Disable SMT/Hyperthreading in all Intel BIOSes

Two recently disclosed hardware bugs affected Intel cpus:

- TLBleed

- T1TF (the name "Foreshadow" refers to 1 of 3 aspects of this
bug, more aspects are surely on the way)

Solving these bugs requires new cpu microcode, a coding workaround,
*AND* the disabling of SMT / Hyperthreading.

SMT is fundamentally broken because it shares resources between the two
cpu instances and those shared resources lack security differentiators.
Some of these side channel attacks aren't trivial, but we can expect
most of them to eventually work and leak kernel or cross-VM memory in
common usage circumstances, even such as javascript directly in a
browser.

There will be more hardware bugs and artifacts disclosed. Due to the
way SMT interacts with speculative execution on Intel cpus, I expect SMT
to exacerbate most of the future problems.

A few months back, I urged people to disable hyperthreading on all
Intel cpus. I need to repeat that:

DISABLE HYPERTHREADING ON ALL YOUR INTEL MACHINES IN THE BIOS.

So please try take responsibility for your own machines: Disable SMT in
the BIOS menu, and upgrade your BIOS if you can.

I'm going to spend my money at a more trustworthy vendor in the future.

Attached: big.jpg (365x365, 32K)

Other urls found in this thread:

github.com/speed47/spectre-meltdown-checker
twitter.com/SFWRedditGifs

but my guhming petrformance

Based Theo.

Attached: smug puffy.gif (599x198, 20K)

Attached: file.png (1411x961, 47K)

lol it just keeps getting longer, what a fucking joke

how do people keep purchasing this LITERAL garbage?

Is this software to detect vulnerabilities? I'm interested

github.com/speed47/spectre-meltdown-checker

thx

NO STOP POSTING THAT SHIT ITS GOT FUKCING PHONE HOME MALWARE

Proof?

Lads, I'm using a i5-4200U but that app says my microcode is out of date and does not support any mitigations, even tho I'm running on the latest kernel and kubuntu.
What the fuck do I do other than turn off HT?

Update the laptop bios.

Microcode is another package iirc. Try installing that

What version of the intel-microcode package are you using?

Fucking everything Acer offers are 2015 BIOSs.
What do I look for exactly? I don't want to get scammed with a phishing repo or some shit.

Not sure how to check that.

Should be in the official Ubuntu repos. If not, Intel should provide a .deb

I truly wish the best for OpenBSD and Theo, hes a great guy

Attached: theo-sized.jpg (196x268, 20K)

big if true

I tried
sudo apt install intel-microcode
But nothing\s happening, it stil says version 0x17 instead of 0x24

As far as I know, it gets loaded on startup. I'd reboot and check again.

Now says I have 0x23 and newest is 0x24.
Boy am I fucked, everything is VULNERABLE and YES.

nothing is going to happen to you, just go to sleep

did anything happen to him?

HWO DO YOU KNOW ITS MIDNIGHT WHAT

I used it, rip me I guess. At least I'm not vulnerable to spectre/meltdown.

i checked open connections while running the script, no change

Fantastic, did you hash check your intel microcode?
>inb4 I ran as root lmao!

I ran it in a vm, as root. I have an AMD cpu

He was attacked by a pack of dogs in Turkey.

>I ran it in a vm, as root. I have an AMD cpu
Excuse me what? You ran an Intel microcode update on an AMD cpu in a vm?

No I ran the meltdown checker

It's a bundle you damage control retard, thanks for the ssl key

ssh*

It seems you don't understand a word in what you wrote
Cuck

Dumbass brownpants retard

Attached: 533.jpg (900x729, 67K)

>What the fuck do I do other than turn off HT?

Read the mailing lists

Question.
Is it easily remotely exploitable?
If not, then I really couldn't care less. Nobody's getting near my laptop.
I'm sure as hell not tanking what little performance I have over it.

Attached: 1530800514145.jpg (400x300, 13K)

Nah man, I'm good.

nosmt=force

shove that in /etc/default/grub and update-grub

Eh sent is fundamentally different than HT also...

why does he look so different on this picture

i never got that

I think it's not remotely exploitable but it can be used to elevate privileges from any executable code, including javascript theoretically.