• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

WAF! Intel Processors can not be used! Full of Security Vulnarabilities More & More

motormafia

motormafia

Alfrescian
Loyal
Joined
Aug 7, 2008
Messages
1,204
Points
48
Newer & Newer very severe issues are showing up, one after another. And found out too late.

Should had use AMD and should seek alternative. Can China mass produce their own CPU core to sell? The one used by their world top supercomputer?

https://gizmodo.com/report-all-intel-processors-made-in-the-last-decade-mi-1821728240

Privacy and Security
Report: All Intel Processors Made in the Last Decade Might Have a Massive Security Flaw

Tom McKay
Today 12:00am
Filed to: Whoops
52.2K
565
tmptdqkzpcm7d1muunf2.jpg

Photo: AP
There’s small screwups and big screwups. Here is tremendously huge screwup: Virtually all Intel processors produced in the last decade have a major security hole that could allow “normal user programs—from database applications to JavaScript in web browsers—to discern to some extent the layout or contents of protected kernel memory areas,” the Register reported on Tuesday.

Recent Video from Gizmodo
View More >
Creatures That Stole Our Hearts in 2017
12/15/2017
Essentially, modern Intel processors have a design flaw that could allow malicious programs to read protected areas of a device’s kernel memory (memory dedicated to the most essential core components of an operating system and their interactions with system hardware). This flaw could potentially expose protected information like passwords. Since the error is baked into the Intel x86-64 hardware, it requires an OS-level overwrite to patch—on every major operating system, including Windows, Linux, and macOS.

The exact details of the design flaw and to what extent users are vulnerable are being kept under wraps for now, per the Register, though since developers appear to be rushing towards patching systems in coming weeks it is likely very bad. In the absolute worst-case speculative scenario, something as simple as JavaScript running on a webpage or cloud-hosted malware could gain access to some of the most sensitive inner workings of an Intel-based device.

Because the fix entails severing kernel memory entirely from user processes, patched OSes could potentially see a massive performance hit of “five to 30 percent slowdown, depending on the task and processor model”:

These KPTI [Kernel Page Table Isolation] patches move the kernel into a completely separate address space, so it’s not just invisible to a running process, it’s not even there at all. Really, this shouldn’t be needed, but clearly there is a flaw in Intel’s silicon that allows kernel access protections to be bypassed in some way.

The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel’s overhead, and slows down the computer.

Your Intel-powered machine will run slower as a result.

Five to 30 percent is a jaw-dropping number, but because of all the secrecy right now it’s difficult to tell how noticeable the impact will actually be for consumer use—enterprise-scale systems like cloud computing are likely to be the hardest hit. For the average user, it’s possible that the impact will be negligible. It’s also possible that a better implementation of the solution in future patches could reduce the performance hit.

“Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel” in redacted form, “and a similar mitigation began appearing in NT kernels in November,” the Python Sweetness blog wrote on Monday. “In the worst case the software fix causes huge slowdowns in typical workloads ... There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine.”

One problem with exploits is that even if this one is buried so deep it took ten years to find it, there’s no putting the cat back in the bag post-discovery. At the very least, the tiny slice of the market running AMD processors has some grounds to feel pleased about themselves.

[The Register/Hot Hardware]

More on hacking

Post-Equifax, Failure of US Lawmakers to Protect Data-Breach Victims is Glaring

Hackers Broke Into Forever 21's Payment System For Over Half of 2017

Study: Hackers Could Disrupt or Crash HDDs Using Only Sound Waves
 
Tua Kee! All computers and mobiles and phones are unsafe!

https://www.rt.com/usa/414955-intel-processors-meltdown-spectre/

‘Meltdown’: Google team flags Intel bug that may affect billions of devices
Published time: 4 Jan, 2018 04:53 Edited time: 4 Jan, 2018 08:45
Get short URL
5a4d9e64fc7e932c2b8b4569.jpg

© 4kodiak / Getty Images
AddThis Sharing Buttons
Share to Facebook766Share to TwitterShare to RedditShare to Google+Share to TelegramShare to WhatsAppShare to Facebook Messenger
Information stored on every desktop computer, smartphone and cloud server since 1995 could be accessed by hackers if two hardware bugs are exploited, a new report has warned.
On Wednesday, security researchers at Google Project Zero disclosed technical details on two security flaws that allow hackers to engage in unauthorized reads of a computer’s memory data, which may contain sensitive information such as passwords.

