MASSIVE Security Flaw Affects ALL Processors
All Our Data Privacy Lost Like Tears In The Rain
Script kiddies can now have access to virtually all information online. ""NO IMMEDIATE FIX POSSIBLE.""
How boned are we, Holla Forums? Do we have Phosphorescent African American individuals to thank for this? Break out your marshmallows for the flames.
(((NYT))) Article:
archive.is
Google Release about Meltdown (but apparently not Spectre):
archive.is
Site with technical papers:
archive.is
Other urls found in this thread:
8ch.net
googleprojectzero.blogspot.no
archive.fo
jewishvirtuallibrary.org
newsroom.intel.com
nytimes.com
archive.fo
meltdownattack.com
archive.is
theguardian.com
zkml.lemote.com
intel.com
amd.com
bleepingcomputer.com
spectreattack.com
twitter.com
Wonder what this will do to the BTC market. Also no shit there was a built in flaw with all chips. I would suggest that the rng is not as random as people suggest.
Learn to use the catalog and lurk at least 8 years before posting.
All chips beyond 2006 have been compromised, we've known they've been compromised for half of that time.
i don't care about my security
i want to know if the government agencies are fucked, and if so, what's for grabs?
Mods exposed IPs here.
I did. Only one I saw was the Intel thread:
8ch.net
Both Meltdown and Spectre are discussed in that thread.
There is no new content in this thread that is not discussed in posts in the other thread, hence this thread is redundant.
Yes it's bad, BUT…… in order to take advantage of these flaws you still have to be compromised by malware in the first place. If you're already compromised in the first place, it could do anything anyway.
Well, in that their exploits are being exposed and defended against in the future (hopefully), take your pic.
Not true. For instance, Meltdown allows a malicious user of a cloud instance to get access to kernel memory and thus escape the VM isolation, accessing the data of any other users of that machine. No other user installed malware in such a case, just one malicious user stealing from others.
There is also an exploit that apparently escapes browser sandboxing (this might be more Spectre than Meltdown IIRC) and this could then be used to install the malware on the machine of a user's personal machine, and then that malware could use Meltdown (assuming it's an unpatched Intel box) to get root password from kernel space.
Heh. That's the thing:
If you're using any piece of technology you should assume it's compromised regardless.
Everything is insecure, nothing is safe.
Spectre is unpatchable, but is much harder to exploit (you need physical access to the machine), but also works on ARM as well as AMD processors.
Meltdown is able to be exploited remotely, but is patchable. But it also results in up to a 30 percent performance hit, but only for usermode applications needing to access kernel mode, and performance impact is seen only on synthetic benchmarks. Oh, and it only effects Intel
If you have Linux, you can disable PTI through GRUB, and take your own risk. AMD users will not need to do this though.
Generally, if you're an AMD user, you should be jovial as fuck right now. If you're an Intel user, you shouldn't feel too shitty since the performance impact for most programs will be negligible to nonexistent. Just make sure to go for AMD next time
If you're a server operator, you should be shitting your fucking pants right now, since database programs need constant access to kernel memory from usermode. Google and Amazon are fucked, that's why they're freaking the fuck out
Just make sure you get your fucking shit patched though, regardless
i'm thinking more along the lines of haxxing the government and ngo
Really????? So the experts from multiple sources that have much more credibility are wrong?
For some reason I think this is an excellent moment to sow some discord among tech communities in order to cause close to maximum potential damage to these various Jewish holdings, for those so inclined.
googleprojectzero.blogspot.no
Read what they were able to do and kill yourself for considering posts you read on leddit and cuckchan are "experts".
Considering you are posting through TOR, I suspect you know you're wrong and are just baiting unsuccessfully.
wut? You sure about this?
SAGE
hey, odds are they use the same processors we do. get off your ass and get me those nuke codes, user.
So lets use the exploit then. Time to expose kikes and kike-enablers and add names to lists for DOTR.
Yeah, once they had an attack vector.
STFU!
It's too late. The patches go through tomorrow I believe.
They've been working on them for months. If only someone leaked the vulnerability to Holla Forums…
I guess this means Holla Forums isn't in the know on Holla Forums related matters, and neither is Holla Forums for that matter.
HAXOR DUDE CUMIN THRU
Alternative explanation: Like they did in that Deus Ex game Human Revolution, fake a massive exploit/issue with a vital component to force people to upgrade to a supposedly-fixed chip, only for that one to have an actually exploitable flaw that is promptly exploited by the powers that be to shove an agenda down our throats.
that's terror……
pls email this webzone with a way to get one of those haxxor masks and a cape, user. I've got me a new world order to bring down w mah skillz.
This actually occurred to me:
...
...
deus ex is always fucking prophetic.
((( What a surprise )))
Add to that:
archive.fo
A clear case of insider trading, which is illegal, let the lawsuits begin.
