Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Bing-Content removal tool

Nu pot accesa monitorulsv.ro de l...

Cum sa elimini urmele de acnee?

Wc Geberit
 Routere detinute in trecut si in ...

Teii din fața casei

E-Mail in serie prin Excel si Out...

Modul alimentare rulou/jaluzea ex...
 Recuperare fișiere dupa form...

Aplicatii stress test RAM

Asigurare auto hibrid

Asus B550M - PC-ul nu porneste di...
 Tzanca Uraganu - Inconjurat de Fe...

explicatie montaj breadboard

3 Doors Down - Kryptonite

Semnalizati cand virati pe un dru...
 

Intel CPU - Design flaw in fiecare procesor din ultimii 10 ani

* * * * - 7 votes
  • Please log in to reply
1561 replies to this topic

#1423
Arthos

Arthos

    ¯\_(ツ)_/¯

  • Grup: Senior Members
  • Posts: 3,404
  • Înscris: 01.11.2004
Theo de Raadt membru fondator al NetBSD, fondator si leader pentru OpenBSD si OpenSSH :
https://marc.info/?l...31475429367&w=2

Quote

These 3 issues all relate to a bug in Intel cpus

The cpu will speculatively honour invalid PTE against data in the on-core L1 cache. Memory disclosure occurs into the wrong context.

These 3 issues (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) together are the currently public artifacts of this one bug. There may be more artifacts of this on the way, perhaps combined with other past and not yet known mistakes.

CVE-2018-3620 matters for the host OS.  We have reviewed our pmap module and it appears like we never invalidate a PTE by clearing the 'valid' bit alone, we always clear the PTE to 0 entirely.  Page 0 of physical memory is unused.  As well, we don't support Wine (which has VA 0 / PA 0 issues); we don't support 32-bit emulation in 64-bit mode which makes things trickier, and we have SMT disabled by default which reduces the risk patterns further.

CVE-2018-3646 relates to the same bug, but considers the cross-domain impact upon entering VMs, which obviously run in different security domains. A patch should arrive soon to flush the L1 cache before vmenter, so that an incorrectly accessed PTE can't read data from another domain. Another aspect of the risk in this area goes away if SMT is disabled, so keep it disabled!

CVE-2018-3615 (Foreshadow) is by receiving the most press which is amazing considering it is by far the most boring of the 3, since very few few people give a rats ass about SGX -- who cares if SGX is broken when the cpu can't run your OS safely? Some convincing press agencies were hired I guess, and have performed a masterful job of distracting.

We had some idea this class of problem was coming, through hints we received from others and an extremely cynical perspective that has developed.  We believe Intel cpus do almost no security checks up-front, but defer checks until instruction retire.  As a result we believe similar issues will be coming in the future.
We asked repeatedly, but Intel provided no advance notice.  We did not even receive replies to our requests for dialogue.


On a side note, AMD cpus are not vulnerable to this problem.  Currently it is believed their address translation layer works according to spec.

Securitatea Intel e Zero, zilch, zip, nada procesoarele lor fac verificari de securitate daca chiar fac, dupa ce au executat instructiunile si rezultatele au parasit procesorul ....

#1424
Arthos

Arthos

    ¯\_(ツ)_/¯

  • Grup: Senior Members
  • Posts: 3,404
  • Înscris: 01.11.2004
Un interviu cu Dr Yuval Yarom din echipa de cercetatori care au gasit Foreshadow : https://www.theregis...llateral_damage

Quote

Intel will need to revoke the encryption keys used for authentication in millions of computers worldwide to mitigate the impact of Foreshadow

Quote

It's clear that Intel's recent design decisions focussed on how to optimise processors ... so that typical programs execute faster

Quote

As part of our attack, what we managed to do is get the attestation keys.
We can take your code, analyse it to see what it does, know how it should behave, change that behaviour – but we can fake the attestation,” he said – the code they run as attackers doesn't match the publisher's code, but the "tampered" code passes all the validity checks.
In the video player example, the attacker can change the code so it creates a copy of content, but still “allow it to attest to vendor of the software that it is still running, protected.”
The whole trust model collapses

https://www.usenix.o...sentation/bulck

#1425
antrax_beta23

antrax_beta23

    Active Member

  • Grup: Members
  • Posts: 1,465
  • Înscris: 28.01.2007
Advanced Micro Devices, Inc.
NASDAQ: AMD
32.21 USD +2.11 (7.01%)
Closed: Sep 13, 8:01 AM EDT · Disclaimer
Pre-market 32.75 +0.54 (1.68%)

vs intel

Intel Corporation
NASDAQ: INTC
44.93 USD 0.00 (0.00%)
Closed: Sep 13, 8:02 AM EDT · Disclaimer
Pre-market 45.28 +0.35 (0.78%)