The researchers discovered that the vulnerabilities affect many CPUs, including those from Intel, Advanced Micro Devices (AMD) and ARM Holdings, as well as the devices and operating systems running on it.

Read more
Trump official claims North Korea to blame for WannaCry cyber attack
The first method of attack, known as Spectre, can be exploited by hackers to dissolve the barrier that separates different applications and trick otherwise error-free applications into leaking information stored on their memory.

Last year, researchers demonstrated how hackers could utilize “speculative execution” – a technique used by most modern processors to optimize performance – to gain access to sensitive information.

In order to improve speeds, modern processors execute certain functions speculatively, or before it is known whether they are needed. The technique prevents the delay that would come from executing the functions after they are requested.

Jann Horn, a lead researcher for Project Zero who first reported both vulnerabilities, discovered that attackers can take advantage of this technique in order to read information on the system’s memory that should be inaccessible.

In the original report, researchers said the vulnerability affects “billions of devices” that use microprocessors from Intel, AMD, and ARM

The second flaw, known as Meltdown, allows hackers to “melt” security boundaries between user applications and the operating system normally enforced by hardware. Hackers can exploit the vulnerability to gain access to the memory of other programs and the operating system, which could include passwords and other sensitive data.

In the original report, researchers said the vulnerability affects “virtually every user of a personal computer.” However, researchers at Google’s Project Zero have only been able to show that ‘Meltdown’ affects Intel microprocessors.

Daniel Gruss, one of the researchers who originally discovered Meltdown, told Reuters the flaw is “probably one of the worst CPU bugs ever found.”

Gruss said Meltdown was the more serious attack, because it was easier for hackers to take advantage of. However, he said that Spectre was much harder to patch, and would be a bigger problem in the future.

In an overview of the attacks, researchers said it would be “unusual” for either attack to be blocked by an antivirus, since they are “hard to distinguish from regular benign applications.” Google said, however, that an attacker must first be able to run a malicious code on a computer before they can exploit the vulnerability.

Researchers also warned it would be nearly impossible to detect if hackers had exploited the weakness, since the attack would not leave “any traces in traditional log files.”

In a blog posted Wednesday, Matt Linton, senior security engineer at Google, said there is “no single fix for all three attack variants,” but many vendors made several patches available Wednesday.

Google provided a list of their products that are vulnerable to the attacks, as well as their mitigation status. The company said as soon as they discovered the vulnerabilities, their security teams updated their systems and affected products to protect against the attacks.

Researchers also provided a link to software patches for Linux Windows, and OS X that guard against Meltdown attacks.

Microsoft released a patch Wednesday to protect customers against the vulnerabilities. However, the company said some anti-virus vendors will need to update their software to be compatible with the new patches.

The company has also released an emergency update for all devices running Windows 10, and further updates are planned. Microsoft also said they are in the process of deploying mitigations to cloud services. However, the fixes will also rely on firmware updates from Intel, AMD, and ARM.

Microsoft said they have not received “any information to indicate that these vulnerabilities had been used to attack our customers,” according to a statement to The Verge.

Amazon has also reportedly said they have protected most of their cloud servers from the vulnerabilities.

AppleInsider reports that Apple has already deployed a partial fix for the bug in MacOS 10.3.2 that was released last month.

The report also said that tests show the update does not cause any notable slowdowns.

On Tuesday, The Register first reported on the vulnerabilities, saying the patches to fix the problem would slow computers by 30 percent.

While researchers do not know how much the updates could slow the performance of older processors, Intel released a statement Wednesday that said the updates will not “significantly” slow computers for the average user.

“Any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time."

Intel rejected claims that either of the vulnerabilities were unique to their products, adding that it affects “many types of computing devices – with many different vendors’ processors and operating systems – are susceptible to these exploits.”

