Another day, another Intel vulnerability
phoronix.com
>Red Hat has been made aware of a new microarchitectural (hardware) implementation issue which, similar to Spectre and Meltdown, is affecting x86 microprocessors manufactured by Intel. Unprivileged attackers can use this flaw to bypass conventional memory security restrictions in order to gain access to memory resources that would otherwise be inaccessible. CVE-2018-3620 is the identifier assigned to the operating system vulnerability for this issue. CVE-2018-3646 is the identifier assigned to the virtualization aspect of the flaw. A third aspect of the flaw is referred to as 'Foreshadow;' this affects Intel Secure Enclave or SGX, which Red Hat does not ship...Red Hat rates this issue as having a security impact of IMPORTANT severity. This flaw requires an attacker to have local access to the affected host or virtualized guest system in order to exploit it.
Another day, another Intel vulnerability
It keeps happening
L1TF, aka L1 Terminal Fault, is yet another speculative hardware engineering trainwreck. It's a hardware vulnerability which allows unprivileged speculative access to data which is available in the Level 1 Data Cache when the page table entry controlling the virtual address, which is used for the access, has the Present bit cleared or other reserved bits set.
If an instruction accesses a virtual address for which the relevant page table entry (PTE) has the Present bit cleared or other reserved bits set, then speculative execution ignores the invalid PTE and loads the referenced data if it is present in the Level 1 Data Cache, as if the page referenced by the address bits in the PTE was still present and accessible.
While this is a purely speculative mechanism and the instruction will raise a page fault when it is retired eventually, the pure act of loading the data and making it available to other speculative instructions opens up the opportunity for side channel attacks to unprivileged malicious code, similar to the Meltdown attack.
While Meltdown breaks the user space to kernel space protection, L1TF allows to attack any physical memory address in the system and the attack works across all protection domains. It allows an attack of SGX and also works from inside virtual machines because the speculation bypasses the extended page table (EPT) protection mechanism.
Do I understand correctly that there isn't really a good way to fix that problem on existing intel processors? Can AMD CPUs get updated in-place to fix things like this? Or is it strictly a hardware issue?
>There isn't really a good fix
It's architectural
>AMD CPUs get updated in place
Architectural difference, no need shown so far by Spectre or Meltdown and I bet this is pretty damn similar.
Red Hat video suggests that cloud operators will have to turn off Hyperthreading
redhat.com
SMT is a meme anyways, nobody needs that
Isn't there only .00005% of the population smart or resourceful enough to take advantage of this sort of thing anyways?
They can compromise cloud vendors
It's a feature, goy.
DELID DIS.
I bought AMD shared a couple weeks ago.
shares*
I bought thousands of shares a couple years ago. They're worth >100k€ now.
Already tacked nosmt into my kernel parameters a few months back when the BSDs got twitchy. At this point, I'm going to have to find some document containing all known processor bugs, because I'm losing track.
probably less than that. But that's more than enough
I wish I did too user. What's a good buy today?
If you don't know what you're doing, index funds. I'd suggest QQQ or VOO.
If you want to invest in an individual stock, you should understand the business enough, not just rely on trends.
So I'm using an intel processor that I bought when intel was still preferable over amd, is there anything I can do to protect myself from the clusterfuck of vulnerabilities that surfaced recently? Is there even a need to bother or do they mostly just affect cloud/VM applications?
If you update you're fine with this one, only an issue here with hypervisors and untrusted VMs (cloud, VDIs)
mostly just server applications. Make sure you got the spectre/meltdown patches installed and activated for your OS and a current BIOS/UEFI with updated microcode if you're using windows
Thank you based Jim for Ryzen :-P
Sounds like that's the case for this particular vuln, but there's been so much of them that have been reported recently that I don't really know what's going on anymore.
>00005
Thats like 300 000 people.
>If you want to invest in an individual stock, you should understand the business enough, not just rely on trends.
I already invest in stocks and crypto, just looking for new stuff to buy. I guess your AMD buy was just luck?
>This research was partially supported by the Research Fund KU Leuven, the Technion Hiroshi Fujiwara cyber security research center, the Israel cyber bureau
> the 2017-2018 Rothschild Postdoctoral Fellowship
No, it was not.
I don't do crypto outside of winter mining, but I've been doing stocks for a while.
Give me some buy suggestions then
As I said, QQQ and VOO ^_^
Looks like someone's shorting intel stock
>"Activate the hardware backdoor."
>"Sir?? Which one???"
That's for plebs besides they move about as much as your mother in bed
Give me something that moves, something with a little pep in it's step
This entire intel situation is reaching an almost comical level. How much longer will intel be in business? 2 more years tops?
You gotta find these yourself and risk your isk like a man.
I don't give risky advice. Only sane advice. I do practice what I preach to an honorable % of my disposable income (which I invest into stocks 100% since a few years ago). The rest goes to my personal picks.
>"Enable force hyper threading on all azura servers"
>I don't give risky advice.
This is the internet, you're anonymous. Just spill the beans, I can do my own research from there.
>"I have my best support agents working on it Master. I also have an update on the Africa project. The mosquitos are in place."
user has a reputation to uphold.
Brainlet here. Does this mean the SGX is owned, at this point?
SGX was never enabled in any serious enterprise distro like RHEL and SLES, it's a non issue.
And yes, it is owned before even gaining adoption.
Guess it won't be used at all now.
Was thinking 4K Netflix/Amazon/etc., since it's involved in the Rube Goldberg machine responsible for getting that shit to your monitor.
RedHat's technical explanation of it is that you should still patch, but only cloud service providers will suffer a major performance hit due to the patch.
Friendly reminder that Theo was right
youtu.be
Friendly reminder that this manchild was not
marc.info
And by the loss of performance and energy waste, AMD's Epyc server marketshare will skyrocket to the moon in the next following years
What a timeline to be alive
based Theo
what's with the next message and the weird youtube documentary in it?
So are we just gonna go ahead with self driving cars now? I'm sure all these vulnerabilities won't matter.
lmao that Jow Forums user at 31:55
interesting video, thanks for posting
dat autistic screech
timestamp?
It's because in his apology Warner said something along the lines of "I don't recall saying/doing this and that... but the video shows.." and the other guy probably found that documentary fitting because is about mentally ill people who have violent outbursts but then don't remember what they did.
top faf, now I get it
WHAT THE FUCK I CAN'T BELIEVE THIS SHIT KEEPS HAPPENING
everybody's mentally ill except me