I was thinking the exact same thing, though I personally think it's more about accelerating the market shift onto AI hardware technologies longer term. The mass surveillance and spying potential from "intelligent" hardware in an IoT setting would dwarf everything that exists now (and be far harder to detect let alone mitigate).
I know "someone" that said he had been in the privileged position to see encryption being broken in almost real time. even over tor I feel vulnerable.
Inb4 kike shill tries to derail thread
Just means that the public is going to be chomping at the bit for the 'fix' as soon as it's published.
Cue the pundits running news stories about
Damage control for Intel. They are trying to group these separate exploits to try to force fixes for Meltdown onto their competitors that are unaffected or have fixes which impact performance far less.
In the spectre cases listed, code needs to be ran on the system. The browser exploit mentioned would require accessing a website and provide access to memory allocated to the browser. You should, at the minimum, be accessing websites through a virtual machine.
I had never even considered the implications of an 'intelligent' system reporting its usage to some third party.
That's some chilling shit right there.
BRB, BUYING —–AMD—— AGAIN FINALLY
Check em
It was a case of Intel freaking out about an exploit that ruins their advantage over AMD so they pull their NSA and Mossad friends to get an equivalent exploit for AMD to ensure that it's not as bad of a PR nightmare for them.
(checked)
Good point actually. But it doesn't mean that Spectre is any less real or any less of a threat.
Intel probably just ratted out on a flaw it knew ALL processors had (due to le CIA spooks) as part of its damage control.
eh, wouldn't said code still work on a cloud server though? Regardless, it's not really that hard to get recognizably malicious code into a normie's PC or a slacker's server.
You can whinge about how Intel's bug is worse all you like, it doesn't mean that this is nothing.
lol
The performance impacts are greater for their newest line of processors. Halves performance for io heavy software like databases and web servers. That is what they are worried about and why they want the fixes applied to AMD too. AMD could make significant gains in the server market. Hard to ignore double the performance over competitors.
wewlad, enjoy your fucking spyware
So is my warez raylude server vulnerable?
Yeah, the Central ISRAELI Agency.
jewishvirtuallibrary.org
We need to start seeing lawsuit from big actors, say, every conservative organization that has used Intel chips, to start suing Intel with everything they can. But here's a better question: How many government computer run with Intel chips, and would have backdoors made specifically in the interest of a foreign nation constitute Spying / Treason? Where the fuck are my oven-mitts? I need to start spamming the DOJ about this.
Class action when?
...
Some one use this on Wikileaks, bring us those tasty treats. Get to it hackerman.
Equifax got away with it, these will too.
Which is terrible when you remember one probably has a profile on you on par with government agencies, and the other uses your card.
Thats from a better Deus ex.
With all the spy programs, the patriot act, people giving up all sorts of info on FB ,gps tracking on fitness gear, Alexa and other such shit being marketed, the forced Internet of things, the research into AI, etc. It has so much more it could highlight and that's just technology. Never mind the social things, the financial collapse, 9/11, the illegal proxy wars, etc.
This just in: According to WAPO Putin is directly involved.
he told us
All the tech "journalists" on Intel's payroll are already doing damage control. Oy fucking vey.
Oh and here's something else that's funny. So how many of these "voting machines" do you think have these back-door Israeli Intel chips installed, not just in the US?
newsroom.intel.com
If they were to pick an exploit, then it would be one that cannot be fixed without purchasing a new processor. A design flaw with branch prediction works well for that purpose. There are simpler methods they can fallback to even if the method itself is flawed, like pridicting branches will evaluate to false. Though, I would't doubt they have a new method planned anyway. That way the pr hit can be used to drive new sales.
Makes sense, Banks are desperate to control a majority share of BTC and cryptocurrencies so they can manipulate it as easily as fiat, what if the 30 percent performance hit from the patch is actually crowdsourced mining for that purpose?
Nice dubs and nice logic again. The saging without explaining how this isn’t an issue strikes me as butthurt though. It clearly is an issue. Not as big as Intel’s, but certainly something important.
Checking ‘em.
Wew. It would be amazing. Between that, the insider trading and the voting machines I’m not sure how anyone here can buy an Intel chip again.
My friends laugh at me for using an old PowerPC… they're not laughing any more folks.
"This work was supported in part by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 681402)."
"This work was supported in part by NSF awards #1514261 and #1652259, financial assistance award 70NANB15H328 from the U.S. Department of Commerce, National Institute of Standards and Technology, the 2017-2018 Rothschild Postdoctoral Fellowship, and the Defense Advanced Research Project Agency (DARPA) under Contract #FA8650-16-C-7622."
European Union’s Horizon 2020
Rothschild Postdoctoral Fellowship.
DARPA
Also we have the 2038 year problem ahead.
...
can't stand these butthurt retards that only exist to keep watch on duplicate threads, or rather any thread that has anything in common with any other thread
as though it matters
as though all these threads aren't temporary
as though being a fucking retard doesn't not mean you shouldn't not be shot
...
