Theme

Welcome · log in · join	food

Home

Reviews

Speed Test

	All Forums		Hot Topics		Gallery

Security → A Massive Intel Hardware Bug May Be on the Horizon | HardOCP

uniqs
11621

« Microsoft Security Update Releases Issued: January 19, 2018 • Ashampoo Spectre Meltdown CPU Checker 1.0.0 »
page: 1 · 2 · 3 · 4 ... 9 · 10 · 11 · next

trparky Premium Member join:2000-05-24 Cleveland, OH ·AT&T U-Verse 13 recommendations	trparky Premium Member 2018-Jan-2 3:00 pm A Massive Intel Hardware Bug May Be on the Horizon \| HardOCP said by HardOCP : There is mounting evidence that an Intel CPU bug, which could have lasting consequences for Amazon, Google, and other major cloud providers, is about to be disclosed. While a fix is in the pipeline, people say that it could impose performance penalties of as much as 35 percent. AMD chips are reportedly unaffected. tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case, the software fix causes huge slowdowns in typical workloads. A Massive Intel Hardware Bug May Be on the Horizon \| HardOCP
	actions · 2018-Jan-2 3:00 pm ·
trparky 3 recommendations	trparky Premium Member 2018-Jan-2 3:04 pm And we have another source... 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign \| The Register
	actions · 2018-Jan-2 3:04 pm ·
humanfilth join:2013-02-14 river styx 1 recommendation	humanfilth to trparky Member 2018-Jan-2 3:04 pm to trparky Might be disclosed on Jan 4 2018 or by Windows patch Tuesday. Upcoming patches are being noticed. AMD not affected. Virtual Servers (The Cloud, and preventing cross server access) shitting pants these past few weeks. »www.game-debate.com/news ··· formance A major hardware flaw appears to have been discovered in Intel CPUs, and bypassing this bug can drastically impact performance. Patching the Intel CPU bug is purported to cause a performance hit of 30-35% on Intel CPUs, while all AMD CPUs are unaffected. The bug itself could potentially have devastating consequences. It opens up possible security vulnerabilities in Intel CPUs, including large cloud providers and web hosts. The hardware bug causes an Intel CPU to prefetch system memory areas and gain control of any application, in theory allowing for a VM on shared hosting to read and write over another VM. Breaking out of the confines of virtual machines hosted at cloud providers could prove hugely damaging. »www.reddit.com/r/sysadmi ··· ncoming/ TLDR; Copying from the thread on 4chan There is evidence of a massive Intel CPU hardware bug (currently under embargo) that directly affects big cloud providers like Amazon and Google. The fix will introduce notable performance penalties on Intel machines (30-35%). People have noticed a recent development in the Linux kernel: a rather massive, important redesign (page table isolation) is being introduced very fast for kernel standards... and being backported! The "official" reason is to incorporate a mitigation called KASLR... which most security experts consider almost useless. There's also some unusual, suspicious stuff going on: the documentation is missing, some of the comments are redacted (»twitter.com/grsecurity/s ··· 84123649 ) and people with Intel, Amazon and Google emails are CC'd. According to one of the people working on it, PTI is only needed for Intel CPUs, AMD is not affected by whatever it protects against (»lkml.org/lkml/2017/12/27/2). PTI affects a core low-level feature (virtual memory) and has severe performance penalties: 29% for an i7-6700 and 34% for an i7-3770S, according to Brad Spengler from grsecurity. PTI is simply not active for AMD CPUs. The kernel flag is named X86_BUG_CPU_INSECURE and its description is "CPU is insecure and needs kernel page table isolation". Microsoft has been silently working on a similar feature since November: »twitter.com/aionescu/sta ··· 11296000 People are speculating on a possible massive Intel CPU hardware bug that directly opens up serious vulnerabilities on big cloud providers which offer shared hosting (several VMs on a single host), for example by letting a VM read from or write to another one. Edit: the examples of the i7 series, are just examples. This affects all Intel platforms as far as I can tell. »pythonsweetness.tumblr.c ··· ge-table tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine, and additional hints the exact attack may involve a new variant of Rowhammer. And another case of "not insider trading". Intel CEO sold off some shares end of Nov 2016. Fool.com is not always a reliable link... »www.fool.com/investing/2 ··· ock.aspx
	actions · 2018-Jan-2 3:04 pm ·
