New secret-spilling flaw affects almost every Intel chip since 2011

techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/

>Security researchers have found a new class of vulnerabilities in Intel chips which, if exploited, can be used to steal sensitive information directly from the processor.,

>“ZombieLoad,” as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code. Intel said ZombieLoad is made up of four bugs, which the researchers reported to the chip maker just a month ago.

>Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks.

Attached: 052.png (672x794, 422K)

Other urls found in this thread:

mdsattacks.com
github.com/IAIK/ZombieLoad
techcrunch.com/wp-content/uploads/2019/05/demo_720.mp4?_=1
zombieloadattack.com/#demo
telegraph.co.uk/technology/2019/04/26/intel-shares-fall-10pc-worst-day-chipmaker-since-financial-crisis/
support.apple.com/en-us/HT210108
nrc.nl/nieuws/2019/05/14/hackers-mikken-op-het-intel-hart-a3960208
twitter.com/NSFWRedditVideo

I can't take it anymore
Make it stop, intelbros

By how much % will the patch cripple the 10990k?

0, since the new processors are unaffected, faggot poozen peddler

I was just asking a question you retarded contrarian shill faggot.

>still rocking pentium 4
HAHAHA, WHO IS LAUGHING NOW

Doesn't look like something that would affect the performance of anything. It looks like they're just going to patch the microcode to clear the buffers when hit by the condition, which isn't a normal condition.

me
t. ryzen user :D

*though I'm reading the Ars article now which may have more information.

>didnt read the paper
based incel

Jesus christ Intel

Is not even funny at this point

Zombieland is just one of the three new security flaws discovered:

oh no no no no

Very likely. Our attacks affect all modern Intel CPUs in servers, desktops and laptops. This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.

Processors from other vendors (AMD and ARM) do not appear to be affected. Official statements from these vendors can be found in the RIDL and Fallout papers.

>Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.

any links where we can confirm this info?

Another day, another bug.

mdsattacks.com

It's the Fallout attack.

(:

NOOOOOOOOO

Attached: 1542027477262.png (807x745, 205K)

If Zen 2 is any good I will ditch all Intel chips I still have. How can you fuck up THIS bad.

5 rupees have been deposited into your AMD Rewards account. Great job, Rajeesh!

>the 6th gorrilionth security flaw this month doesn't matter
Great Job. 5x10^-2357 Shekels have been deposited in your account.

Security doesn't matter

Attached: 1517515392434.png (1134x206, 19K)

correct

Attached: 1533992966510.gif (402x308, 12K)

There is not a single proof in the real world that any of the available proof of concepts for spectre, meltdown or this bullshit is being in use and also working. A proof of concept using a race-condition that I have to download myself and activate is not really useful. Call me when there is a javascript in the browser that can read everything on my harddrive and upload it to somewhere else without me knowing. I never did any updates for this and I never will.
In fact I am pretty happy that things like xdotool can send any key to any window like ^C and I can then write parsers for this. I totally hate that every developer wants to disable that programs can interact with eachother without some obscure servers or APIs.

read the paper, stupid. even 9000th series cpus are affected even tho intel said they should be immune. in fact, if you read the paper you will see that the new cpus which intel "fixed" are even more vulnerable then previous ones.
sorry, not sorry for your loss, you cringy fucker!

Thanks for proving my point

Attached: download.jpg (700x465, 52K)

you had no point poorfag

Attached: 1557190190663.jpg (450x599, 86K)

intel shills will defend this.

Attached: 1519934322604.jpg (553x794, 50K)

STOP BEING RACIST BIGOT AND BUY RYZEN SIR
DO THE NEEDFUL FOR THE HOLY COW

Attached: 1535685319936.png (882x758, 316K)

>this is now the level of pathetic cope Incel shills are operating on
I shiggy diggy

Well yeah, this is what jewish brainwashing does to your brain.

Attached: 1537419972674.png (1037x311, 340K)

Oh they're doing their best to defend this.

It's insecure by design, stop moving the goalpost. The proof of concept is the proof.

>mfw intel is unironically dying

Attached: 1557862317221.gif (337x263, 268K)

So there's where Intel was getting that IPC edge.

Yes it is insecure. Still nobody has a proof for using the exploits over the internet and this is literally the only way most people could get infected/hacked/whatever you want to call it.
If somebody got into your house then you do have other problems than an insecure cpu.

ohnonononononononononononononon

Attached: 1515221586890.png (682x792, 339K)

Shut up goy.....

>intel kept this private for half a year
>every company and their dog are issuing bios mods, os patches and disabling hyperthreading to try and mitigate before shit hits the fan hard
>several poc with full source code are available in the paper and the github linked for it (the fucking video from the researchers is literally bypassing webbrowser https)
>IT'S NOT REAL! REEEEEE
kys intcel

lol, you can't even show any proof for "literally bypassing webbrowser https" because that does not exist.

Just stop user. Just stop. Do yourself the favour and fuck off back to Tel Aviv.

just proof user. just proof. Do yourself the favour and fuck off back to that site with the white alien.

OY VEY

Attached: 76d.jpg (1196x676, 673K)

Minix

Can't you read? There are PoCs in the researchers' website.

github.com/IAIK/ZombieLoad

techcrunch.com/wp-content/uploads/2019/05/demo_720.mp4?_=1

the video just shows the proof being used locally and for your local browser.
That is not a proof for visiting a website over the internet and that website is able to show you all the contents of your other browsertabs.
You are an idiot.

>lol
>feed me
you are beyond fixing, intcel
zombieloadattack.com/#demo
github.com/IAIK/ZombieLoad
come back after youve lost your damage controlling job

>how an attacker can monitor the websites the victim is visiting
>despite using the privacy-protecting Tor browser in a virtual machine
YOU

ARE

RETARDED

see Nothing I would fear. xdotool is literally the same combined with Control+Copy send to the OS (which sends it to the current window) and then xclip reading the clipboard.

>xdotool
>bypassing vm fences
kys retard

Ah didn't see that it was in a virtual machine. So that is a problem for servers with shared hosting. Still no problem for homeusers then and still not affecting me.

I'm starting to think reddit has a higher IQ than this shit board.

That means random JavaScript you run on your browser can read anything recently loaded by the CPU, including passwords, emails, chat logs...

>I'm starting to think reddit has a higher IQ than this shit board
Must not have been very here for very long then or there'd be no doubt in your mind that a literal piece of shit is smarter than this board.

no it can't. see that guys link to techcrunch
>What does this mean for the average user? There’s no need to panic, for one.

>These are far from drive-by exploits where an attacker can take over your computer in an instant. Gruss said it was “easier than Spectre” but “more difficult than Meltdown” to exploit — and both required a specific set of skills and effort to use in an attack.

>But if exploit code was compiled in an app or delivered as malware, “we can run an attack,” he said.

So nothing to worry.

No shit an app or anything I install can do whatever it wants. Where is the issue?!

There are four different flaws, and the researchers explicitly name JavaScript on RIDL for example.

>exploit needs to compile and sideload a kmod on the victim machine
kek, nobody is this stupid right?

Attached: 1540910771917.png (292x257, 95K)

>If your system is affected, our proof-of-concept ZombieLoad exploit can read data that is recently accessed or accessed in parallel on the same processor core.
Can you even read?

I have a 2009 Xeon, A W3540. Does this mean I'm unaffected?

Yeah but there are no ways currently to get affected by just visiting another website. Everything they do, they do locally to themself for now.

>Source my big fat arse not understanding jack shit about the exploit at hand
Wow great thanks will totally replace the EPYCs with Xeons again since there is no way to exploit this because some cunt that can't read on an Mongolian basket weaving forum said so even though the people bringing us this exploit say this can very much be done if you have half a brain.

Prescott was the first pentium to have hyperthreading. Maybe they're susceptible as well.

Has anyone ever been affected by any of these "security flaws"? Short answer is no. I'm un-patched and laughing at the poo's trying anything to ease their buyers remorse because amd makes slow sub par hardware. It's literally peasant tier trash. I love tea bagging these delusional monkeys.

