>Security researchers have found a new class of vulnerabilities in Intel chips which, if exploited, can be used to steal sensitive information directly from the processor.,
>“ZombieLoad,” as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code. Intel said ZombieLoad is made up of four bugs, which the researchers reported to the chip maker just a month ago.
>Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks.
0, since the new processors are unaffected, faggot poozen peddler
Adam Davis
I was just asking a question you retarded contrarian shill faggot.
Lincoln Ortiz
>still rocking pentium 4 HAHAHA, WHO IS LAUGHING NOW
Thomas James
Doesn't look like something that would affect the performance of anything. It looks like they're just going to patch the microcode to clear the buffers when hit by the condition, which isn't a normal condition.
Ethan Turner
me t. ryzen user :D
Juan Howard
*though I'm reading the Ars article now which may have more information.
Brayden Williams
>didnt read the paper based incel
Evan Stewart
Jesus christ Intel
Is not even funny at this point
Kevin Ortiz
Zombieland is just one of the three new security flaws discovered:
Logan Kelly
oh no no no no
Jonathan Brooks
Very likely. Our attacks affect all modern Intel CPUs in servers, desktops and laptops. This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.
Processors from other vendors (AMD and ARM) do not appear to be affected. Official statements from these vendors can be found in the RIDL and Fallout papers.
Jason Morales
>Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.
There is not a single proof in the real world that any of the available proof of concepts for spectre, meltdown or this bullshit is being in use and also working. A proof of concept using a race-condition that I have to download myself and activate is not really useful. Call me when there is a javascript in the browser that can read everything on my harddrive and upload it to somewhere else without me knowing. I never did any updates for this and I never will. In fact I am pretty happy that things like xdotool can send any key to any window like ^C and I can then write parsers for this. I totally hate that every developer wants to disable that programs can interact with eachother without some obscure servers or APIs.
Isaac James
read the paper, stupid. even 9000th series cpus are affected even tho intel said they should be immune. in fact, if you read the paper you will see that the new cpus which intel "fixed" are even more vulnerable then previous ones. sorry, not sorry for your loss, you cringy fucker!
Yes it is insecure. Still nobody has a proof for using the exploits over the internet and this is literally the only way most people could get infected/hacked/whatever you want to call it. If somebody got into your house then you do have other problems than an insecure cpu.
>intel kept this private for half a year >every company and their dog are issuing bios mods, os patches and disabling hyperthreading to try and mitigate before shit hits the fan hard >several poc with full source code are available in the paper and the github linked for it (the fucking video from the researchers is literally bypassing webbrowser https) >IT'S NOT REAL! REEEEEE kys intcel
Nicholas Morales
lol, you can't even show any proof for "literally bypassing webbrowser https" because that does not exist.
Nicholas Campbell
Just stop user. Just stop. Do yourself the favour and fuck off back to Tel Aviv.
Jayden Gray
just proof user. just proof. Do yourself the favour and fuck off back to that site with the white alien.
the video just shows the proof being used locally and for your local browser. That is not a proof for visiting a website over the internet and that website is able to show you all the contents of your other browsertabs. You are an idiot.
>how an attacker can monitor the websites the victim is visiting >despite using the privacy-protecting Tor browser in a virtual machine YOU
ARE
RETARDED
Sebastian Rivera
see Nothing I would fear. xdotool is literally the same combined with Control+Copy send to the OS (which sends it to the current window) and then xclip reading the clipboard.
Jacob Hernandez
>xdotool >bypassing vm fences kys retard
Austin Hughes
Ah didn't see that it was in a virtual machine. So that is a problem for servers with shared hosting. Still no problem for homeusers then and still not affecting me.
Connor Morgan
I'm starting to think reddit has a higher IQ than this shit board.
Lincoln Lopez
That means random JavaScript you run on your browser can read anything recently loaded by the CPU, including passwords, emails, chat logs...
Angel Johnson
>I'm starting to think reddit has a higher IQ than this shit board Must not have been very here for very long then or there'd be no doubt in your mind that a literal piece of shit is smarter than this board.
Dylan Cook
no it can't. see that guys link to techcrunch >What does this mean for the average user? There’s no need to panic, for one.