...
what kind of mechanical web browser are you posting from?
your not wrong
checked
the judaism is untenable
It's incredible how we actually literally live in a dystopia where every single CPU is recording your every action, and we just accept it. Whatever, I guess.
...
Does this mean we can steal googles server data?
Google have known about it since November and already protected against it, so no. You will be able to get A LOT of vulnerable systems for a long while though. I've already seen skiddie solutions in the wild.
I knew my toaster was something special.
[MJ12 intensifies]
I was about to search the catalog for this. It's FUCKING HUGE.
Why the fuck isn't this stickied yet?
Just imagine how long the glow in the dark agencies have been using this implying they didn't request this feature added by (((Intel))).
This explains why memes slipped through, but text didn't. Text, ban hammer, all kinds of fucking problems for such people, just memes, it flew under the radar (they have likely made enormous progress in this area, however…).
The spectre exploit cannot be used as effectively against AMD's processors that can encrypt memory across virtual machine instances with SEV. The security risks of both exploits can be mitigated on AMD. Intel, on the other hand, required an update that crippled performance and has no solution for spectre on virtual hosts.
That's what's so brutal about this one. It's a hardware issue that has to be worked around in software. And for this particular issue, Intel cannot issue a microcode update to fix their flaw.
No, user:
From Reddit:
Meltdown
> affects every Intel CPU since 1995 (save for certain Itaniums and first Atoms). Possible to fix with software patches but with a performance penalty.
But I'm still digging.
the fucking image
tbh it's more like a category of flaws opening up. This won't be the last we hear of hardware flaws…
Yeah, and not Intel's first big screw up either. We need simple architectures that don't try to "outsmart" the programmer. If programmers (and here this would usually be the compiler) had direct control over the execution order of instructions, we wouldn't have this mess. Intel just had to be 'clever' though, didn't they. Hopefully Power9 makes a resurgence.
yup we're fucked
Holla Forums analogy: Imagine needing to hire trustworthy employees who are obviously not Jews. You don't have enough time to verify them properly until after they begin working for you, but perhaps at first they pass the eye test. Soon enough, you realize to your horror that your new staff are kikes. You immediately fire and gas them, but it's too late. Even by trashing their changes, you can't undo the side effect that sensitive data has been sent to Israel.
we're gonna need more cloths
We have no information about how our computers work, not really. We're flying blind. We may run Linux on our computers, but our computers are, in the hardware, secure as Windows 95.
Any proof Ryzen/EPYC are safe from Spectre?
"Which systems are affected by Spectre?
Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors."
from:
meltdownattack.com
(linked to by @Wikileaks)
Exactly, it's a very sad state. And made less palatable when you realize you literally have to trust a chipset you cannot audit that is made in… Israel.
(((COINCIDENCE)))
I'm loving every miniute of this. Big bad tech companies planning on enslaving us with their flawed junk. Some fancy tech we got. Fucking junk made by our precious corporations. How the fuck does one get sucessful by selling garbage?
Because of the intelligence of the consumers.
the illusion of the allusion of choice
Yep. It was the bait. The product itself was bait, the idea we could actually fucking get computers/tablets/phones, as we conceived of them, machines which worked for use, that was the bait. The promise of a product. In actual fact it was a trap, and there was no cake.
sadly checked for the truth
Don't forget about 5G, because in order to reliably manage vast amounts of smart devices requires a ultra-fast communication infrastructure. If smart IoT networks are dense and convoluted enough (or exploits intelligent phones and self-driving vehicles), you could have intelligent systems relay data fragments through various routes (device to device) until reaching an agreed upon location. All the fragments would then consolidate and transmit it to a third party data center, without the user being able to use a packet sniffer to reliably detect it. To the home user they'll just think its "encrypted" packets to manage connectivity or just part of typical data traffic, but it'll be doing a lot more than that. That's already one hell of a "swarm intelligence botnet" subplot a new Deus Ex game could contain, and is within the realm of plausibility in the future.
Speculative execution was added so the processor could optimize for you. Wonderful, isn't it?
In a multi threaded application, you cannot be guaranteed instructions are executed in the order they are written due to how code is optimized. A programmer can learn to work with what they are given, but it is not easy by any means.
Interesting. A lot of games were, for a long time, single threaded. Perhaps that's they became an issue for the security services. Remember the stories that claimed drug dealers and the like were using X-Boxes to conduct business?
You start thinking outside of the box and you'll get a typed-out tongue-lashing from the secret orgs. Lulzy how that works. It's as bad as the Mormons. You'll get "escalated".
< tfw the NSA is just a fancy call center
Jesus!
OK, so there IS a way to solve these problems, but it'll be expensive, and it will take a long time before it is commonly available.
