code block
Thread review | |
---|---|
Nicholas Steel |
https://arstechnica.com/information-technology/2020/06/new-exploits-plunder-crypto-keys-and-more-from-intels-ultrasecure-sgx/ 2 new exploits for Intel CPU's. One of them defeats SGX and the othre proves disabling hyperthreading doesn't improve security as much as people thought. |
creaothceann | Intel Software Guard Extensions have been removed for Rocket Lake-S. |
creaothceann | SGX was introduced with SkyLake, the 4790K is from the predecessor (Haswell). |
wertigon |
Posted by creaothceann That is actually 1 or 2, depending on if you want the mitigations or not. |
funkyass | Is there proof these mitigations have impacts outside of data centers? |
tomman |
I'll keep disabling ALL and ANY mitigations on each and every computer I got under my responsibility, thanks. Can't afford buying the hottest new broken piece of shiny CPU just because. On the flip side, maybe all those vulnerabilities and mitigations will finally force the entire IT industry to solve the endless software bloat pandemic... who am I kidding!? Bring on teh Javascripts! |
creaothceann |
5. Use an older top-of-the-line CPU. I'm still using my i7-4790K, which is €170 ($190) on ebay. It's comparable to a Ryzen 5 3600 in single-thread workloads. |
CaptainJistuce | 4. |
wertigon |
Posted by kode54 Only light in the tunnel is that this does not affect newer Intel CPUs at all, so you have four options pretty much: 1. Use mitigations and run at 20% efficiency 2. Run without mitigations and leave your system wide open 3. Pay Intel $$$$$$$$$$$ for new CPUs that are not compatible with your current sockets 4. Pay AMD $$$$$ for new CPUs that are not compatible with your current sockets Hmm, what is the best option here... |
kode54 |
Posted by Nicholas Steel Take A Way exploits only leak a "few bits of metadata," as opposed to providing full access to data Yeah, so nation state level attacker can spend multiple days whacking away at your computer with full local access, to retrieve a few kilobytes of metadata. Posted by Nicholas Steel It already does have a big performance impact, on the order of reducing performance to between 8 and 20% of the original performance. No, not reducing by that much, reducing it *to* that much: https://www.phoronix.com/scan.php?page=article&item=lvi-attack-perf#=1 |
BearOso |
Posted by hunterk Let’s not pretend. It’s a protection racket. “Here’s a big, scary computer thing that you don’t understand. Pay our security team and you needn’t worry!” |
hunterk | I'm okay with the fancy names and mascots and shit for a whole family of vulnerabilities (e.g., if "spectre" referred to the whole family of speculative execution vulns), but yeah, it gets pretty old when they come up with scary names for stuff that's only really feasible for highly sophisticated (probably nation-state) attackers who have physical access to your machine. |
Nicholas Steel |
https://www.theregister.co.uk/2020/03/10/lvi_intel_cpu_attack/ new Intel security leak, potentially big performance impact when mitigated. |
tomman |
Posted by Nicholas Steel Is it time to short AMD stock again!? Can we just assume that each and every piece of silicon ever designed is flawed and not bother looking for logo-and-name™ vulnerabilities anymore!? This is getting boring, like Boeing planes and coronavirus. |
Nicholas Steel |
AMD has 2 newly discovered security flaws with their CPU's: https://www.tomshardware.com/news/new-amd-side-channel-attacks-discovered-impacts-zen-architecture https://mlq.me/download/takeaway.pdf |
CaptainJistuce |
Posted by Nicholas SteelHooray total Management Engine takeover! |
Nicholas Steel | More Intel security issues: https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html |
strfry("emanresu") |
They are indeed harmless:We have tested all the modules in our lab and confirmed them as working. Your mileage may vary however, depending on software version, configuration changes, service pack, operating system release and processor architecture, and may result in either: |
Screwtape |
Today I came across https://www.wicar.org/ which aims to be like the old EICAR anti-virus test file. In their own words:The name "WICAR" is derived from the industry standard EICAR anti-virus test file, which is a non-dangerous file that all anti-virus products flag as a real virus and quarantine or act upon as such. That makes a lot of sense! There's a lot of malware-filtering tools, and it's good to have a harmless test site for them, for all the same reasons it's useful to have a harmless test "virus". The wicar.org website contains actual browser exploits, therefore, regardless of search engine, web browser, filtering appliance or desktop anti-virus product you use, it should be marked as malicious. what I thought you said "harmless"! |