Ce faci bai INTEL te prinde AMD-ul din urma

#1426
Arthos

Arthos

    ¯\_(ツ)_/¯

  • Grup: Senior Members
  • Posts: 3,404
  • Înscris: 01.11.2004
Attached File  Snipaste_2018-09-13_21-09-34.png   20.87K   40 downloads

EPYC :>>

Edited by Arthos, 13 September 2018 - 20:12.


#1427
STARTREK1

STARTREK1

    cãutãtor pe gugãl

  • Grup: Senior Members
  • Posts: 11,145
  • Înscris: 27.06.2007
KB4100347: Intel microcode updates
Applies to: Windows Server version 1803Windows 10, version 1803

Intel recently announced that they have completed their validations and started to release microcode for recent CPU platforms related to Spectre Variant 2 (CVE 2017-5715 [“Branch Target Injection”]). This update includes microcode updates from Intel for the following CPUs...

#1428
Pulan

Pulan

    Junior Member

  • Grup: Members
  • Posts: 172
  • Înscris: 27.08.2018

View Postantrax_beta23, on 13 septembrie 2018 - 14:05, said:

Advanced Micro Devices, Inc.
NASDAQ: AMD
32.21 USD +2.11 (7.01%)
Closed: Sep 13, 8:01 AM EDT · Disclaimer
Pre-market 32.75 +0.54 (1.68%)

vs intel

Intel Corporation
NASDAQ: INTC
44.93 USD 0.00 (0.00%)
Closed: Sep 13, 8:02 AM EDT · Disclaimer
Pre-market 45.28 +0.35 (0.78%)

Ce faci bai INTEL te prinde AMD-ul din urma
AMD's net income/loss from 2001 to 2017 (in million U.S. dollars)

Intel's net income from 2004 to 2017 (in billion U.S. dollars)


Problema e ca bursa functioneaza pe incredere si e suficient un singur bobarnac pentru ca aceasta crestere de fat frumos a amedeului, firma inglodata in datorii si sprijinita doar de Zen, sa faca mai mult rau decat bine. Se speculeaza si nu e bine. Zen nu o sa tina o vesnicie.
Priveste mai atent evolutia in ani.a amedeului. Juri ca e ekg-ul unui pacient aflat la al 15-lea infarct.

Edited by Pulan, 15 September 2018 - 04:24.


#1429
ro_explorer

ro_explorer

    Membru impartial

  • Grup: Senior Members
  • Posts: 29,655
  • Înscris: 15.12.2009
Încep sa iau în considerare un AMD pentru urmãtorul sistem. Acum.sa vedem care anume :)

#1430
nei-k

nei-k

    Senior Member

  • Grup: Senior Members
  • Posts: 5,465
  • Înscris: 21.12.2006
Care este motivația?

#1431
MembruAnonim

MembruAnonim

    MembruAnonim

  • Grup: Banned
  • Posts: 398,226
  • Înscris: 08.10.2015
...siguranta datelor?

#1432
CrocodiluMereuVesel

CrocodiluMereuVesel

    Member

  • Grup: Members
  • Posts: 615
  • Înscris: 23.07.2018

View Postro_explorer, on 21 septembrie 2018 - 07:17, said:

Încep sa iau în considerare un AMD pentru următorul sistem. Acum.sa vedem care anume Posted Image
eu zic sa ramai pe Intel, AMD-ul nu te prinde bine.