(this is a napkin sketch)
1. Each PC or cloud rack shall be comprised of many small computers, restricted so:
2. Only 1 program per CPU, at a time
3. Main memory shall not be shared, though encrypted memory may be shared, where the key is held alone by the CPU, and within the CPU itself, in special physical cache
4. Access to this encrypted shared memory, and many other operations, shall occur on a round-robin basis, regardless of demand
There's going to be a lot of memory moving in and out of caches than previous, what will the performance impact be of this compared to the workarounds proposed by big tech?
All is botnet
I told you. You didn't listen.
The performance would be shit, compared to what we're used to.
But then again, we could continue to use shit machines for stupid crap that doesn't matter… like browsing really dumb time-killing websites or whatever. Gaming. And coms with stupid fuckers who will never secure anything anyway, so why bother encrypting the calls, when they're going to run Windows? I'm not a fucking computer architect, but I'm pointing out what I think would need to be done, to achieve 100% assured isolation. Basically, each app gets put in its own CPU cell, like a prison, solitary. tbh, the prison metaphor is pretty great. idk why it's not used generally.
Someone I know relayed a story, and laughed. He said an old man asked him if it was all free, referring to Google and such.
Turns out, the old man was the fucking smart one here. I took note, and began to wonder. Many people smarter than me seemed to be 100% not worried…
This is no doubt them just abandoning their already compromised software for "better" compromised software, more backdoors, less ability for private hackers to get into it blah blah. Its not like they will just remove the back doors. Thats not going to happen.
First the chip has to get the data, verify that the data doesn't hit any failure states, then the data has to be reprocessed through the decryption algorithm, processed by the CPU, the result output then has to be processed by the CPU again to be encrypted before the data is then sent to the system memory. That is chewing up a lot of processor time.
The solution is to make a competing company with someones bitcoin gains and make processors that are marketed as "no back doors, fuck Israel" or something.
Like really, it shouldnt be that hard when all the competition just got kicked in the balls 30%
My largest concern is that we end up with asymmetric performance between us and our (((adversaries))). Then again, what we currently have is unacceptable…
Good grief… I wasn't aware of the details of their workaround. And given the lifespan of *temporary* workarounds in the field, I can imagine it will outlive new CPUs that (hopefully) don't have this exploit.
did every shitposter here drop acid at once?
there is nothing wrong with intel, these are baseless accusations
dear god my man
gas yourself
SEV was designed to protect against these types of exploits. Memory read by the exploit would be AES encrypted with keys being stored in the SEV firmware. It even has a security model for sandboxing individual applications.
Oh my god some machines will have a 50% or greater slowdown, my bet.
However, (((Intel))) sez
I can't find the source but someone ran a performance test on SELECT 1 in postgres and saw 23% performance drop.
All I was detailing were the steps needed to ensure system level encrypted memory. The problem is the encryption would not really work (unless you were specifically talking about a computer's RAM) due to the fact that any result calculated by the CPU has to be stored somewhere for it to be accessed by something the would encrypt the data before it reaches the RAM. Do not forget that CPUs have level 1, level 2 and sometimes level 3 types of memory before it reaches the RAM (inserted memory chips).
If the L1-L3 memory can accessed and downloaded by these security flaws then no amount of software patches are going to stop the leak unless they run a program that compares the data in the memory with outgoing data from your system to see if there is a match which would indicate a breach of security. This too would chew up processor usage.
so they're admitting it's all a botnet now?
2018 is shaping up to be awfully interesting!
That's software. This is hardware so we're mega mega fucked.
They admit fucking nutzing.
Life comes at you fast, eh?
I wonder how many more iCloud dumps there might be. Apple did go full (((intel))), after all. The problem is, people still think that technology is magic, and will not understand the implications or ramifications of this fuckery.
Well, we now know why the CIA wanted to buy so much goddamn time on Amazon servers.
To be clear, Ryzen is vulnerable, at present, to Spectre:
OK, the quote was fucking misleading. Image related, from AMD.
they really couldnt have just called them "Raisens"?
HA HA HA HA HA HA HA HA HA HA HA
2018 IS GONNA BE GREAT!!!
I KNOW IT'S RETARDED, OK?!
^ via @nicoleperlroth
Also, pic related
HUE HUE HUE HUE HUE HUE HUE HUE HUE HUE HUE HUE HUE HUE HUE HUE HUE HUE HUE HUE HUE HUE HUE HUE
My understanding is that the exposed information is not the contents but hints about the contents at a given point in time. You can piece together information. It just depends on how long the information is stored in CPU cache - I'm not knowledgeable enough on the subject to say.
I use a laptop…..
It's sort of a joke, that's not a joke. There is no replacement CPU…
…replace the CPU…
…with some CPU not yet made…
Mate you need to replace the CPU by a 1993 Pentium I for it to not be affected.
This was the reason SEV was developed by AMD. It handles the encryption and decryption on the CPU in hardware so the only effect is increased latency for execution. It provides sandboxing for virtual machines and processes. It only needs to be enabled, the OS doesn't need to be rewritten. There also exists AMD's SME and Intel's SGX. They are less sophisticated but can be used to encrypt RAM.