trparky Premium Member join:2000-05-24 Cleveland, OH ·AT&T U-Verse 7 recommendations	trparky Premium Member 2018-Jan-2 3:07 pm Ah damn, I wonder if this will effect normal users not running VMs with typical desktop systems. If this is going to be effecting even those users it's going to be a real pain in the ass for those of us who have Intel systems. I see an uptick in AMD Ryzen CPU sales in the near future.
	actions · 2018-Jan-2 3:07 pm ·
computerman2 Premium Member join:2002-04-20 Trenton, MI	computerman2 Premium Member 2018-Jan-2 3:39 pm And Here I just bought 2 Intel based Systems, One in September, and one at end of December, I hope performance issue isn't too big of a hit when the fix is out, wonders if BestBuy will buy back my intel system if performance hit is too big, guess will see how it goes in the future, saves some money if I can
	actions · 2018-Jan-2 3:39 pm ·
camper just visiting this planet Premium Member join:2010-03-21 Bethel, CT 1 recommendation	camper to trparky Premium Member 2018-Jan-2 3:41 pm to trparky From The Register article... ... Think of the kernel as God sitting on a cloud, looking down on Earth. It's there, and no normal being can see it, yet they can pray to it. These KPTI patches move the kernel into a completely separate address space, so it's not just invisible to a running process, it's not even there at all. Really, this shouldn't be needed, but clearly there is a flaw in Intel's silicon that allows kernel access protections to be bypassed in some way. The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. This adds an extra overhead, and slows down the computer. ... [emphasis mine] Oooohhh... this ain't good.
	actions · 2018-Jan-2 3:41 pm ·
computerman2 Premium Member join:2002-04-20 Trenton, MI	computerman2 Premium Member 2018-Jan-2 3:52 pm Doesn't sound good at all, First the issue with Puma 6, other security hole with ME Firmwire, now this--sorta regretting getting my first Intel based systems since 2003, and Desktop machine probably stuck with as its well over 15-30 day return policy, Laptop think could still return if decided to, and get an AMD based system instead, but not sure if I should or not
	actions · 2018-Jan-2 3:52 pm ·
camper just visiting this planet Premium Member join:2010-03-21 Bethel, CT	camper Premium Member 2018-Jan-2 4:02 pm No, it doesn't sound good. What I don't know is whether "switching between two separate address spaces" means the same thing as "process switch" at these levels of the OS, semantic-wise. I know from a while ago that process switches are expensive occurrences. Very expensive.
	actions · 2018-Jan-2 4:02 pm ·
ahuj99 join:2013-07-28 4 recommendations	ahuj99 Member 2018-Jan-2 4:47 pm "Context switch". Estimate is an extra ~5% to the average workload and a little worse on processors older than Haswell which don't have the "Process Context IDentifier" optimization. »lwn.net/Articles/737940/
	actions · 2018-Jan-2 4:47 pm ·
trparky Premium Member join:2000-05-24 Cleveland, OH ·AT&T U-Verse 2 recommendations	trparky Premium Member 2018-Jan-2 4:58 pm Great, so there is a possibility that this performance hit is going to be an issue even for regular users, not just massive cloud computing systems. In other words, there's a very good possibility that all Intel desktop and notebook systems will see a 25 to 30% performance hit. Fuck. My plans for a system upgrade may be a lot closer than I thought and I'm definitely not going to be going with Intel since whatever amount of IPC difference between my current Ivy Bridge chip and any new Intel chips just got eaten by this fix. Wonderful.
	actions · 2018-Jan-2 4:58 pm ·
trparky 2 recommendations	trparky Premium Member 2018-Jan-2 5:17 pm Impact It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern in some way the contents of protected kernel memory. The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers. Whenever a running program needs to do anything useful – such as to write to a file or open a network connection – it has to temporarily hand control of the processor to the kernel to carry out the job. To make the transition from user mode to kernel mode and back to user mode as fast and efficient as possible, the kernel is present in all processes' virtual memory address spaces, although it is invisible to these programs. When the kernel is needed, the program makes a system call, the processor switches to kernel mode and enters the kernel. When it is done, the CPU is told to switch back to user mode, and reenter the process. While in user mode, the kernel's code and data remains out of sight but present in the process's page tables. Think of the kernel as God sitting on a cloud, looking down on Earth. It's there, and no one on Earth can see it, yet they can pray to it. These KPTI patches move the kernel into a completely separate address space, so it's not just invisible to a running process, it's not even there at all. Really, this shouldn't be needed but clearly there is a flaw in Intel's silicon that allows kernel access protection to be bypassed in some way. The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. This adds an extra overhead, and slows down the computer.
