Main » Discussion » Computer Security news » New reply
    Alert
    You are about to bump an old thread. This is usually a very bad idea. Please think about what you are about to do before you press the Post button.
    New reply
    Post help

    Presentation

    [b]…[/b] — bold type
    [i]…[/i] — italic
    [u]…[/u] — underlined
    [s]…[/s] — strikethrough
    [code]…[/code] — code block
    [spoiler]…[/spoiler] — spoiler block
    [spoiler=…]…[/spoiler]
    [source]…[/source] — colorcoded block, assuming C#
    [source=…]…[/source] — colorcoded block, specific language[which?]
    [abbr=…]…[/abbr] — abbreviation
    [color=…]…[/color] — set text color
    [jest]…[/jest] — you're kidding
    [sarcasm]…[/sarcasm] — you're not kidding

    Links

    [img]http://…[/img] — insert image
    [url]http://…[/url]
    [url=http://…]…[/url]
    >>… — link to post by ID
    [user=##] — link to user's profile by ID

    Quotations

    [quote]…[/quote] — untitled quote
    [quote=…]…[/quote] — "Posted by …"
    [quote="…" id="…"]…[/quote] — ""Post by …" with link by post ID

    Embeds

    [youtube]…[/youtube] — video ID only please
    Thread review
    Nicholas Steel https://arstechnica.com/information-technology/2020/06/new-exploits-plunder-crypto-keys-and-more-from-intels-ultrasecure-sgx/

    2 new exploits for Intel CPU's. One of them defeats SGX and the othre proves disabling hyperthreading doesn't improve security as much as people thought.
    creaothceann Intel Software Guard Extensions have been removed for Rocket Lake-S.
    creaothceann SGX was introduced with SkyLake, the 4790K is from the predecessor (Haswell).
    wertigon
    Posted by creaothceann
    5. Use an older top-of-the-line CPU.

    I'm still using my i7-4790K, which is €170 ($190) on ebay. It's comparable to a Ryzen 5 3600 in single-thread workloads.


    That is actually 1 or 2, depending on if you want the mitigations or not.
    funkyass Is there proof these mitigations have impacts outside of data centers?
    tomman I'll keep disabling ALL and ANY mitigations on each and every computer I got under my responsibility, thanks.
    Can't afford buying the hottest new broken piece of shiny CPU just because.

    On the flip side, maybe all those vulnerabilities and mitigations will finally force the entire IT industry to solve the endless software bloat pandemic... who am I kidding!? Bring on teh Javascripts!
    creaothceann 5. Use an older top-of-the-line CPU.

    I'm still using my i7-4790K, which is €170 ($190) on ebay. It's comparable to a Ryzen 5 3600 in single-thread workloads.
    CaptainJistuce 4.
    wertigon
    Posted by kode54

    It already does have a big performance impact, on the order of reducing performance to between 8 and 20% of the original performance. No, not reducing by that much, reducing it *to* that much:

    https://www.phoronix.com/scan.php?page=article&item=lvi-attack-perf#=1


    Only light in the tunnel is that this does not affect newer Intel CPUs at all, so you have four options pretty much:

    1. Use mitigations and run at 20% efficiency
    2. Run without mitigations and leave your system wide open
    3. Pay Intel $$$$$$$$$$$ for new CPUs that are not compatible with your current sockets
    4. Pay AMD $$$$$ for new CPUs that are not compatible with your current sockets

    Hmm, what is the best option here...
    kode54
    Posted by Nicholas Steel
    AMD has 2 newly discovered security flaws with their CPU's:
    https://www.tomshardware.com/news/new-amd-side-channel-attacks-discovered-impacts-zen-architecture
    https://mlq.me/download/takeaway.pdf


    Take A Way exploits only leak a "few bits of metadata," as opposed to providing full access to data

    Yeah, so nation state level attacker can spend multiple days whacking away at your computer with full local access, to retrieve a few kilobytes of metadata.

    Posted by Nicholas Steel
    https://www.theregister.co.uk/2020/03/10/lvi_intel_cpu_attack/

    new Intel security leak, potentially big performance impact when mitigated.


    It already does have a big performance impact, on the order of reducing performance to between 8 and 20% of the original performance. No, not reducing by that much, reducing it *to* that much:

    https://www.phoronix.com/scan.php?page=article&item=lvi-attack-perf#=1
    BearOso
    Posted by hunterk
    I'm okay with the fancy names and mascots and shit for a whole family of vulnerabilities (e.g., if "spectre" referred to the whole family of speculative execution vulns), but yeah, it gets pretty old when they come up with scary names for stuff that's only really feasible for highly sophisticated (probably nation-state) attackers who have physical access to your machine.

    Let’s not pretend. It’s a protection racket. “Here’s a big, scary computer thing that you don’t understand. Pay our security team and you needn’t worry!”
    hunterk I'm okay with the fancy names and mascots and shit for a whole family of vulnerabilities (e.g., if "spectre" referred to the whole family of speculative execution vulns), but yeah, it gets pretty old when they come up with scary names for stuff that's only really feasible for highly sophisticated (probably nation-state) attackers who have physical access to your machine.
    Nicholas Steel https://www.theregister.co.uk/2020/03/10/lvi_intel_cpu_attack/

    new Intel security leak, potentially big performance impact when mitigated.
    tomman
    Posted by Nicholas Steel
    AMD has 2 newly discovered security flaws with their CPU's:
    https://www.tomshardware.com/news/new-amd-side-channel-attacks-discovered-impacts-zen-architecture
    https://mlq.me/download/takeaway.pdf

    Is it time to short AMD stock again!?

    Can we just assume that each and every piece of silicon ever designed is flawed and not bother looking for logo-and-name™ vulnerabilities anymore!?
    This is getting boring, like Boeing planes and coronavirus.
    Nicholas Steel AMD has 2 newly discovered security flaws with their CPU's:
    https://www.tomshardware.com/news/new-amd-side-channel-attacks-discovered-impacts-zen-architecture
    https://mlq.me/download/takeaway.pdf
    CaptainJistuce
    Posted by Nicholas Steel
    More Intel security issues: https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html
    Hooray total Management Engine takeover!
    Nicholas Steel More Intel security issues: https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html
    ‮strfry("emanresu") They are indeed harmless:
    We have tested all the modules in our lab and confirmed them as working. Your mileage may vary however, depending on software version, configuration changes, service pack, operating system release and processor architecture, and may result in either:
    * Your browser exiting and opening the Windows calculator (vulnerable). [demonstration video - youtube]
    * Your browser opening the file and nothing happens (patched / immune).
    * Your browser displaying an error message or crashing (vulnerable but your system does not match the correct exploit conditions).
    Screwtape Today I came across https://www.wicar.org/ which aims to be like the old EICAR anti-virus test file. In their own words:

    The name "WICAR" is derived from the industry standard EICAR anti-virus test file, which is a non-dangerous file that all anti-virus products flag as a real virus and quarantine or act upon as such.

    By being able to execute a test virus program safely, the end user or network administrator can ensure that the anti-virus software is correctly operating (without utilising a real virus which may damage the system should the anti-virus software fail to function).


    That makes a lot of sense! There's a lot of malware-filtering tools, and it's good to have a harmless test site for them, for all the same reasons it's useful to have a harmless test "virus".

    The wicar.org website contains actual browser exploits, therefore, regardless of search engine, web browser, filtering appliance or desktop anti-virus product you use, it should be marked as malicious.


    what

    I thought you said "harmless"!
      Main » Discussion » Computer Security news » New reply
      [Your ad here? Why not!]