Apparently tons of Intel CPU have an enormous amount of kike design, going way back. See:
8088:
The Intel 8088 ("eighty-eighty-eight", also called iAPX 88)[1][2][3] microprocessor is a variant of the Intel 8086. Introduced on July 1, 1979, the 8088 had an 8-bit external data bus instead of the 16-bit bus of the 8086. The 16-bit registers and the one megabyte address range were unchanged, however. In fact, according to the Intel documentation, the 8086 and 8088 have the same execution unit (EU)—only the bus interface unit (BIU) is different. The original IBM PC was based on the 8088.
Max clock: 10 Mhz
in other words, .01 Ghz…
Could be why the White House banned personal phones which should have been done from day 1 It's not like those commies at Alphabet and Crapple were just going to ignore their spynet in every staffer's pocket and purse… to them Trump is literally Hitler, afterall
archive.is
If the encryption is done "in process", then many of the concerns that effect the Intel line of chips would not apply unless you want to run the system online at full speed. Offline systems would not be effected except in cases of on site physical interference. "Always online" gaming would be killed if a cheap effective way to exploit the security weakness is discovered. Also consoles will also need to be reconsidered.
First of all, it's not a backdoor. It's an exploit. Likely the exploit was at some point discovered, then they were instructed to keep making them vulnerable.
Second, Ryzen is not presently affected.
Your posting format is atrocious, fix that shit faggot.
well now that pressing issue is resolved
...
But user, that's what a data center is.
Its not even the fact that its painfully obvious you're not from here, but the simple idea of a pleasing to read typing format that doesn't cause unneeded, large, interrupting spaces between sentences and thoughts.
Holla Forums is always right. Faggots still using NSA/Windows and Jewtel, with bad excuses such as "L-Linux isn't perfect! This makes it as bad as Windows!" "muh gaymes" should just kill themselves.
this
Well, that's pretty good evidence I'm not CIA. But what evidence have you that you are not CIA?
None at all, and I never implied you were Alphabet in fact I though you were a redditfag, looks like you just outed yourselves by a slip assumption, CIAnigger.
JESUS! Anyone else notice how the CIA's agents have their claws out today?
While these above posts state that Spectre does affect AMD and ARM CPUs, question what specific chipset models are affected? Anything past 2015? Past 2014? Past 2012?
i think your both CIA and I think the only shit that can get done is CIA agents calling each other CIA agents
uhuh
gee, what kind of fellow would find use in that?
Nothing we didn't know
What about the Vishera CPUs like the FX8350?
I should have specified, the architecture is called "Piledriver", 2012 year model.
oh no the agency is going to kill me now
Whilst it's impossible to know for sure I doubt it. Both flaws seem to be due to prioritising performance without fully thinking through possible security implications, i.e. putting shekels before product quality. Back in *1995* when the "meltdown" bug originated the security culture required to spot it probably just didn't exist. Most users were running OSes where every user could do anything, crashes from accidentally stepping on kernel memory were common anyway, and standard server software like sendmail was filled with vulnerabilities, so the alphabets didn't need this capability at the time.
Both flaws are definitely real, PoCs are public and some cases were reproduced independently even before they dropped.
No (popular) OS fully trusts the hardware RNG, they only use it as one entropy source in a pool, which is supposed to be secure even if it has some subtle predictability built in.
Honestly, one of the major problems with cultural corrosion is our lack of adherence to a racial style guide. We need coherency in the way we dress, speak, write, and program. A willfully Aryan people would not have made the compromises that resulted in this gaffe.
It’s a speculative execution issue, and the fix for it is to insert a verification step at the guest Kernel or hypervisor, that act itself would generate up to 30% hit in pipeline efficiency
No, it's considered quite permissible to LARP as CIA, as a CIA agent…
kike
Why isn't this stickied?
well shit
AMD is unaffected by this particular vulnerability. All AMD designs.
...
Some sites are claiming this bug does not affect intel Atom processors from between 2013. Older Atom systems are pretty cheap and easy to find on eBay. I actually have a couple collecting dust in my closet. I guess it's time to dust them off.
It doesn't seem to ever be a true backdoor. Basically, it seems like there's a vulnerability that lasts a suspiciously long time. So the way I think it works is that they fuck shit up, then the NSA finds the problem, exploits it, and tells them to keep fucking it up. Only the "tells them" part is probably just Masons doing their (((duty))).
Fucking kek
Wrong. I've already designed it. Spent a long time on it and had to come up with several theories related to its function.
That was the plan. But then I decided that I didnt want to be the one who history as the reason the kikes were able to do x, y and z. Tldr of it is the arch looks similar to current stuff but is "inherently quantum by accident" and winds up looking more like a human brain than a computer chip when motherboard et al are factored in. And there are implications that come with that that I want nothing to do with. maybe after the final shoah.