	actions · 2018-Jan-2 5:17 pm ·
camper just visiting this planet Premium Member join:2010-03-21 Bethel, CT	camper to ahuj99 Premium Member 2018-Jan-2 5:18 pm to ahuj99 said by ahuj99: "Context switch" Thanks, that's what I meant, not "process switch."
	actions · 2018-Jan-2 5:18 pm ·
DonoftheDead Old diver Premium Member join:2004-07-12 Clinton, WA 2 recommendations	DonoftheDead to trparky Premium Member 2018-Jan-2 6:49 pm to trparky Methinks Epyc and AMD CPU's in general have got a great future ahead of them. Some of the mechanics of this bug is over my head, but since I don't keep anything of value on my systems, I probably won't patch for this on my Intel systems. At least not till some more real world info on attacks and the performance hits come in. Somebody correct me if I'm wrong, but wouldn't it take a sophisticated attacker to do this, or could it be packaged and sold to the "general public"? Trying to figure out how dangerous this is to the average home/SOHO user this is. I'm already dealing with W10 updates breaking client's systems ( got another one to do tomorrow) and this is not helping my attitude.
	actions · 2018-Jan-2 6:49 pm ·
trparky Premium Member join:2000-05-24 Cleveland, OH ·AT&T U-Verse 4 recommendations	trparky Premium Member 2018-Jan-2 6:55 pm said by DonoftheDead: but wouldn't it take a sophisticated attacker to do this It can be done in Javascript, that's where the real danger can be.
	actions · 2018-Jan-2 6:55 pm ·
cralt join:2011-01-07 CT	cralt Member 2018-Jan-2 9:04 pm Its going to be interesting to see how long this "embargo" was for. A few weeks or a month seems normal. If this has been known for months or years that's really shady. Wouldn't look so good if supposed "open" source developers where helping to cover it up.
	actions · 2018-Jan-2 9:04 pm ·
DonoftheDead Old diver Premium Member join:2004-07-12 Clinton, WA 3 recommendations	DonoftheDead to trparky Premium Member 2018-Jan-2 9:16 pm to trparky said by trparky: It can be done in Javascript, that's where the real danger can be. Aw shit! That answers my question. Thanks Intel for helping me decide which CPU I'll be going with when I do a new build.
	actions · 2018-Jan-2 9:16 pm ·
trparky Premium Member join:2000-05-24 Cleveland, OH 3 recommendations	trparky to cralt Premium Member 2018-Jan-2 9:30 pm to cralt Yeah but until recently most bugs have been small fries, this bug is like a WMD.
	actions · 2018-Jan-2 9:30 pm ·
lawsoncl join:2008-10-28 Spirit Lake, ID 3 recommendations	lawsoncl to trparky Member 2018-Jan-2 9:49 pm to trparky said by trparky: said by DonoftheDead: but wouldn't it take a sophisticated attacker to do this It can be done in Javascript, that's where the real danger can be. and potentially from within a VM, putting the host OS and every other VM at risk.
	actions · 2018-Jan-2 9:49 pm ·
computerman2 Premium Member join:2002-04-20 Trenton, MI 1 edit 3 recommendations	computerman2 Premium Member 2018-Jan-2 10:04 pm And if this came out before I bought my new laptop (December 24th) I would've picked an AMD based one, now the hassle to decide to what to do, return or keep and just deal with potential performance hit when comes, as my newer Desktop (bought in September) is Intel as well Guess could always research cost for custom build of my old AMD FX system to AMD Ryzen, would need with that one Memory, video card (AMD card to go with AMD Processor--personal preference thing), newer SSD, motherboard/cpu as well unless shop has a combo Motherboard/CPU/Ram, and then AMD RX 580 I think if I can swing it, if not just sticks with my Intel system and just deals with the possible performance hit
	actions · 2018-Jan-2 10:04 pm ·
DonoftheDead Old diver Premium Member join:2004-07-12 Clinton, WA 5 recommendations	DonoftheDead to trparky Premium Member 2018-Jan-3 3:05 am to trparky I would wait and see how bad the performance hit is before I dumped an i7 for a Ryzen. Or keep the Intel offline and build a cheap internet box with a Ryzen APU for web stuff. Enterprise/Cloud operations are screwed, blued and tattoo'd. Heads are gonna roll for this one. Fortunately I have a heavy-duty popcorn machine. This should be quite a show.
	actions · 2018-Jan-3 3:05 am ·