#1433
ro_explorer

ro_explorer

    Membru impartial

  • Grup: Senior Members
  • Posts: 29,655
  • Înscris: 15.12.2009

View Postnei-k, on 22 septembrie 2018 - 15:17, said:

Care este motivația?
Diferente minime de performanta in general si posibilitatea de a face upgrade ulterior la procesor pastrand tot restul sistemului (desi pe asta nu pun mare accent).
De exemplu acum astept sa intre in stoc 2080ti ca sa imi iau unul Sistemul curent este unul bazat pe 6700K. Ar fi fost interesant sa trec la seria 8 de procesoare fara sa schimb placa de baza.
In plus tot scandalul cu meltdown, spectre si alte exploituri nu prea da bine pe imaginea intel. Am facut toate update-urile de microcod cu impact minor in ceea ce priveste performantele sistemului dar nici incredere nu mai am ca sa fiu sincer. Daca apare seria 9 pe 10nm pana cand ma decid sa fac upgrade o sa analizez situatia la monetul respectiv.

O sa vedem ... dupa cum spuneam, iau in considerare la modul serios un sistem pe baza de AMD, care anume, nu stiu.
Pe partea de video nu incape discutie, raman la verzi (nu ca imi plac in mod deosebit dar sunt mult mult mai performanti ca rosii, cel putin pe partea de GPU discrete).

View PostCrocodiluMereuVesel, on 23 septembrie 2018 - 22:02, said:

eu zic sa ramai pe Intel, AMD-ul nu te prinde bine.
Ce ar fi sa lasi tu flame-ul ? Nu te prinde bine.

#1434
Arthos

Arthos

    ¯\_(ツ)_/¯

  • Grup: Senior Members
  • Posts: 3,404
  • Înscris: 01.11.2004
Reflections on trusting SGX
  • Foreshadow causes major collateral damage to the whole SGX ecosystem. Specifically, the remote attestation mechanism involves Intel’s own management software that itself runs in enclaves and therefore is fully reliant on the SGX hardware guarantees. When Foreshadow breaks the SGX confidentiality guarantees, it causes a snowball effect: the secrets stored in the Intel management (architectural) enclaves get into the attacker’s hands, which in turn allows her to create fake enclaves, thereby ruining the SGX remote attestation functionality. Thus, SGX hardware is a single-point-of-failure of the entire SGX security system.
  • Foreshadow and L1TF show that speculative execution attacks may work across virtual memory domain boundaries. This is different from Meltdown and Spectre which are confined to the virtual address space of a single process (even though Spectre  leaks data across processes via side channels).
  • There is a natural question whether Foreshadow is an actual bug (like Meltdown) or an instance of the dubious choice in the security-vs-speed tradeoff (like Spectre). It seems that the former is closer to the truth. Intel suggests (as one of the mitigations) to zero out the physical address in the respective page table entry which causes the terminal fault. This implies that during the speculative execution, the processor reads the part of the page table entry that corresponds to the address bits (which Intel refers to as address speculation for some reason), but silently ignores all the other bits that might indicate that the mapping is no longer valid.
  • SGX probably fell victim to the speculative execution bug that affects the X86 processor that SGX builds upon. It is unclear whether the attack could have been thwarted by the SGX hardware logic itself. On the other hand, the attack would have been impossible if the processor running the enclave would have used caches exclusively. This is a point in favor of proponents of complete hardware isolation of security-sensitive processors from the main CPU.
  • Even though a Foreshadow patch was promptly deployed in firmware, and undoubtedly will be fixed in the next processor generations, the successful attack on SGX created unrecoverable ripples in unexpected places. For example, it led to an interesting debate in the cryptocurrency community between those proposing to rely on hardware security guarantees to ensure the correctness of the distributed system, versus those who favor more complex yet provable software protocols.


#1435
Arthos

Arthos

    ¯\_(ツ)_/¯

  • Grup: Senior Members
  • Posts: 3,404
  • Înscris: 01.11.2004
Un slide oficial cu fix-urile incluse in seria 9 Intel :

Attached File  fiDQPBl.jpg   648.98K   16 downloads
Meltdown V3 - Rogue Data Cache Load : Hardware
Meltdown V3a - Rogue System Register Read : Microcode
Spectre V2 - Branch Target Injection : Microcode + Software
Spectre V4 - Speculative Store Bypass : Microcode + Software
Spectre V5 - L1 Terminal Fault : Hardware

#1436
DIVX2006

DIVX2006

    Guru Member

  • Grup: Senior Members
  • Posts: 10,598
  • Înscris: 15.07.2007

View Postro_explorer, on 21 septembrie 2018 - 07:17, said:

Încep sa iau în considerare un AMD pentru următorul sistem. Acum.sa vedem care anume Posted Image
Ai grija ce-ti doresti, ca acum vine metanol si pune Pulan-u` pe tine...
Posted Image

Posted Image Posted Image Posted Image

#1437
JohnnyUSA

JohnnyUSA

    Active Member

  • Grup: Members
  • Posts: 1,021
  • Înscris: 27.01.2006
Ciudat... nici mie nu mi s-au furat “caii de la bicicleta”... inca. Ale naibii vulnerabilitati.

