Security flaw discovered in Intel chips.


Joseph

Recommended Posts

42 minutes ago, zoggy said:

here is the latest from intel on what you should upgrade/when your upgrade is coming:

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf

 

Nice find.  Would be nice of them to provide downloadable firmware updates as they are marked "production".  Probably they see that working with motherboard vendors to deploy new microcode via bios updates as the fastest way to mitigate Spectre for the big cloud boys.

Link to comment
  • 3 weeks later...
  • 3 weeks later...
  • 2 weeks later...

Intel have now announced that they will not (or can not) fix Spectre and Meltdown for a lot of older chips that they had earlier indicated they would release fixes for.

 

Lots of good unRAID chips will not get fixes - Core, Core 2, Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown, Jasper Forest, ...

 

http://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

http://arstechnica.com/gadgets/2018/04/intel-drops-plans-to-develop-spectre-microcode-for-ancient-chips/

http://www.theregister.co.uk/2018/04/04/intel_spectre_microcode_updates/

 

Link to comment
  • 4 weeks later...

As I noted in January when the first Meltdown/Spectre reports were published, I don't think this can be stopped. There have existed side-band attacks just listening to the sound of the power supply - how can a general-purpose processor manage to not leak side-band information unless all speculation is removed?

 

There will always be new statistical methods that can analyze branch prediction/cache misses/... and make deductions about what the CPU is doing or on what data. This is a genie that just can't be put back in the bottle.

 

I think we will need new processors where more sensitive operations are either offloaded to custom hardware or where the processor can turn off the performance mode for critical computations. But that means that in "safe" mode, we'll get glorified 386 chips running way slower than normal mode. Turning off branch-prediction and hiding cache misses means a "safe" processor will have to spend most time stalled.

Link to comment
  • 2 months later...
  • 1 month later...
  • 3 weeks later...
On 8/14/2018 at 1:10 PM, Jcloud said:

Three more vulnerabilities are being disclosed today, https://www.theregister.co.uk/2018/08/14/intel_l1_terminal_fault_bugs/ for the popular-article going over it.

 

That's a pretty good (and honest) article.  FTA:

 

Quote

It must be said that no malware, to the best of our knowledge, is exploiting the related Meltdown and Spectre flaws, nor the aforementioned speculative-execution vulnerabilities – partly because mitigations are rolling out across the industry, and partly because there are easier ways to hack people.

 

Link to comment
  • 9 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.