GuruGuy Premium Member join:2002-12-16 Atlanta, GA 2 recommendations	GuruGuy to humanfilth Premium Member 2018-Jan-3 8:15 am to humanfilth Yep, from your first link too: "It's also come to our attention, and this may be totally unrelated but it's enough to set alarm bells ringing, that Intel CEO Brian Krzanich sold shares in the tech giant worth $11 million in December. In order to be Intel CEO, Krzanich must have a minimum number of 250,000 shares in Intel. Earlier in the month, Krzanich had 495,743 shares, and after two transactions he brought his total number of shares down to a quarter of a million. Or - the bare minimum required"
	actions · 2018-Jan-3 8:15 am ·
Blackbird Built for Speed Premium Member join:2005-01-14 Fort Wayne, IN 1 recommendation	Blackbird Premium Member 2018-Jan-3 8:28 am While that indeed looms as "interesting", it's always wise to keep in mind that the sales were in December (the end of the tax year) with new tax regulations looming on the horizon for 2018. I've learned that executive stock sales in December must always be viewed with a number of potential personal-finance factors in mind.
	actions · 2018-Jan-3 8:28 am ·
Shady Bimmer Premium Member join:2001-12-03 5 recommendations	Shady Bimmer to camper Premium Member 2018-Jan-3 8:53 am to camper said by camper: No, it doesn't sound good. What I don't know is whether "switching between two separate address spaces" means the same thing as "process switch" at these levels of the OS, semantic-wise. I know from a while ago that process switches are expensive occurrences. Very expensive. No they are not the same thing. Context switches occur all the time and modern processors are very efficient at this. A context switch occurs any time a privilege level (IE: processor ring execution level) is changed. Every system call incurs a context switch into the kernel and another exiting. What appears to be changing is what happens during that context switch. There is very little detail available yet but hopefully this will change soon. Work has already been underway to address other weaknesses around kernel address-space layout randomization that would appear to apply here. Those have been taking a long time since they do incur a performance impact. From what has been found so far it looks like the proposed mitigations all make a completely separate copy of the processor page tables. Currently kernel & user processes share the same table with their own virtual copies - the kernel has the full view but the user land only has limited view. The changes will separate those completely such that user land is no longer a virtual copy but instead a completely separate and minimized copy. Page tables are the processor's mapping between virtual and physical memory. It is the change from using a virtual copy to an actual separate copy that appears to be the mitigation, but until the actual details are released that is at least partly speculation. There is also speculation that the vulnerability may be the result of intel's speculative (optimistic) execution, which AMD does not use, may be involved. Again that is just speculation but is among the discussions on this topic.
	actions · 2018-Jan-3 8:53 am ·
cralt join:2011-01-07 CT 2 recommendations	cralt Member 2018-Jan-3 9:14 am I wonder if OpenBSD's KARL is some sort of mitigation for this. They implemented it in the release that came out in October. »marc.info/?l=openbsd-tec ··· 5941&w=2 Everyone got upset when they silently patched KRACK ahead of the embargo....would be funny if they did it again
