Sign In
Create Account
Intel CPU - Design flaw in fiecare procesor din ultimii 10 ani
7 votes
Last Updated: Mar 12 2021 19:26, Started by
ct03nut
, Jan 03 2018 09:08
·
0
0
#1513
Posted 22 March 2019 - 20:07
|
Sistemele sunt cu siguranta patchuite caci sunt prea multi bani in joc. De ce ar face Amazon asta ce? E sistem clasic de securitate in aplicatii industriale. Singurul mod de a extracge date este sa fii prezent fizic la locatia unde e clusterul, sa stii exact unde ruleaza la un moment dat ceva anume si sa aplici exploitul local ...
Sunt vulnerabilitati si vulnerabilitati. Ce tot apare in ultima vreme este mai mult media si mai putin impact real asupra functionalitatii. |
Back to top
#1515
Posted 22 March 2019 - 22:34
|
Da mai, stiu. Spuneam ca intr-o ferma industriala sansa ca VM-ul tau sa fie pe acelasi host fizic cu un anume VM de unde vrei sa extragi date este aproape nula.
|
#1517
Posted 23 March 2019 - 05:49
|
Ca o paranteză, o vulnerabilitate asemănătoare cu Spectre a fost folosită împotriva PS4 (un firmware anterior) care a permis utilizatorului să decripteze un dump de kernel al acestuia, iar de aici calea a fost aproape liberă. Mai nou au reușit să ruleze linux pe el.
|
#1518
Posted 23 March 2019 - 12:18
|
Chiar și ca utilizator casnic, conceptul a fost demonstrat ca fiind fezabil cu javascript, ceea ce înseamnă că un ad inocent de pe un tab trage datele tale bancare de pe tabul cu emag (și dacă ai cumva impresia că 2fa este infailibil, ei bine nu e ). in plus, pot apela la chargeback. in plus, daca fura datele de conectare la net banking, nu prea are ce sa faca decat sa plateasca facturi... |
#1519
Posted 23 March 2019 - 12:28
|
Asta incerc si eu sa spun, prea mult bla bla.
Intr-un an de zile ar fi trebuit sa se intample o nenorocire la cat marketing se face vis-a-vis de Spectre si Meltdown. NU AM CITIT NIMIC. Doar teorii ale conspiratiei, ceva palpabil, NADA ..as in 0. Chiar daca nu sunt detectabile cum spuneti voi, pagube trebuie sa existe, nu? Unde sunt? Intr-un sistem adus la zi din toate punctele de vedere, cu sisteme de protectie serioase, in momentul in care se intampla o nenorocire, luand lucrurile prin eliminare ar trebui sa ajungi sa dai vina pe Spectre/Meltdown.. cu toate astea, ma repet, nu am dat inca de o nenorocire cauzata de inculpatii de serviciu. |
#1520
Posted 16 April 2019 - 19:59
|
CPU: Intel Core i7-5820K Haswell-E
MB: Gigabyte X99-UD4 Am facut update la BIOS. La versiunea F24c. Mai trebuie sa fac altceva? Trebuie vreun firmware pt. procesor? Deci nu prea ma pricep. Ce trebuie sa mai fac? Multumesc. |
#1521
Posted 16 April 2019 - 21:49
|
Folosesti inspectre si vezi daca esti protejat. https://www.grc.com/inspectre.htm
|
#1522
Posted 16 April 2019 - 23:20
|
Aplicatia aia a fost actualizata ultima data acum 1 an, au aparut multe alte vulnerabilitati de atunci. Ultimele update-uri la Windows sunt de ajuns sa stii ca nu esti afectat.
|
|
#1523
Posted 16 April 2019 - 23:28
|
Nu ma intereseaza ce vulnerabilitati au mai aparut! Pe mine ma intereseaza doar vulnerabilitatea despre care se vorbeste in acest thread.
InSpectre.PNG 17.25K
9 downloads
|
#1524
Posted 17 April 2019 - 00:12
|
In acest thread nu se discuta despre o singura vulnerabilitate, sunt vreo 124 in ultimii 3 ani (momentan) https://www.cvedetai.../238/Intel.html
|
#1525
Posted 14 May 2019 - 21:40
|
ZombieLoad - Yet Another Speculative Malfunction: Intel Reveals New Side-Channel Attack, Advises Disabling Hyper-Threading Below 8th, 9th Gen CPUs
https://www.techpowe...th-9th-gen-cpus https://www.zdnet.co...channel-attack/ Personal nu sunt surprins ca inca apar vulnerabilitati. |
#1526
Posted 14 May 2019 - 23:57
|
Avem si site pentru noile vulnerabilitati : CPU.fail :>
Si anuntul official Graz University of Technology : Following on from Meltdown and Spectre: TU Graz researchers discover new security flaws Redhat : Understanding the MDS vulnerability: What it is, why it works and how to mitigate it [ https://www.youtube-nocookie.com/embed/Oeb-O4yKK2c?feature=oembed - Pentru incarcare in pagina (embed) Click aici ] Edited by Arthos, 15 May 2019 - 00:19. |
#1527
Posted 15 May 2019 - 09:09
|
Chrome OS 74 dezactiveaza Hyper-Threading pe Chromebook-uri:
https://www.chromium...mds-on-chromeos Quote Microarchitectural Data Sampling (MDS) is a group of vulnerabilities that allow an attacker to potentially read sensitive data. If Chrome processes are attacked, these sensitive data could include website contents as well as passwords, credit card numbers, or cookies. The vulnerabilities can also be exploited to read host memory from inside a virtual machine, or for an Android App to read privileged process memory (e.g. keymaster) Apple :How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities Quote
The full mitigation, which includes disabling hyper-threading, prevents information leakage across threads and when transitioning between kernel and user space, which is associated with the MDS vulnerabilities for both local and remote (web) attacks. Testing conducted by Apple in May 2019 showed as much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks. Performance tests are conducted using specific Mac computers. Actual results will vary based on model, configuration, usage, and other factors. https://mdsattacks.com/ Quote Multiple teams and researchers independently discovered, studied, and reported MDS-class vulnerabilities and attacks to Intel. Unfortunately, the different timelines (see below), as well as the fine-grained vulnerability classification and embargo strategy enforced by Intel (which coordinated the disclosure process) made proper coordination across teams impossible. The year-long disclosure process (the longest to date) ultimately resulted in independent finders of even closely related MDS-class vulnerabilities to be completely unaware of one another until a few days before the May 14 disclosure date. Edited by Arthos, 15 May 2019 - 09:34. |
|
#1528
Posted 15 May 2019 - 09:52
|
Apar vulnerabilitățile ca ciupercile după ploaie:
Quote
ix@samsung:~$ grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled /sys/devices/system/cpu/vulnerabilities/mds:Mitigation: Clear CPU buffers; SMT disabled /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, RSB filling Să recapitulăm: Meltdown, Spectre V1, Spectre V2, Foreshadow, Speculative Store Bypass, Zombieload. Ce mai urmează? 
Edited by Mr_nobody_, 15 May 2019 - 09:52. |
#1529
Posted 15 May 2019 - 10:19
|
https://techcrunch.c...tel-processors/
faina treaba New secret-spilling flaw affects almost every Intel chip since 2011 |
#1530
Posted 15 May 2019 - 10:21
|
Se pare ca Intel a incercat o amanare a dezvaluire a vulnerabilitatilor cu inca 6 luni :
Original olandeza : https://www.nrc.nl/n...l-hart-a3960208 Google Translate : https://translate.go...l-hart-a3960208 Quote
There is a small taste to the premium. According to the VU, Intel tried to downplay the severity of the leak by officially paying $ 40,000 in rewards and in addition, "$ 80,000" off. That offer was politely refused. Intel initially failed to notify Google and Mozilla, two major browser manufacturers. The VU tried to force the manufacturer to come out faster. Eventually the VU forced Intel to come out in May - otherwise the university would publish the details itself. "If it were up to Intel, they would have wanted to wait another six months," says Bos. |
Anunturi
Bun venit pe Forumul Softpedia!
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
-
- Change Theme
- English
- Mark Community Read
- Termene & conditii
- Confidentialitate
- Consimtamant
- Cookies
- Help
© 2001-2024 Softpedia. All rights reserved. Softpedia® and the Softpedia logo are registered trademarks of SoftNews Net SRL.
Ora implicita a Forumului Softpedia este ora standard a Romaniei (GMT+2). Mai multe informatii →
⚠ Postarile afisate pe Forumul Softpedia reprezinta o opinie subiectiva a membrilor care le-au publicat si nu a SoftNews Net SRL.