#1438
onzaueb

onzaueb

    Active Member

  • Grup: Members
  • Posts: 1,004
  • Înscris: 18.06.2007

View PostPulan, on 13 octombrie 2018 - 12:22, said:


Mai astept mult calamitatile acestor vulnerabilitati? Vreun atac confirmat? Macar o tentativa de hackuire a cablului de alimentare daca la portofel nu se poate ajunge decat prin metoda traditionala, cu șuții de buzunare.

Ignoranta fata de gaurile de securitate (dovedite) din procesoarele atat de populare ale Intel nu e de bun augur. Indiferent ca e din partea userilor, Intel sau a oricarui spectator la acest show.

#1439
Pulan

Pulan

    Junior Member

  • Grup: Members
  • Posts: 172
  • Înscris: 27.08.2018
Windows-ul isi face singur actualizarile si am ultima versiune de BIOS al placii de baza. Impactul asupra performantei doar in ochii amedistilor este colosal, eu nu l-am sesizat.
Nici macar bocetele voastre nu le tolerez si tot intel mi-as cumpara in acest moment pentru ca cel mai puternic procesor rosu pe AM4 nu poate depasi arhaicul de pe acum 6700k in gaming.

Acum o luna am avut aproape 100GB de transcodat si nici macar nu m-am obosit sa ma deplasez la sistemul mare. I-am dat onboardului lui Pentium ingrata sarcina de a transcoda niste fisiere 4k la o rezolutie care poate fi redata fluent si de sisteme vechi echipate doar cu grafica integrata. M-am schimbat de hainele cu care venisem in oras, am facuit un dus si am mancat. Dupa toaste aceste activitati casnice m-am dus sa vad ce face micutul. Dormea, saracutul. In Standby. Semn ca terminase treaba cu mult inaintea mea.

G4600 nu ar fi trebuit sa se descurce atat de bine in jocuri cu un GTX1050Ti pentru ca penalizarile pe care ni le doriti l-ar fi transformat in G4400 (2c/2th) procesor care gafaie chiar si langa GTX1050 non Ti.
Ceea ce vreau sa spun este ca aberatiile voastre, imprastiate pe acest topic, nu isi gasesc logica in viata reala.

#1440
ro_explorer

ro_explorer

    Membru impartial

  • Grup: Senior Members
  • Posts: 29,655
  • Înscris: 15.12.2009

View PostPulan, on 22 octombrie 2018 - 15:45, said:

tot intel mi-as cumpara in acest moment
Tu esti mai special ... stim. Orice cu "intel inside" e bun, indiferent de cat costa si ce performanta ofera.

View PostPulan, on 22 octombrie 2018 - 15:45, said:

Ceea ce vreau sa spun este ca aberatiile voastre, imprastiate pe acest topic, nu isi gasesc logica in viata reala.
Clar, numai aberatii pe aici. Meltdown si spectre au fost o minciuna de a lui Soros ca sa strice imagine aimaculata a lui Intel.

Edited by ro_explorer, 22 October 2018 - 16:42.


Anunturi

Neurochirurgie minim invazivă Neurochirurgie minim invazivă

"Primum non nocere" este ideea ce a deschis drumul medicinei spre minim invaziv.

Avansul tehnologic extraordinar din ultimele decenii a permis dezvoltarea tuturor domeniilor medicinei. Microscopul operator, neuronavigația, tehnicile anestezice avansate permit intervenții chirurgicale tot mai precise, tot mai sigure. Neurochirurgia minim invazivă, sau prin "gaura cheii", oferă pacienților posibilitatea de a se opera cu riscuri minime, fie ele neurologice, infecțioase, medicale sau estetice.

www.neurohope.ro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate