Intel is finished!
hub.packtpub.com
OH NO NO NO HAHAHAHAHAHAHAHA!
Other urls found in this thread:
amd.com
en.wikichip.org
github.com
cvedetails.com
cvedetails.com
twitter.com
Who cares at this point.
Just throw it on the pile.
Fuck, is anyone even keeping track anymore? Spectre alone has 10+ working variants but that was back in May.
DELID DIS NAO!
Why the fuck is anyone still buying Intel processors, especially in the server space? I can sort of understand why are still bought in the consumer space, particularly the laptop segment which Intel bribes vendors to not sell AMD options. Everything else makes no sense though. You would think companies that are buying servers which will be visualizing resources, one of the use cases most susceptible to these vulnerabilities, would stall the fuck away from Intel processors. Hell, AMD's Eypic line up for CPUs even performs better so there is no reason to tolerate such shit security. Its not like you are getting better performance doing so.
I literally can't keep up with all the vulnerabilities that have surfaced for Intel processors. Anything after the first Specter variant just started to blur together.
All these "exploits" require root, so no one cares. Dont run malware as root
You're saying that as if there have never been software exploits to get root access.
They are buying AMD, AMD just can't make enough. Top epyc skus are sold out for the rest of the year
None of these exploits do that though so that doesnt matter, and again dont run malware and its fine.
NO THEY DON'T, spectre and meltdown have fucking javascripts that can execute them on non-admin computer users.
The javascript was patched a year and a half ago, its not an issue
>The threat model implemented in the paper targets victim servers with DDIO equipped Intel processors, which are mostly enabled in all Intel server-grade processors, by default since 2012. The launched cache attack is conducted over a network to a target server, such that secret information can be leaked from the connection between the server and a different client.
Intel server CPU's, which has a nice marketshare.
>The researchers say that there are many potential ways to exploit DDIO. The paper states, “For instance, an attacker with physical access to the victim machine could install a malicious PCIe device to directly access the LLC’s DDIO region. Our aim in this paper is to show that a similar attack is feasible even for an attacker with only remote (unprivileged) network access to the victim machine, without the need for any malicious PCIe devices.”
Vulnerable for /remote/ access.
>physical access
If i had physical access to your pc i could boot into an ubuntu live disk and install a virus too. Its a non issue
>its another one of those "vulnerabilities" that requires an asinine amount of conditions
>NetCat is literally a "uhhhh we can use the timestamps of the networking packets to possibly guess what keys you are pressing" type of """exploit"""
>all these people that have an hard-on for AMD are going "INTEL IS FINISHED" over something like this
Except new side channel attacks made these patches LITERALLY worthless.
Now you need a mitigation for your mitigations. Soon intel will have to release mitigations for their mitigations being mitigated by mitigations being mitigated by other mitigations.
What a CIRCUS of a company.
One vulnerability a month keeps the goyim in fear.
Now combine that with a spectre, RIDL, fallout, meltdown, and any of the other vulnerabilities.
AND THEY DON'T STOP COMING
>AND THEY DON'T STOP COMING
AND THEY DON'T STOP COMING
>AND THEY DON'T STOP COMING
AND THEY DON'T STOP COMING
>AND THEY DON'T STOP COMING
is this a boi?
>cloud computing doesn't matter
>the patches didnt work
Clearly did. We have 100 million intel cpus out in the wild and we arent having issues with malicious js
which are too, asinine-conditioned exploits that think they can just scan the entire 64-bit address space or grab a random line of cache for a "chance" to get a plaintext password or cookie or key or some shit when half the time you wouldn't even know what you're looking at
not only that but there is not ONE SINGLE practical real-world usage of these exploits in a malware of any kind.
they're all just proof of concepts.
Not to me
oy vey
show me one example of an in-the-wild usage of spectre and meltdown
Riskware/POC_Spectre
W64/Spectre.B!exploit
Riskware/SpectrePOC
Riskware/MeltdownPOC
W32/Meltdown.7345!tr
W32/Meltdown.3C56!tr
W32/Spectre.2157!tr
W32/Spectre.4337!tr
W32/Spectre.3D5A!tr
W32/Spectre.82CE!tr
W32/MeltdownPOC
are literally all proof of concept code
These are fairy tale vulnerabilities with zero real world proof of application. Most of them don't even have a proof of concept you can compile and run.
I cant. And 99% of users dont know the exploits work and of course none of them has issues, because they exploits are too hard to take advantage of
I legit cannot fathom how there are people STUPID enough to defend intel even after wave after wave of severe security vulnerabilities that get patched with IO/core performance crippling regressions.
Ask ANYONE with a fully updated sandy bridge i5 thinkpad. They're essentially UNUSABLE.
itt amd shills
Stupid idiots falling for the zero-application bait and gimping their own systems instead of going to audit their OS/kernel/apps. That's right, apply that mystical 2MB microcode and feel safe.
Legit honest question here: how many security vulnerabilties with performance crippling security patches to go along with them (see pic related) is it going to take to make you realize that MAYBE having an intel computer system isn't such a great idea?
fucking hell do amd fanboys even read past the headline
see post above you
One vulnerability with an actually used exploit rather than 10000 mythical ones.
There's 40+ now.
Really? Give me a list of software that has been found to apply such exploits.
well for one,
i dont install the mitigations because those patches are for data centers passing security audits and not for the 99% of people that just browse the web and play games since there is no actual usage of these exploits in the wild, and probably never will be due to the asinine amount of conditions involved in someone trying to get a plaintext password from ram or cache or some shit
>They are buying AMD, AMD just can't make enough. Top epyc skus are sold out for the rest of the year
AMD are also vulnerable to the majority of new SPECTRE type exploits. As are ARM, POWER, Apple's whatevertheycallit, and any CPU that uses speculative execution. Which is damn near everything outside of low-power-optimised microcontrollers. SPECTRE isn't some "LOL Intel man bad" architecture vulnerability, it's a side-channel attack on a fundamental CPU design paradigm.
I imagine you couldnt find software to exploit your own pc if you tried. You need a team and a lab to pull this shit off once
Oh how sad, I wish naysayers had a leg to stand on.
You can find proof of concept literally on google fucking damage controlling shitter.
Read the whole text, retard. Not just the first sentence.
Unironically, SPECTRE doesn't matter. Meltdown was the only serious vulnerably from the first wave, and SPECTRE variants are always too difficult to leverage.
IT'S OVER SHITEL IS POZZED HOUSEFIRED AND BANKRUPT
Not zen 2 / 2nd gen epyc, and spectre isn't the only class of vulnerabilities, or even the most important one
amd.com
Meanwhile Intel gets a new vulnerability a week.
>local access
>remote access
Its nothing
I'm not even an AMDfag atm but this thread is really convincing me to become one. Are these vulnerabilities ever going to stop coming or is the entire core series THAT pozzed?
Shit like this doesn't matter when you're hosting a personal server, but it matters a lot when you're worried about corporate espionage or just regular espionage. Nobody protecting high value information is going to want to use hardware that can be attacked through a network cable.
And yet a year and a half later there is still zero evidence anyone has used any of these exploit to perform a successful attack even once. Really makes you think
fixed in previous arches before, and more fixes in cascade lake, coming next month
en.wikichip.org
>we haven't found if anyone has used it yet so it hasn't happened
your brains on intel
Imagine still unironically buying Intel
MELTDOWN is a single SPECTRE variant, and only one of many. More will continue to be discovered over many years.
Zen2 has hardware mitigations for some SPECTRE variants, but for the most part relies on the same software & microcode mitigations as Zen 1. At least they're starting from a microcode-updated state, whereas whether you even got the Zen1 microcode updates depends on whether you motherboard manufacturer ever got around to pushing out the BIOS update to apply them.
For the most part, the specualtive execution side channel must be closed by coding design, not be hardware, in the same way that buffer over- and under-runs cannot be totally mitigated in hardware.
Vulnerabilities for all architectures (speculative execution is not exclusive to x86) will continue to be developed for many years to come.
You also admit there is no evidence. It hasnt happened bro. Its not an issue for the end user. Only newfags and plebbitors believe your hyperbolic bs
>54 / 13 / 23 / 2
i swear to god it's gotta just be one or two guys that used their FAFSA grant to buy an AMD processor because reddit told them to or something
>Buy a VM on AWS
>Run 'sploit
>Dig for live SSH connections to other machines, hijack them and spread.
Fucking nothing, lmao.
github.com
Shit is just a matter of time. You stop using crypto when there are theoretical breaks, because if there are theoretical breaks, you can be sure someone is hiding a real one. This isn't perfect information game. It's in the best interest of anyone holding a really good attack to keep it secret.
>AMD could never
At first I was laughing because I had bought Ryzen but now I'm just confused, how the fuck can Intel be so incompetent?
Cascade lake is a disastrous under-performing overpriced datacenterfire.
>power consumption of a high-end graphics card
>not even twice as fast
Is intel ever going to get serious about processors again or is this it? Wasn't 10nm desktop.supposed to have launched by 2015? What happened to that?
this isn't Intel VS AMD this is Intel VS Intel.
Only on some select vulns and only to an extent. Retard, I asked for actual real life application of these. Cause I can sit down and hypothesize about openSSH vulns as well.
It's up to you to prove your claim, retard.
>Buy a VM on AWS
>Run 'sploit
>Dig for live SSH connections to other machines, hijack them and spread.
This retarded plebbitor thinks this has actually happened hahahahahaha. You seriously dont understand how nearly impossible the exploits are to peform its not script kiddie shit. What you described has never happened
>You also admit there is no evidence. It hasnt happened bro. Its not an issue for the end user.
Yea no evidence at the moment like smoking giving you lung cancer 20 years down the line, or asbestos giving you lung cancer 20 years down the line. Just because it's not reported to be happening doesn't mean it's not you dumb fuck.
We've had 15-20 years for these exploits to surface and not. one. single. product or service has been caught red handed. Yeah safe to say these are imaginary.
It not being reported 100% means it isnt happened, fucktard. Stop with the FUD.
Because 9400f is better than 3800 in games
thats not cascade lake-x
>but for the most part relies on the same software & microcode mitigations as Zen 1.
Got a source on that?
>it wasn't reported the nsa was fucking with irans nuclear plans at the time so it 100% wasn't happening
are you this dense?
is cascade lake sp, nobody would use xeon rejects relegated to hedt in a datacenter
Your analogy to cpus being poorly understood things like human biology really showed how fucking stupid you are
What do read speeds have to do with the CPU, I thought it was mostly an SSD thing.
How convenient we've had these vulns for 20 years and literally nothing has happened.
No it's a basis for you to understand that just because it hasn't been reported yet doesn't mean it's not currently happening, a simple concept you struggle to grasp.
>xeon rejects
they are entirely differently designed chips, not "binned xeons"
if anything xeons are more binned than the X-series.
God hasnt been reported to exist either but lets just keep believing because we have an agenda!
>religion is an agenda
Oh sweet summer child
x-series is different, less about "mo cores" and more about "fast cores". They have twice the amount of AVX512 execution units and are more aimed for content creators and such.
Buyer's remorse turn into stockholme syndrome.
Spectre/meltdown mitigations on intel consist of flushing the L3/L2 cache or something. This basically slices SSD performance in half. It's much much worse on older intel CPUs. On AMD the mitigation has like a 2-3% performance hit for I/O.
maybe you should kill yourself and prove he doesn't exist for us
They're literally Cascade Lake W rejects (i.e. the byproduct not product of binning) with ECC disabled.
>AVX512
Speaking of this meme why did intel BUTCHER their entire xeon phi lineup? I though avx512 was le sekrit sauce?
What about that vulnerability with HT, can the average user genuinely get fucked or is it only an issue for servers and shit?
Servers cannot make use of AVX512 for server workloads.
With every new sidechannel attack being dug up from the grave, the chances keep going up of a successful attack ESPECIALLY with HT enabled.
idiot
cvedetails.com
>Total number of vulnerabilities : 16
cvedetails.com
>Total number of vulnerabilities : 240
Okay retard prove me wrong.
>Total number of exploited vulnerabilities: 0
Whoa...
Yeah from 0.00001% to 0.00002%.
>(Higher is better)
This needs a graph.
Because nobody has ever been affected by these vulnerabilities. Not a single case.
It is fear mongering spread by frenzied fanboys of a corporation who is finally becoming relevant again.
i feel hotter just looking at that