Breaking news: Security flaw supposedly found in Intel's hyperthreading implementation

[arcas]

Link

The flaw affects all operating systems, and for a secure multi-user environment essentially requires that Hyper-Threading be disabled.

Details of the attack will be presented at a conference tomorrow morning (May 13).

Perhaps Intel's HT isn't properly cleaning up after itself if the pipeline stalls and the CPU switches contexts?

This could explain the sudden brief selloff of Intel stock this afternoon.

 

[imported_DaveA]

ouch that sucks for intel.

 

[Duvie]

They will probably get a fix for it in its software implemantation...


Remember HT is merely making an inefficient design work a bit more efficient. HT doesn't add anything other then try to compensate for a penalty that is imposed by the excessively long pipeline and branch mispredictions. A processor like AMD with its improved branch prediction and shorter pipeline as well as the Dothan will benefit very little from HT as it is implemented today......


The more I start to understand HT the less and less I have been impressed with it...maybe the realization of true dual cores (not virtuals) as me liking the reality versus a quick trick to fool the eye.....It had its moments for me but I have seemed to be missing it less and less of recent.

How many ppl would this have really affected??? I dont think I would have been vulnerable....

 

[Zebo]

What are you talking about sell off? It's actually be recoving well this last month..

LOL what else are these massive mutuals and pension funds going to buy? Ford? GM? companies on thier way out heading twards chapter something?

 

[bersl2]

Originally posted by: Duvie
They will probably get a fix for it in its software implemantation...


Remember HT is merely making an inefficient design work a bit more efficient. HT doesn't add anything other then try to compensate for a penalty that is imposed by the excessively long pipeline and branch mispredictions. A processor like AMD with its improved branch prediction and shorter pipeline as well as the Dothan will benefit very little from HT as it is implemented today......


The more I start to understand HT the less and less I have been impressed with it...maybe the realization of true dual cores (not virtuals) as me liking the reality versus a quick trick to fool the eye.....It had its moments for me but I have seemed to be missing it less and less of recent.

How many ppl would this have really affected??? I dont think I would have been vulnerable....

You might want to reconsider your opinion. If an unprivileged process can read from a privileged process' memory, then it must be able to escalate its own privileges. That would be a very bad thing. Yes, it appears that there are ways in software to prevent this from being dangerous, but it's still looking like a terrible gaffe on Intel's part. Nobody else's SMT implementation seems to suffer from this.

Then again, maybe we should reserve judgement until we actually hear the details.

 

[Duvie]

I dont have one anymore!!!

But explain more if you could a type of attack say against someone like me running Mozilla Firefox with AV/ spyware/ and firewall set using the p4....I P2P a bit getting CSI episodes (not into DVDs or mp3s)...

 

[sandorski]

Wow, that could be bad news for Intel, assuming it's legit. What a bad PR situation.

 

[RichUK]

O well intel sucks ..

 

[clarkey01]

Lets all remember, HT is more of an elegant fix to a problem, rather then a added feature, although I do admire it ..

 

[Algere]

Originally posted by: Zebo
What are you talking about sell off? It's actually be recoving well this last month..

LOL what else are these massive mutuals and pension funds going to buy? Ford? GM? companies on thier way out heading twards chapter something?

Link

 

[Zebo]

Originally posted by: Algere

Originally posted by: Zebo
What are you talking about sell off? It's actually be recoving well this last month..

LOL what else are these massive mutuals and pension funds going to buy? Ford? GM? companies on thier way out heading twards chapter something?

Link

And? Price went up.

Lemme puts this in plain terms right now since this whole thread and inq is into conspiracy tone.

A "sell off" is market speak which consititutes more shares sold than bought, usually at a signifigant and percipitus rate. This results in a lower share price at the end of the day.

That's not what happened here at all. Lots sold, however lots more bought ending up higher than the day started in the first place.

Institutional investors arnt stupid. They know Intel is a good buy. With a war chest of billions of dividens ready to distribute once tax code turns favorable. With a house-hold name. With cash flow unmatched. With good ratios. With good prospects. And a relativly low share price.