However, AMD said their products were not vulnerable to any of the attacks.

“Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time,” representatives of the company told CNBC.

ARM also released a statement Wednesday that said the “majority” of their products are “not impacted by any variation” of the Spectre attack.
 
Lucky I have not got a new pc. I will just it untill the new processors come out n only of the problem is fixed
 
I hope there is a class action to sue Intel and get some payments.

https://www.theverge.com/2018/1/4/16850120/meltdown-spectre-vulnerability-cloud-aws-google-cpu


The CPU catastrophe will hit hardest in the cloud
13 comments
Cloud platforms have patched fast — but the hardest work is yet to come
By Russell Brandom@russellbrandom Jan 4, 2018, 1:02pm EST
PB283235.0.jpg

This week, two disastrous new processor vulnerabilities spilled out into the open — and the tech world is still coming to terms with the damage. The vulnerabilities, dubbed Meltdown and Spectre, affect nearly every processor made in the last 20 years. Meltdown is the immediate threat, with proof-of-concept exploits already available, but Spectre is much deeper and harder to patch, potentially leading to generations of more subtle exploits in the years to come. The result has left nearly every major technology company scrambling to protect themselves and their customers.

The focus so far has been on personal devices, with a flood of patches already available this morning, but many experts think the most severe damage is likely to come when the exploits are turned on cloud services. “These vulnerabilities will allow one tenant to peer into the data of another co-hosted tenant,” says Mounir Hahad, the head of threat research at Juniper Networks. “This is the reason many organizations steer clear of hosted services when it comes to processing sensitive information.”

The Spectre attack is much more powerful in the cloud
Both Meltdown and Spectre deal with data leaking from one part of the computer to another, which makes them particularly dangerous when a single device is shared between users. With lots of commands running in parallel, the attacks found a way to extract data from the processor cache through a complex timing attack, sidestepping the usual privileges. Executed right, that could let a low-level process like a web plugin get access to passwords or other sensitive data held in a more secure part of your computer.

On a personal computer, that attack would be most useful for privilege escalation: a hacker running low-level malware could use a Spectre bug to own your whole computer. But there are already lots of ways to take over a computer once you’ve got a foothold, and it’s not clear how much a new processor attack would change things.

But privilege escalation is much scarier in the cloud, where the same server could be working for dozens of people at once. Platforms like Amazon Web Services and Google Cloud let online companies spread a single program across thousands of servers in data centers across the world, sharing hardware the same way you’d share an airplane or a subway car. Collective hardware isn’t a security problem because even when different users are on the same server, they’re in different software instances, with no way to jump from one instance to another. Spectre could change that, letting attackers steal data from anyone sharing the same chip. If a hacker wanted to perform that kind of attack, all they’d have to do is start their own instance and run the program.

Cloud services are also a lucrative target for anyone hoping to cash in on Spectre. Lots of midsize businesses run their entire infrastructure on AWS or Google Cloud, often trusting the platform with sensitive and potentially lucrative information. Bitcoin exchanges, chat apps, even government agencies all keep passwords and other sensitive data on cloud servers. If you’re running a modern web service, there’s simply no other choice. If someone did set a new exploit running on a cloud instance, there’s no telling what kind of data might shake out.

Researchers will be finding new variants and exploits for years
So far, cloud platforms are taking the threat seriously, and doing everything they can to contain it. Amazon Web Services, Google Cloud, and Microsoft Azure all immediately deployed patches against the Meltdown attack, and there’s no indication that the available exploits could work against any of those platforms. Where there have been lingering vulnerabilities, it’s because companies are waiting on patches from third parties, like the Windows-based instances of Amazon EC2. The major platforms have handled the immediate response well, and there’s no reason to think we’re headed toward a cloud catastrophe in the days immediately to come.

(Reached by The Verge, a Google representative said the company’s cloud services had been protected against both Meltdown and Spectre, although they declined to elaborate on the Spectre protections. Amazon did not respond to a request for comment.)