Lunduke did a pretty good job of explaining it yesterday… if you are linux nerd.
Ahahaha
Great. So even if this is intel’s damage control, it just means they are even more toast.
...
It gets worse. On AMD, this class of attack does not allow reading memory outside of the executing process. That's pretty much nothing. So yeah, Intel is toast.
Reminder that since 2005-2007, most of Intel's chip architecture was designed in Israel.
No reason I'm bringing this up, it's just a coincidence and you're all paranoid anti-semites.
It is
Today they launched bunch of shill articles in the press trying to confuse the plebs and mitigate the damage
The official story is just too convenient. This has been in the "arsenal" of the US IC for a number of years. Gotta give them some credit for at least having a little imagination by inserting DARPA & Rothschild.
This was mentioned in the Snowden dump.
What can this do to an average Joe like me? Assuming I don't use a honeypot like pisscord that would give my IP to Panty-fa who would ransack my PC, or do anything else to draw attention to me, how can I be affected?
This is what I have
>mfw I knew better than to buy (((intel)))
Unless you already have root on the box you can't get any data from the CPU that you don't have permissions for. It executes the program to speed things along, but before it commits to memory it waits for the request to do so which comes from the kernel. The kernel never sends the request because you're in ring 3 trying to access ring 0.
The researcher who discovered this wasn't able to actually get any results, the people who have tested it as well weren't able to get any results, and the entire exploit is based on a hypothetical that there COULD be a sidechannel attack out there that would allow you to access data from speculative execution before the CPU dumps it to ground.
Trips for disinfo?
Top tier analogy user. There should be a platform dedicated to explaining technical phenomena in terms of the kikes.
...
...
JOHN TITOR anyone?
Spectre and Meltdown are two different exploits. There's a variant of Spectre that works on AMD processors but it's easily fixed with software patches.
he tried to warn us
In other words, it will be a case of Intel going
checked the satan kike digits
kek glad someone had the focus to make a mp4
did you guys seriously not already know this?, whats the next "breaking news" story? cisco routers full of holes, and google and windows is basically botnet access?
Well it's nice when the tinfoil dude actually has something proof like to show to all the good goys at the water cooler.
...
im at the point where if it isn't a pebble it's a botnet
lel, didn't work
Of course pebble is botnet, comrade. See you not a beach? What of anthill? Ant carry pebble after pebble; build passageways.
Not just Inty Bro All computing machines since 1995 are pozzed due to exploit. We are all compromised.
i see it now i finally see it now
It is already fake news.
The flaw was discovered at the university of Graz in Austria.
Fuck jewgle.
So theres a cryptocurrency called rivetz, and it supposedly blocks an operating system and other from knowing whats in a cryptowallet, it appears to have taken a tiny bit of a dip today. I wonder if its completely nullified by these exploits.
pic related
This.
You mean like installing code on an Amazon virtual machine instance?
LOL.
Consider too that every machine hooked to the Internet could be running a big ass supercomputer with spare cycles, through the ME. Basically any machine which supports virtualization in hardware could be doing this.
This is why I just use my computer for vidya and shitposting.
You really don't have a problem with CIAniggers watching you play Doki Doki Panic and posting Porked memes on /leftycuck/?
Way fucking longer. Kikes in Intel chips goes back to the 70's!!!!
IT'S FUCKING HARD TO FIND A LIST OF THESE THINGS
THERE IS NO WIKIPEDIA PAGE LISTING CREATIONS OF ISRAEL
It's still problematic. They can tell, for example, if you've been busy lately, too busy to game. Don't show up according to pattern, get placed on an escalated list.
lol @ 800x600 benchmarks
THE BIG NEWS HERE IS THAT ANY WEBSITE THAT CAN RUN JAVASCRIPT CAN NOW READ WHATEVER IS IN YOUR RAM, IF YOU HAVE INTEL
^ Meltdown explained
What's new?! What's new is that EVERYONE CAN TO THIS NOW, NOT JUST THE FUCKING CIA, EVERYONE!
The latest version of Firefox makes it so the code won't work in Firefox, but someone will find a way around it, in the coming days.
Hold on to your fucking seats, my nigger. 2018 is going to be a wild ride.
Welcome to CY+3, enjoy your complementary botnet and CIAnigger reaming.
Opinions on "secure" laptops and phones designed for privacy such as Librem?
Yesterday the news was just Intel. I think Intel is exerting influence to make it look like others are just as vulnerable. Sneaky yehudis.
does that mean u can get a pentium ii and not be fucked like this or not?
does it start at pentium ii or is pentium the last b4 the spectre hack?
you'll be wanting the ASUS ROG Strix GL702ZC
You know that's bullshit, right?
They code an emulator. It's not that difficult when you don't care about performance.
They either do calculations by hand (that machine wasn't fast by any means) or use a airgapped computer and burn it later.