 

[uOpt]

Go FreeBSD

Well, people worked abound a number of bad processor bugs in OS kernels, lets hope there's a fix here.

As for an attack, this is a break of the separation of local user IDs. I can imagine a Windoze user running IE with administrator rights is not impressed.

But in the multiuser and hosting world that is a big deal. You get a hook into Apache - bad but on halfway. If you can use the hook into the userid running apache to read arbitray memory out of other user's processes that allows for a number of "interesting" uses, as Colin explains the stealing of private keys. Or listen to sshd accepting people's passwords (go ssh-agent!) as administrators log in.

 

[DAPUNISHER]

Originally posted by: Zebo

Originally posted by: Algere

Originally posted by: Zebo
What are you talking about sell off? It's actually be recoving well this last month..

LOL what else are these massive mutuals and pension funds going to buy? Ford? GM? companies on thier way out heading twards chapter something?

Link

And? Price went up.

Lemme puts this in plain terms right now since this whole thread and inq is into conspiracy tone.

A "sell off" is market speak which consititutes more shares sold than bought, usually at a signifigant and percipitus rate. This results in a lower share price at the end of the day.

That's not what happened here at all. Lots sold, however lots more bought ending up higher than the day started in the first place.

Institutional investors arnt stupid. They know Intel is a good buy. With a war chest of billions of dividens ready to distribute once tax code turns favorable. With a house-hold name. With cash flow unmatched. With good ratios. With good prospects. And a relativly low share price.

Shhhh! When EF Zebo talks....people listen!

 

[Zebo]

Yea I should STFU.. Hav'nt made a dime in 6 years:| shows what I knows.


I'll say one thing.. Intel processors have obsure bugs (so does AMD's) that could result in a hard lock....always have..has'nt hurt them. HT itself has been sucessful 2 yrs running and some very minor obscure HT bug all of a sudden is going to cause the stock to collapse. GMAB! These people don't even know what a CPU looks like let alone what HT is. All they care about is P/E's, profits, valuation, etc etc which Intel has in spades.

 

[TStep]

Wow:Q, EF...EF...EF Hutton with the accent on the second T. Damn, I think the last time I saw that I was sportin' Jams, listening to my brand new Sony Walkman cassette, and chasin' the blossoming young felines.

 

[Algere]

Originally posted by: Zebo

Originally posted by: Algere

Originally posted by: Zebo
What are you talking about sell off? It's actually be recoving well this last month..

LOL what else are these massive mutuals and pension funds going to buy? Ford? GM? companies on thier way out heading twards chapter something?

Link

And? Price went up.

Lemme puts this in plain terms right now since this whole thread and inq is into conspiracy tone.

A "sell off" is market speak which consititutes more shares sold than bought, usually at a signifigant and percipitus rate. This results in a lower share price at the end of the day.

That's not what happened here at all. Lots sold, however lots more bought ending up higher than the day started in the first place.

Institutional investors arnt stupid. They know Intel is a good buy. With a war chest of billions of dividens ready to distribute once tax code turns favorable. With a house-hold name. With cash flow unmatched. With good ratios. With good prospects. And a relativly low share price.

Perhaps the OP wasn't using "market speak". Sell off by simple definition means, "To get rid of by selling, often at reduced prices". The Inq reported just that & the OP probably inferred that there could possibly be a connection between the HT security flaw report & the irregular amount of stock suddenly sold within that short (brief) period of time.

If that's what the OP meant (which I believe is so), perhaps he could've worded it a bit better for ppl like you but the general meaning of it (IMO) is there. In any case, thx for breaking down the marketing term for "sell off" for us simple folk.

 

[DAPUNISHER]

Originally posted by: TStep
Wow:Q, EF...EF...EF Hutton with the accent on the second T. Damn, I think the last time I saw that I was sportin' Jams, listening to my brand new Sony Walkman cassette, and chasin' the blossoming young felines.

I am old school Glad some one else can remember the ads too, 1/2 this crowd ain't even old enough to shave yet

 

[Duvie]

I remember the commercials as well!!! The guy standing in the loby talking to his buddy them all of a sudden all the ppl around him hush and lean over as if they are trying to get some juicy gossip....Yeah I may have seen those while playing with my Legos and watching Brady bunch on network TV!!!