>These are far from drive-by exploits where an attacker can take over your computer in an instant. Gruss said it was “easier than Spectre” but “more difficult than Meltdown” to exploit — and both required a specific set of skills and effort to use in an attack.
>But if exploit code was compiled in an app or delivered as malware, “we can run an attack,” he said.
So nothing to worry.
Colton Gonzalez
No shit an app or anything I install can do whatever it wants. Where is the issue?!
Wyatt Campbell
There are four different flaws, and the researchers explicitly name JavaScript on RIDL for example.
Jacob Thompson
>exploit needs to compile and sideload a kmod on the victim machine kek, nobody is this stupid right?
>If your system is affected, our proof-of-concept ZombieLoad exploit can read data that is recently accessed or accessed in parallel on the same processor core. Can you even read?
Christopher Brown
I have a 2009 Xeon, A W3540. Does this mean I'm unaffected?
Justin Foster
Yeah but there are no ways currently to get affected by just visiting another website. Everything they do, they do locally to themself for now.
Connor Morales
>Source my big fat arse not understanding jack shit about the exploit at hand Wow great thanks will totally replace the EPYCs with Xeons again since there is no way to exploit this because some cunt that can't read on an Mongolian basket weaving forum said so even though the people bringing us this exploit say this can very much be done if you have half a brain.
Bentley Stewart
Prescott was the first pentium to have hyperthreading. Maybe they're susceptible as well.
Ethan James
Has anyone ever been affected by any of these "security flaws"? Short answer is no. I'm un-patched and laughing at the poo's trying anything to ease their buyers remorse because amd makes slow sub par hardware. It's literally peasant tier trash. I love tea bagging these delusional monkeys.
>Intel shares plummeted on Friday after a disappointing set of results from the iconic chipmaker in which it cut financial forecasts.
>Shares in the company fell by more than 10pc, putting it on track for its worst day since the 2008 financial crisis.
>On Thursday night Intel had reported an 11pc decline in profits and said that its previously fast-growing data centre business had fallen into decline.
Who keeps finding these NSA/China/CIA backdoors and how many more are there?
Andrew Butler
...
Justin Morgan
ITS FUCKING HAPPENING!
>In a just-published support document, Apple suggests that full ZombieLoad mitigation will require Intel chip users to disable Intel’s hyper-threading processing feature — a major selling point of the chipmaker’s CPUs. During testing this month, Apple says that it found “as much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks,” though actual performance impacts will vary between machines.
never buying another intel cpu again. the fuck is wrong with those clowns? i bet this has to do with bending over for intelligence agencies and installing backdoor shit everywhere.
Carter Butler
There are two kinds of x86 chips in the world: the ones full of security bugs and the ones nobody uses.
Adam Bennett
>40% PERFORMANCE HIT! NONONONONONONNONONONONONO
Jonathan King
i hope you're getting paid.
Aiden King
Apple will release ARM Macbooks this year.
Levi Garcia
AMD has had over 90% of the datacenter market for the last year and a half.
ah, fuck now i've gotta patch all my parents' computers too
Blake Bennett
So are all these flaws there because intel was trying to go fast or negligence?
Colton Thompson
Both?
Connor Smith
I'm just trying to gauge how much faster Intel truly was before Ryzen once you take into account of the flaws uncovered over the past few years, some of them affecting over a decades worth of products. What a time to be alive.
Ian Howard
>another set of meaningless, trendy sounding buzzwords for gaming paraphernalia shills to barely comprehend and endlessly regurgitate in marketing threads to further their various agendas anyway Oh boy. When will Hiro delete this shitty board?
Dunno, how's life as a bleating consumerist sheep?
Leo Peterson
>another set of meaningless, trendy sounding buzzwords >bleating consumerist sheep Really makes you thonk.
Adam Hall
>Apparently Intel attempted to play down the issue by trying to award the researchers with the 40,000 dollar tier reward and a separate 80,000 dollar reward as a "gift" (which the researchers kindly denied) instead of the maximum 100,000 reward for finding a critical vulnerability. >Intel was also planning to wait for at least another 6 months before bringing this to light if it wasn't for the researchers threatening to release the details in May. nrc.nl/nieuws/2019/05/14/hackers-mikken-op-het-intel-hart-a3960208