Nope. From kikepedia:
So a vanilla Pentium is … well, safe from MELTDOWN.
But there's also SPECTRE. Can Spectre be exploited from Javascript? I have not found an answer.
Yes, the scammer made a huge error. He proposed going back with a physical computer, rather than going back with the plans, so they could be utilized on far superior technology. Recently someone was LARPing with a similar sort of scam, claiming that only a specific Pentium IV laptop was OK. But we now know, hilariously, definitively, that is not the case.
damn so only the vanilla pre 1995 pentiums are safe from meltdown and spectre it looks like.
what about a lemote yeeloong?
zkml.lemote.com
I would assume so are safe from spectre / meltdown but who knows what the chinks are up 2 in those processors
Vault 7
& Checked.
Intel's stock tho
Pic related
Checked. And, no, they're not safe from Spectre. Spectre is really weird. From kikepedia:
"As of 2018, almost every computer system is affected by Spectre, including desktops, laptops, and mobile devices. Specifically, Spectre has been shown to work on Intel, AMD, and ARM processors.[9][10] Intel responded to the reported security vulnerabilities with an official statement.[11] According to a statement by AMD, vulnerability to the second Spectre variant hadn't been demonstrated on AMD processors and posed "near zero risk of exploitation" due to differences in AMD architecture.[12]
At present, Spectre has only been shown to work between user level programs, but it seems likely the attack can be developed further. While more difficult to utilize properly than Meltdown, Spectre may be much more challenging to defend against due to its generality. The original white paper even speculates that significant changes in microprocessor architecture might be needed in order to fully dispose of the problem.
Furthermore, Spectre has the potential of having a greater impact on cloud providers than Meltdown. Whereas Meltdown allows unauthorized applications to read from privileged memory to obtain sensitive data from processes running on the same cloud server, Spectre can allow malicious programs to induce a hypervisor to transmit the data to a guest system running on top of it.[13]"
Meltdown
Intel: Yes
AMD: No
Spectre
Intel: V1 Yes
Intel: V2 Yes
Intel: V3 Yes
AMD: V1 Yes (0% performance impact when fixed)
AMD: V2 No
AMD: V3 No
OY VEY ALL CPUS HAVE THIS PROBLEM WE ARE WORKING ACROSS THE ENTIRE ECOSYSTEM TO SOLVE THIS PROBLEM
THIS IS NOT A BUG OUR PROCESSORS WORK AS INTENDED
intel.com
amd.com
Slight correction:
AMD: V2 No*
* Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date. (READ: there is probably a statistical method which could do this. Nation States could do this. So the CIA can do this… ).
So many of Intel are total douchebags. Therefore I glory in their demise. This is their demise, by the way. It's the end of Intel, as we know it.
I forgot quotes around "Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date."
^ That's AMD's text.
Yeah. There are fixes out, but I'd recommend running javascript as little as you need. At a minimum, something like uMatrix to at least stop the execution of remote scripts.
bleepingcomputer.com
I answered the question, finall, I believe. I think the answer is that no, Javascript can't, or at least isn't supposed to allow the context switches necessary for Spectre. Java may be more vulnerable. Java doesn't allow the programmer to control context switching, but I suspect a malicious program can force them.
And you're quite right. Javascript is evil.
I would assume that Chinese laptop has PRC backdoors in it. I am certain it is supposed to have them, per their dictates. So no, I wouldn't spend a goddamn dime on one.
Well Google and Mozilla disagree. Did you read the article?
The article does not confirm any example of Spectre attacks working in any browser. Let us know if you find an example!
Did you expect them to give you a proof of concept? They didn't take steps to patch this for no reason, in November no less.
Look at the original paper, they detail a javascript attack.
spectreattack.com
Thanks! You're right!
WE'RE ALL FUCKED
Unfortunately. And really the only fix is to replace the chip entirely.
If it were possible to disable all cache, would this not fix the problem?
Nope. It's at the silicon level, far lower down than any caches.
Maybe spam the queue with dummy operations?
That'd require a significant slowdown though, as the compiler (or more likely the linker) would have to spit NOP's everywhere. A NOP will still require some non-trivial amount of cycles making everything very, very slow.
Any idea what % we're talking here?
You would have thought they would have implemented some form of verification process to ensure all scheduling has the correct security level for what's requesting it, and if not discard the speculated operations which mismatch.
CPU aren't open source at all. God knows how bad it is…
Well I bet Ted's crazy mathematical genius ass is feeling real fucking smug and vindicated right about now.
They actually do, but they forgot to handle certain side effects correctly.
I'm really not sure, and it's hard to calculate. If you could insert the perfect number of NOP's to eliminate branch-prediction screwups you'd simulate in-order execution. The closest processor that behaves like that is the Intel Atom. Of course such a naive solution would add unnecessary NOP's and it'd probably be an order of magnitude slower.
(checked)
He literally tried to stop it.