Attached: 1556295578434.png (898x882, 108K)

Scare Tactics
#NoProofNoCrime

OH NO NO NO NO

telegraph.co.uk/technology/2019/04/26/intel-shares-fall-10pc-worst-day-chipmaker-since-financial-crisis/

>Intel shares plummeted on Friday after a disappointing set of results from the iconic chipmaker in which it cut financial forecasts.

>Shares in the company fell by more than 10pc, putting it on track for its worst day since the 2008 financial crisis.

>On Thursday night Intel had reported an 11pc decline in profits and said that its previously fast-growing data centre business had fallen into decline.

INTEL POZZED HOUSEFIRES BTFO

Attached: 1556730086779.jpg (709x394, 63K)

that guy looks a bit like snowden

Nooooo Bros we we're supposed to not have anymore vulnerabilities

Feels good knowing Intel POZZED HOUSEFIRE GARBAGE will always be inferior.

Attached: 1556496933679.png (1316x1634, 85K)

Who keeps finding these NSA/China/CIA backdoors and how many more are there?

...

ITS FUCKING HAPPENING!

>In a just-published support document, Apple suggests that full ZombieLoad mitigation will require Intel chip users to disable Intel’s hyper-threading processing feature — a major selling point of the chipmaker’s CPUs. During testing this month, Apple says that it found “as much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks,” though actual performance impacts will vary between machines.

support.apple.com/en-us/HT210108

40% PERFORMANCE HIT!

Good thing I'm on a Nehalem till 2020.

Sir, be so kind and delid this

Attached: 1534788474814.png (1346x1044, 1.71M)

never buying another intel cpu again. the fuck is wrong with those clowns? i bet this has to do with bending over for intelligence agencies and installing backdoor shit everywhere.

There are two kinds of x86 chips in the world: the ones full of security bugs and the ones nobody uses.

>40% PERFORMANCE HIT!
NONONONONONONNONONONONONO

i hope you're getting paid.

Apple will release ARM Macbooks this year.

AMD has had over 90% of the datacenter market for the last year and a half.

I want to believe

*over 90% of the datacenter cpu sales

>40% performance impact

Attached: 1527816283535.jpg (1280x720, 137K)

ah, fuck
now i've gotta patch all my parents' computers too

So are all these flaws there because intel was trying to go fast or negligence?

Both?

I'm just trying to gauge how much faster Intel truly was before Ryzen once you take into account of the flaws uncovered over the past few years, some of them affecting over a decades worth of products. What a time to be alive.

>another set of meaningless, trendy sounding buzzwords for gaming paraphernalia shills to barely comprehend and endlessly regurgitate in marketing threads to further their various agendas anyway
Oh boy. When will Hiro delete this shitty board?

>Its real
Holy shit

Attached: 21312313213.jpg (960x847, 214K)

When Intel will file for bankruptcy, schlomo.

Haha, based! I too can't wait to consume [competing product] instead!

40% is obviously from hyperthreading right?

Attached: 1524713436096.jpg (1280x720, 90K)

How's life as a paranoid schizophrenic?

Dunno, how's life as a bleating consumerist sheep?

>another set of meaningless, trendy sounding buzzwords
>bleating consumerist sheep
Really makes you thonk.

>Apparently Intel attempted to play down the issue by trying to award the researchers with the 40,000 dollar tier reward and a separate 80,000 dollar reward as a "gift" (which the researchers kindly denied) instead of the maximum 100,000 reward for finding a critical vulnerability.
>Intel was also planning to wait for at least another 6 months before bringing this to light if it wasn't for the researchers threatening to release the details in May.
nrc.nl/nieuws/2019/05/14/hackers-mikken-op-het-intel-hart-a3960208

Attached: 1557876720095.jpg (605x328, 66K)

Intlel, wtf are they doing ? Are they even trying at this point ?

>I don't like being called out for what I am, so that doesn't mean anything!