NSA knew about it.

 

No surprise that Intel is spreading FUD since they have a lot to lose in the data center space.

https://www.phoronix.com/scan.php?page=news_item&px=Linux-Tip-Git-Disable-x86-PTI

 

But the chips are thinner

 

Intel would have made the fix to their CPU architecture. So newer CPUs wouldn’t be affected.

 

Inaccurate media reporting...do we have that?

 

This would be like Samsung saying "But iPhones blow up too!" during the Note 7 fiasco. Intel screwed up, now they should just accept it and learn from it.

 

Isn't it possible that they could have known but kept quiet on it long enough for this planned sale to go through? I don't follow stocks/trading so I may be reaching, but I'm just curious.

 

That might be a stretch, I think the person you replied to is right in that the sale isn't something they can decide a couple days or weeks ahead. Maybe they kept it concealed for a while, but it's also possible he's just cashing out seeing as the stock market did really well last year.

 

AMD does not think they're affected as shown in this Linux Kernel patch https://lkml.org/lkml/2017/12/27/2

- /* Assume for now that ALL x86 CPUs are insecure */
- setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
+ if (c->x86_vendor != X86_VENDOR_AMD)
+ setup_force_cpu_bug(X86_BUG_CPU_INSECURE);​

 

Thanks for the information. Seems like it was just bad timing then.

 

This isn't going to effect desktops all that much. It's mostly OS related functions that will be infinitesimally slower - writing a 100mb file will take an extra few milliseconds.

Where this will hurt is in the cloud. It's common these days for applications to talk to each other via queues. programs that write enormous amounts of small bits of data to SSD very rapidly. There, you might see a 30% to as high as 50% increase - which means an 30-50% increase in usage, which means you owe your cloud provider 30-50% more money. Postgres, the database my company uses, takes a 10% hit. That means our specs, and ergo our operating costs, just rose 10% for the database alone. This... is going to hurt a lot.

 

How the hell can a user process access the kernel memory given the fact that all the memory allocated for it is a virtualized range of phisical memory that it sees as all the memory it can address????
Even trying speculative addressing it cannot make reference to an out of its bounds address.

 

AMD created x86-64, intel “copied” it. ARM says some cortex-A CPUs are affected, which Apples CPUs are based on, they may have problems.

 

More conspiracy theories on MacRumors than on the X-Files, lol.

 

Some more info here about the initial research and wider overview:

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

Conflicting reports from AMD and Google however.

Edit: Didn't see the update.

 

Nothing is ever 100% secure when it's on a device. If you're running software there are ways in and out and obviously it's not JUST the software but the firmware on the hardware. Some great sci-fi has used this type of idea where one day everything anyone ever did online is exposed fully to the world. I suspect there will be something close to that happening at some point.

 

Thank goodness we haven’t had any leaks of classified information that any of us have heard of in the past decade, especially from the military and NSA.

 

AMD's statement includes the following paragraph:

To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time.

I guess you could interpret that either way.

 

Since 1995 ?

--- Post Merged, Jan 3, 2018 ---

AMD is working with Intel and Arm on a fix which would indicate that at least some of the exploits also affect AMD.

 

Or it indicates they know how to fix it as they don't have the vulnerability and are helping out fixing the issue.

 

If you want security nowadays you have to go back to pen and paper.