What’s more worrying is what happens in the next few years. Deeply rooted vulnerabilities like Spectre can be hard to stamp out. Researchers will be finding new variants and exploits for years — much like we saw with Stagefright — and not all of the new tricks will be as well-publicized as Spectre and Meltdown were. It’s easy to imagine an undiscovered Spectre exploit falling into criminal hands six months from now — and when it does, platforms like AWS and Google Cloud will be extremely tempting targets.

It’s particularly daunting because those platforms undergird almost all of what we think of as the internet. They run nearly every program on your phone, stream your songs and shows. It’s hard to think of a piece of information on the internet that doesn’t pass through those servers at some point, even just for caching. In a material sense, they are the internet. And while they’re staffed by some of the best security teams in the world, the attack surface is almost unlimited. Dealing with the fallout from Spectre will be one of the hardest security problems the system has ever faced — and it’s a problem that won’t go away anytime soon.
 
Apple says all Mac and iOS devices affected by Meltdown and Spectre bugs
UPDATED ABOUT AN HOUR AGO
Email Facebook Twitter WhatsApp

PHOTO
Apple plans to release a patch for its web browser within days.

REUTERS: EDUARDO MUNOZ
Apple says all of its Mac and iOS devices are vulnerable to hackers, after revelations there are two major flaws in nearly all computer chips made in the past decade.

Alphabet Inc's Google and other security researchers disclosed two major chip flaws — one called Meltdown affecting only Intel Corp chips, and one called Spectre affecting nearly all computer chips made in the past decade.

Apple said all Mac and iOS devices were affected by both Meltdown and Spectre.

But the most recent operating system updates for Mac computers, Apple TVs, iPhones and iPads protect users against the Meltdown attack and do not slow down the devices, it added, and Meltdown does not affect the Apple Watch.

Are you concerned about the major chip flaws revealed in Mac and iOS devices this week? Have your say in the comments.
Macs and iOS devices are vulnerable to Spectre attacks through code that can run in web browsers.

Siri can threaten online security[/paste:font]
Your mobile phone is collecting data about you all the time and online personal assistants like Siri are making things worse.
Shortly after the researchers disclosed the chip flaws, Google and Microsoft Corp released statements telling users which of their products were affected.

Google said its users of Android phones — more than 80 per cent of the global market — were protected if they had the latest security updates.

Apple remained silent for more than a day about the fate of the hundreds of millions of users of its iPhones and iPads.

Ben Johnson, co-founder and chief strategist for cyber security firm Carbon Black, said the delay in updating customers about whether Apple's devices are at risk could affect Apple's drive to get more business customers to adopt its hardware.

"Something this severe gets the attention of all the employees and executives at a company, and when they go asking the IT and security people about it and security doesn't have an answer for iPhones and iPads, it just doesn't give a whole lot of confidence," Mr Johnson said.

The news of the Meltdown and Spectre flaws sparked a sell-off in Intel's stock as investors tried to gauge the costs to the chipmaker.

Reuter

http://mobile.abc.net.au/news/2018-...devices-vulnerable-to-spectre-attacks/9306764
Email Facebook Twitter WhatsApp
 
Back to using abacus, pen and paper liao!

Macbooks all using Intel chips too. Once u go Mac, u don't look back? LOL!
 
You must log in or register to reply here.

Similar threads

Byebye Penis
Researchers discover unfixable bug in Apple’s M1, M2, and M3 Chips
2
Replies
38
Views
2K
Scrooball (clone)
Scrooball (clone)
LITTLEREDDOT
China hacks Singtel, PAP govt kept quiet until Bloomberg news reported the incident
Replies
11
Views
618
nabeifuckpap
nabeifuckpap
Rogue Trader
LTA to use bus cameras and AI for detecting traffic offenses and structure defects
Replies
5
Views
269
mojito
mojito
SBFNews
MIT researchers uncover ‘unpatchable’ flaw in Apple M1 chips
Replies
3
Views
1K
blackmondy
blackmondy
SBFNews
The tech flaw that lets CCP hackers control surveillance cameras
Replies
12
Views
1K
duluxe
duluxe
Back
Top