This isn't any news at all, this shit has been going on even before the smartphone era, only nowadays the average user is even dumber and the number of exploits is exponentially rising per day due to a mix of negligence and malicious product designs. New Intel chip come with a secret layer that consumes very little energy but keeps on running even when laptops are shut down - why else do you think most companies stopped letting you take out the battery without voiding your warranty? And all of the sensors don't really deactivate when you tell the machine to do so.
This kind of news is made up just to shake the average normiecore to prevent them from noticing more pressing issues, like Iran and Pakistan or even worse, hiding some news altogether.
So let me get this straight:
PRISM
EQUIFAX
CPU BACKDOOR
Why not just walk around buck naked in the streets? Might as well.
If this isn't a sign things are going to burn soon, man…
We didn't go to the woods peacefully, and now the woods will come to us. About time this overreliance on technology ended, Butlerian Jihad now
No no, believe me. If Intel could do it, they'd help those two start a nuclear war to bury 'THIS' news. What we're talking about here, could be the mother of all fuckups, one that you'll remember for many decades. The class of attacks that spectre opens up has disastrous potential,
How difficult will it be to make a (boot CD, for example) distribution of Linux that implements such a slowdown? Are we talking years here?
she now has all your data
email leaks?
hahahahaha
Who gives a fuck faggot.
It should be much sooner. Once the embargo is lifted, we'll know more about what the best mitigations are. I'm curious to see what companies/governments involved in high security computing will do; the correct solution is to use newer hardware, but the cost would be astronomical.
Great!
This is the end of Intel as we have known it. We'll know a lot more after the layoffs, and the disgruntled spill the beans.
...
I meant likely heh
What else is new?
Unless they have a brand new architecture ready by next year unaffected by this that's a pretty unlikely theory. Doesn't really make much sense either because its not like their lineup has been failing to ship every cycle, Ryzen took a chunk out of Intel but not enough to make them stumble.
I built my new computer in January of last year. God do I fucking regret not waiting to see what AMD would deliver. Those extra threads would have made my VMs so much better.
I always had something in the back of my head that said branch prediction wasn't all that it was cracked up to be.
Microchannel to the rescue!
(I have one of these for writing when I need to focus… it has a LAN card but never hooked it up.)
Kosher hardware was somewhat okay before everything was hooked up to the internet. But now?
Orient and observe, user. They needed a baseline.
Welcome to /po/
Maybe if they can't get mass surveillance accepted by the public, they'll frame the imposition of it as an inevitable possibility due to the supposed technical impossibility of securing things.
I'm not saying Titor os real as there are plenty of other holes in the story, but it does make sense to acquire a physical example of an old, rare piece of electronics for a couple reasons.
A. If the task requires a specific piece of rare hardware, it's because they really need that piece of hardware. Creating an emulator to run software intended for a certain platform is "easy" but software emulators are imperfect, often in significantly crippling ways. Just look at emulators for old consoles and you'll find plenty of example of games that straight up don't work or are broken/buggy due to the incompleteness of the emulator. This is still the norm even after well over a decade of large scale development of these emulators. If perfection is required, real-time emulation of the hardware is necessary and hardware emulation is several orders of magnitude more computationally intensive. We've only now begun to see hardware emulators for systems like the NES come to fruition and that's a set of hardware that is laughably slow by even 90's standards. You also need perfect, complete documentation of every last bit and nuance of the system in order to make such an emulator which brings me to my next point.
B. Documentation isn't easy to come by. Titor was trying to obtain a relatively rare piece of business hardware that had long since been made obsolete. Where exactly was he supposed to obtain perfect and complete documentation on the system without going straight to IBM themselves? I find it hard to believe they'd hand over a mountain office proprietary, valuable information to someone claiming to be a time traveler. Even if he was able to obtain all public documentation, one of the key components of the Titor legend is that he claimed that IBM system was capable of certain functions that were never publicly documented, only for people to discover his claims had been true all along, long after he "disappeared".
C. Lastly, what's the easiest and cheapest way to go about obtaining a rare piece of hardware? We don't know how much it costs to send someone back in time, but if it's cheap (sub-$1m) it would be cheaper than any other option. So why not go back to a time when those machines were obsolete but still available enough that you could grab one from a bankruptcy auction or asset liquidation sale?
implying privacy is dead
Ive been telling ppl to go AMD for years.
..feeling pretty smug right now
Their stock closed at +0.7% today.
I'm typing on a Model M that looks just like that right now. Super pleasant. Sage for off topic
Just hope AMD can produce chips as fast as intel.
p.s. hot hoe, but just a hoe
ARM is where its at.
Intel designed their CPU's with a planned back door, but little did the designers know it was going to end like this.
The guys making that ATX POWER9 system could make a killing off this if they play their cards right.
ARM has (((trustzone))). It's literally what AMD's PSP is.
AMD doesn't make their own chips. They are made by Globalfoundries, which are owned by the state of Abu Dhabi.