	actions · 2018-Jan-3 9:14 am ·
GuruGuy Premium Member join:2002-12-16 Atlanta, GA	GuruGuy to trparky Premium Member 2018-Jan-3 9:28 am to trparky May have overlooked it, but so far the fix is software patches. Does intel have a fix in the works for it's chips, a new chip, replacement, etc?????
	actions · 2018-Jan-3 9:28 am ·
camper just visiting this planet Premium Member join:2010-03-21 Bethel, CT	camper to Shady Bimmer Premium Member 2018-Jan-3 9:29 am to Shady Bimmer said by Shady Bimmer: No they are not the same thing. Context switches occur all the time and modern processors are very efficient at this. A context switch occurs any time a privilege level (IE: processor ring execution level) is changed. Every system call incurs a context switch into the kernel and another exiting. What appears to be changing is what happens during that context switch. Thanks for the follow-up explanation. I haven't played in the "context switch" area for a couple three decades. It is good to hear that modern processors handle it much more efficiently.
	actions · 2018-Jan-3 9:29 am ·
AsherN Premium Member join:2010-08-23 Thornhill, ON	AsherN to Blackbird Premium Member 2018-Jan-3 10:05 am to Blackbird said by Blackbird: While that indeed looms as "interesting", it's always wise to keep in mind that the sales were in December (the end of the tax year) with new tax regulations looming on the horizon for 2018. I've learned that executive stock sales in December must always be viewed with a number of potential personal-finance factors in mind. And at that level, you don't just wake up one morning and decide to dump shares that day. The sale must be filed with the SEC, well in advance, with a fixed date. You are at the mercy of the market.
	actions · 2018-Jan-3 10:05 am ·
TheWiseGuy Dog And Butterfly MVM join:2002-07-04 East Stroudsburg, PA 2 recommendations	TheWiseGuy MVM 2018-Jan-3 10:53 am You are correct that most officer sales at this level are via a 10b5-1 which is a plan that normally has someone else execute the sale sometime in the future. The instructions for the 11/29/17 sale were done on 10/30/17. Now they are not totally at the mercy of the market since a 10b5-1 plan allows the participant to set up a price or even a formula for the sale when the instructions are established. Full information on how a 10b5-1 works can be found at »www.law.cornell.edu/cfr/ ··· 0.10b5-1 A quick overview at »www.accountingtools.com/ ··· ng-plans
	actions · 2018-Jan-3 10:53 am ·
sludgehound join:2007-03-12 New York, NY 2 edits 2 recommendations	sludgehound to trparky Member 2018-Jan-3 11:29 am to trparky Getting sense techland is making defective stuff (older, slower iPhones?) in order to prime pump for 'newer' stuff. $$ root of all bugs.... Intel Leaks Details On Desktop Core i7-8809G CPU With Radeon Graphics »www.extremetech.com/gami ··· um=title NOW THIS 4:25pm ET MW: Intel says 'design flaw' report is inaccurate, stock rebounds as AMD pares gains MW: Intel says 'design flaw' report is inaccurate, stock rebounds as AMD pares gains By Wallace Witkowski , MarketWatch Intel says flaw is not unique to its chips and will not slow down systems for average computer user Intel Corp. shares had their worst day in eight months, but pared deeper earlier losses Wednesday after the company said a report its chips have a unique security-design flaw that could eventually slow down computers by up to 50% was inaccurate. Late Tuesday, online technology news site The Register reported that a "fundamental design flaw" (»www.theregister.co.uk/20 ··· gn_flaw/) in Intel chips has caused Linux coders and those at Microsoft Corp. (MSFT) to patch their operating systems for security reasons. Most damning, however, was that the report said these patches will slow down performance by 5% to 30% in certain systems with Intel chips, and that Advanced Micro Devices Inc. (AMD) processors were not affected. Opinion: Intel suffers an epic security fail, offering a big opportunity for AMD (»www.marketwatch.com/stor ··· 18-01-03) By midday, Intel disputed the report. "Recent reports that these exploits are caused by a 'bug' or a 'flaw' and are unique to Intel products are incorrect," Intel said in a statement. "Based on the analysis to date, many types of computing devices--with many different vendors' processors and operating systems--are susceptible to these exploits." The most heavily traded stock on the S&P 500, at volume of more than 150 million shares, was rival chip maker AMD. The stock has a 52-week average daily trading volume of 65 million shares. Shares, which had rallied more than 10% earlier, closed up 5.2% at $11.55 . In the first two sessions of 2018, shares are up more than 12%, after having declined 9.3% over the course of 2017. AMD did not immediately provide a comment Wednesday. The PHLX Semiconductor Index rose 38.2% in 2017, and is up 4.5% for the first two days of 2018. Intel continued: " Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industrywide approach to resolve this issue promptly and constructively." Nvidia Corp. (NVDA) shares also rallied, gaining 6.6% to close at $214.47 . The gains in AMD and Nvidia follow Tuesday's strong day for chip makers following reports of strong November sales (»www.marketwatch.com/stor ··· 18-01-02). Nvidia shares were the 13th most heavily traded stock on the S&P 500 at more than 22 million shares. "This is a positive in our view for Nvidia (Data Center)," RBC Capital Markets analyst Mitch Steves wrote in a Wednesday note of the Intel news. Steves has an outperform rating on Nvidia but does not cover AMD. "If there are speed/performance issues with Intel products, this gives Nvidia a chance to gain market share while the issues are being resolved." Micron Technology Inc. (MU) shares were the fifth most traded stock on the S&P 500 with more than 42 million shares changing hands. Shares of the chip maker closed up 3%. A little over two months ago, the roles were reversed for Intel and AMD shares: Shares of Intel surged after posting "impressive" earnings (»www.marketwatch.com/stor ··· 17-10-27) while AMD shares dropped even after topping Wall Street expectations (»www.marketwatch.com/stor ··· 17-10-25). - Wallace Witkowski ; 415-439-6400; AskNewswires@dowjones.com (END) Dow Jones Newswires 01-03-18 1621ET
	actions · 2018-Jan-3 11:29 am ·
camper just visiting this planet Premium Member join:2010-03-21 Bethel, CT 2 edits 3 recommendations	camper to cralt Premium Member 2018-Jan-3 11:46 am to cralt said by cralt: OpenBSD's KARL is some sort of mitigation for this. They implemented it in the release that came out in October. The original message about OpenBSD's KARL appeared in June 2017 »marc.info/?l=openbsd-tec ··· 5941&w=2 Good explanation of similarities and differences of OpenBSD's KARL and Linux's KASLR »www.daniloaz.com/en/diff ··· nd-karl/
	actions · 2018-Jan-3 11:46 am ·

Forums → Software and Operating Systems → Security	« Microsoft Security Update Releases Issued: January 19, 2018 • Ashampoo Spectre Meltdown CPU Checker 1.0.0 »
page: 1 · 2 · 3 · 4 ... 9 · 10 · 11 · next