As you probably know, after Spectre and Meltdown were discovered, Intel only released microcode updates for processors that were less than five years old.
I have an Intel Core i5-2520M. It was released in 2011, and two vulnerabilities have not been fixed/mitigated: CVE-2018-3640 and CVE-2018-3615. This means that I have two backdoors on my main machine.
What should I do, Jow Forums?
why are you still living on welfare?
encyrpt every single file on your system with atleast 128 character passwords
disable hyperthreading dumbass
Sadly the only way to avoid that shit.
There is a paper from some google people who came to the conclusion, that basically all software based versions are more or less useless. So even patches CPUs are not immune to it, it’s just harder.
Choices are to ignore it, to disable Hyperthreading, or to buy a new CPU which is not affected.
What exactly can this do to me? I only have old as shit CPUs so I assume I'm affected.
As somebody who works in info sec, the best advice that I can give you is to give you some questions. After you find answers for the questions below, in that order, you will also know what to do.
1)Do you even understand how those things work?
2)Do you know how much time it actually takes to exploit those vulnerabilities?
3)Do you know how many times those vulnerabilities have been exploited in the wild?
4)Do you think it is worth it for anybody to put in the effort and hack you using those exploits?
1. Yes
2. depends on the skill level of the hacker(s)
3. Noone can say, but that doesn't mean it was never exploited
4. Highly depends on the situation, I'd rather be safe than fucked, thank you very much.
Run along NSA.
Reminder that some systems don't have the option in BIOS to do so.
>new CPU which is not affected
There's no such thing if you talking about new Intel CPU.
>3640, 3615 not fixed
OP this is how we tell you are a poo in loo. 3615 is specifically about SGX which your 2520M don't have. 3640 is mitigated in microcode 0x2E for Sandy Bridge.
You should hereby do the needful
then disable it in the kernel parameters.
Still? I never checked that, thought Intel at least got a generation that’s not fucked up.
New AMD ones? But I guess then the only way would be to disable Hyperthreading.
I did so, and it sucks kind of. But I admit it depends on your use case.
I use Qubes OS, which is based ob Xen and Fedora, so everything is virtualized. Here you really notice the difference of HT on and off.
If people just use it with Windows or a normal Linux (or Mac), they probably don’t notice.
HARDENED =/=INVULNERABLE
Because normies know exactly how to do that kek
>HARDENED =/=INVULNERABLE
Daily reminder that you are not invulnerable to Polio
You answered the first 3 questions wrong, the fourth one subjectively, and all of them vaguely. That means you are just a paranoid NPC with no actual understanding of basic security principles.
If you think that people with access to the knowledge, resources and time to exploit those vulnerabilities stealthily would target your shitty ass sandy bridge laptop to steal your Jow Forums premium pass and hentai collection instead of targeting organizations with actually valuable data, you're even more delusional than I thought.
Update your AV, do not install anything shady and do a routine maintenance check of your firewall and you will be protected against actually tangible threats which, btw, are required for exploiting Spectre/Meltdown at home.
Please, re-read my post slowly.
>1)Do you even understand how those things work?
No but what I know is that it's the hardware level.
>2)Do you know how much time it actually takes to exploit those vulnerabilities?
A little hacker patience if you ask me. The CVEs are all well documented and it's only a matter of interest or hacker's slothfulness.
>3)Do you know how many times those vulnerabilities have been exploited in the wild?
I guess it is quite rampant. Me prospecting to make malware apps for fun, there's also probably people able to extract profitable private info with such exploit due to its strength.
>4)Do you think it is worth it for anybody to put in the effort and hack you using those exploits?
Pretty sure most of the intelligence agencies have been doing it lately the fact that it costs nothing to implement (software) and it gains them something.
>3640 is mitigated in microcode 0x2E for Sandy Bridge
I have already updated the microcode, and I am running 0x2E, but the Spectre and Meltdown checker script still tells me my device is vulnerable.
>the processor cannot be trusted
>but encrypting everything with the processor can be!
Like magic!
i5 doesn't use hyperthreading
then spectre/meltdown doesn't exist on that chip.
Only one variant of these attacks is attributed to poor design of Intel's multi threading solution, I believe. There's like 30+ vulnerabilities for their chips, though.
>There's like 30+ vulnerabilities for their chips, though.
more is better
I wish everything was software patched with serious performance penalties so we'd have a laugh at all the "fuck intel and fuck windows" threads the normalfags would make.
Im still using a e5450 from the lga 771 chipset for this reason and ME
Spectre is unrelated to hyperthreading.