 

[GuitarDaddy]

You guys make me feel old

When I was playing with LEGO's and Lincoln Logs (remember those), TV was black and white:frown: And when EF Hutton talked nobody listen

 

[Elcs]

Even if HT is 'an elegant fix to a problem', as an AMD-exclusive owner so far (due to price/performance a the time of purchase, ive been VERY impressed with HT.

Anything that improves performance in real-world, useful software without a massive impact on price or introduces many problems is good in my opinion.

HT has been out for how long? and they've only just found a problem with it? I cant remember any major security flaw in HT prior to this.

I say Intel have done great with it and 1 security flaw found after so long is something to be proud of.

Whilst HT may be significantly less useful in the near future on the bleeding edge of technology but it has served its purpose well.

 

[theMan]

i think ht is just another one of their marketing schemes. like, "wow, our processors go twice as fast as amd, so they are twice as good" and "we have HT and they dont" i dont know what has happened to intel in the past few years. its kinda sad.

 

[Munky]

LOL, the blows just keep coming for Intel.

Q: How many Intel HW engineers does it take to fix a problem?
A: None. We'll fix it in software.

 

[clarkey01]

Originally posted by: Elcs
Even if HT is 'an elegant fix to a problem', as an AMD-exclusive owner so far (due to price/performance a the time of purchase, ive been VERY impressed with HT.

Anything that improves performance in real-world, useful software without a massive impact on price or introduces many problems is good in my opinion.

HT has been out for how long? and they've only just found a problem with it? I cant remember any major security flaw in HT prior to this.

I say Intel have done great with it and 1 security flaw found after so long is something to be proud of.

Whilst HT may be significantly less useful in the near future on the bleeding edge of technology but it has served its purpose well.

lol I value it too, why do you think I use my 2.8 C for ripping/playing games/P2P/norton at the same time.

Ask my athlon to do that and it'll go on strike!

 

[CheesePoofs]

Originally posted by: theman
i think ht is just another one of their marketing schemes. like, "wow, our processors go twice as fast as amd, so they are twice as good" and "we have HT and they dont" i dont know what has happened to intel in the past few years. its kinda sad.

Thats wrong, HT is not just a marketing scheme and it does have a real impact on performance. Basically what it does (correct me if I'm wrong) is tell windows there are two processors and then take the second processor's instructions and run them in the gaps in the first processor's instructions. It helps with multitasking and with anything that is multithreaded.

 

[bersl2]

Originally posted by: CheesePoofs

Originally posted by: theman
i think ht is just another one of their marketing schemes. like, "wow, our processors go twice as fast as amd, so they are twice as good" and "we have HT and they dont" i dont know what has happened to intel in the past few years. its kinda sad.

Thats wrong, HT is not just a marketing scheme and it does have a real impact on performance. Basically what it does (correct me if I'm wrong) is tell windows there are two processors and then take the second processor's instructions and run them in the gaps in the first processor's instructions. It helps with multitasking and with anything that is multithreaded.

Right. Some of IBM's POWER chips do the same thing as HT, as do some of Sun's SPARCs, and neither do this just for show. Theirs don't seem to suffer these kinds of bugs either.

Here's the abstract from the paper:

Abstract. Simultaneous multithreading -- put simply, the shar-
ing of the execution resources of a superscalar processor between
multiple execution threads -- has recently become widespread via
its introduction (under the name "Hyper-Threading") into Intel
Pentium 4 processors. In this implementation, for reasons of ef-
ficiency and economy of processor area, the sharing of processor
resources between threads extends beyond the execution units; of
particular concern is that the threads share access to the memory
caches.
We demonstrate that this shared access to memory caches pro-
vides not only an easily used high bandwidth covert channel be-
tween threads, but also permits a malicious thread (operating, in
theory, with limited privileges) to monitor the execution of another
thread, allowing in many cases for theft of cryptographic keys.
Finally, we provide some suggestions to processor designers, op-
erating system vendors, and the authors of cryptographic software,
of how this attack could be mitigated or eliminated entirely.