Intel Claims Security Flaw Also Impacts Non-Intel Chips, Exploits Can't Corrupt, Modify or Delete Data [Updated]

[sevvere]

Or .... NSA paid them to keep their mouth shut and look the other way until it comes out on its own and then just claim "oops, sorry"

Bingo. It’s mind boggling how people can be so naive when it comes to these issues. Intel has had backdoors for a long time in their processors. This is no secret or conspiracy theory. Also, it is completely rational to assume that Intel would keep open “flaws” that three letter agencies have discovered but “bad actors” haven’t as long as possible to allow three letter agencies to work their magic and Intel can claim ignorance.

But then again, all this is just conspiracy theory tin foil hat crap, you know ... just like those crazy people who thought Apple was manipulating their devices performance. ...... oh wait.

 

[thisisnotmyname]

All the doom and gloomers have of course noticed the massive 30% performance impact they've lived with since Dec 6, right?

 

[Rob_2811]

All the doom and gloomers have of course noticed the massive 30% performance impact they've lived with since Dec 6, right?

Not really. My laptop is so thin it probably never gets anywhere near peak performance for the I7 its running anyway. 30% thinner than the previous generation MBP though

 

[keysofanxiety]

Apparently the CEO sold a lot of his stock on Nov 29th and kept the bare minimum amount.

https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx

Sounds like this may lead to an SEC investigation for insider trading. Given that Apple's 10.13.2 update reportedly patches many of these flaws. It is reasonable to conclude Intel has had some knowledge of this issue for a while.

Edit: The timing of the sale is bad. It doesn't necessarily mean intent was involved.

It was a rule 10b5-1 sale which means it had been planned well in advance and the rule is there to prevent inside trading.

The timing is just very unfortunate.

 

[sevvere]

I wonder how long Intel has known about this flaw.

AND .... how long / if the NSA knew about it.

 

[mi7chy]

No surprise that Intel is spreading FUD since they have a lot to lose in the data center space.

https://www.phoronix.com/scan.php?page=news_item&px=Linux-Tip-Git-Disable-x86-PTI

 

[jdillings]

All the doom and gloomers have of course noticed the massive 30% performance impact they've lived with since Dec 6, right?

But the chips are thinner

 

[deanthedev]

The fix requires changes at the OS level. How could Intel quietly patch everyone's operating system?

Intel would have made the fix to their CPU architecture. So newer CPUs wouldn’t be affected.

 

[NMBob]

Inaccurate media reporting...do we have that?

 

[Strelok]

This would be like Samsung saying "But iPhones blow up too!" during the Note 7 fiasco. Intel screwed up, now they should just accept it and learn from it.

 

[timeconsumer]

It was a rule 10b5-1 sale which means it had been planned well in advance and the rule is there to prevent inside trading.

The timing is just very unfortunate.

Isn't it possible that they could have known but kept quiet on it long enough for this planned sale to go through? I don't follow stocks/trading so I may be reaching, but I'm just curious.

 

[Strelok]

Isn't it possible that they could have known but kept quiet on it long enough for this planned sale to go through? I don't follow stocks/trading so I may be reaching, but I'm just curious.

That might be a stretch, I think the person you replied to is right in that the sale isn't something they can decide a couple days or weeks ahead. Maybe they kept it concealed for a while, but it's also possible he's just cashing out seeing as the stock market did really well last year.

 

[trajano]

AMD does not think they're affected as shown in this Linux Kernel patch https://lkml.org/lkml/2017/12/27/2

- /* Assume for now that ALL x86 CPUs are insecure */
- setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
+ if (c->x86_vendor != X86_VENDOR_AMD)
+ setup_force_cpu_bug(X86_BUG_CPU_INSECURE);​

 

[timeconsumer]

That might be a stretch, I think the person you replied to is right in that the sale isn't something they can decide a couple days or weeks ahead. Maybe they kept it concealed for a while, but it's also possible he's just cashing out seeing as the stock market did really well last year.

Thanks for the information. Seems like it was just bad timing then.

 

[thejadedmonkey]

All the doom and gloomers have of course noticed the massive 30% performance impact they've lived with since Dec 6, right?

This isn't going to effect desktops all that much. It's mostly OS related functions that will be infinitesimally slower - writing a 100mb file will take an extra few milliseconds.

Where this will hurt is in the cloud. It's common these days for applications to talk to each other via queues. programs that write enormous amounts of small bits of data to SSD very rapidly. There, you might see a 30% to as high as 50% increase - which means an 30-50% increase in usage, which means you owe your cloud provider 30-50% more money. Postgres, the database my company uses, takes a 10% hit. That means our specs, and ergo our operating costs, just rose 10% for the database alone. This... is going to hurt a lot.

 

[nuvvanda]

How the hell can a user process access the kernel memory given the fact that all the memory allocated for it is a virtualized range of phisical memory that it sees as all the memory it can address????
Even trying speculative addressing it cannot make reference to an out of its bounds address.

 

[Ries]

I doubt SPARC, Snapdragon, A[x] chips are affected. Sounds like AMD is affected since they just copy Intel.

AMD created x86-64, intel “copied” it. ARM says some cortex-A CPUs are affected, which Apples CPUs are based on, they may have problems.

 

[nwcs]

More conspiracy theories on MacRumors than on the X-Files, lol.

 

[urmaster]

Some more info here about the initial research and wider overview:

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

Conflicting reports from AMD and Google however.

Edit: Didn't see the update.

 

[Art Mark]

Nothing is ever 100% secure when it's on a device. If you're running software there are ways in and out and obviously it's not JUST the software but the firmware on the hardware. Some great sci-fi has used this type of idea where one day everything anyone ever did online is exposed fully to the world. I suspect there will be something close to that happening at some point.

 

[Kaibelf]

Not.
There are far more secure systems out there, for instance intelligence or military.

Thank goodness we haven’t had any leaks of classified information that any of us have heard of in the past decade, especially from the military and NSA.

 

[Wowereit]

Some more info here about the initial research and wider overview:

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

Conflicting reports from AMD and Google however.

AMD's statement includes the following paragraph:

To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time.

I guess you could interpret that either way.

 

[Plutonius]

I wonder how long Intel has known about this flaw.

Since 1995 ?
[doublepost=1515021047][/doublepost]

So what was Apple's solution and what kind of performance hit do Macs experience? Under what kind of conditions?

Interestingly, it appears ARM may be affected but not AMD. Is a processor change upcoming in Macs?

AMD is working with Intel and Arm on a fix which would indicate that at least some of the exploits also affect AMD.

 

[urmaster]

Since 1995 ?
[doublepost=1515021047][/doublepost]

AMD is working with Intel and Arm on a fix which would indicate that at least some of the exploits also affect AMD.

Or it indicates they know how to fix it as they don't have the vulnerability and are helping out fixing the issue.

 

[superduperultra]

If you want security nowadays you have to go back to pen and paper.