Intel CPUs Hit by NetCAT Security Vulnerability, AMD Not Impacted

[VirtualLarry]

I'll just leave this here. It was "widely known" back in the day, starting with Intel i386 processors, that "real flat mode" was possible, pretty-much explicitly, because Intel didn't check the segment descriptor cache limits, when setting from protected mode back to real mode. Thus you could use the 32-bit extended index registers, to access a flat 32-bit memory space from actual REAL MODE.

They were sloppy and lazy back then (*). It was in their engineering culture. Sure did enable some neat "Demos" though.

Edit: And then once software starts using that (exploit), it becomes a feature-not-bug of the processor, and subsequent processors need to continue that behavior, to allow existing software to continue to work. Hence some of the complicated evolution of the x86/x64 architecture, as well as how Windows itself has "evolved", to maintain heavy layers of backwards-compatibility. (How many people have heard of application-specific "compatibility shims" being automagically applied by more recent Windows versions, to allow that outdated application to behave the same on newer versions of Windows?)

(*) Edit: I meant more along the lines of mitigations of hardware "exploits", that were at most, at the time, "highly theoretical".

 

[Ajay]

Bingo. Intel is an extraordinarily politicized workplace. This issue would have been identified by software researchers whose management have no motive to call out the hardware architects since there is no political gain to be extracted from slamming a different org. Persistent engineers would be shut down by being told to "disagree and commit" and excluded from meetings, which is the currency of Intel career advancement.

Intel's not the only company that runs that way. I was bitten by that bug once, and pissed off my manager's manager. That did not go well for me. It is a cancer though and stupid shit like this eventually killed that company.

 

[dmens]

Intel's not the only company that runs that way. I was bitten by that bug once, and pissed off my manager's manager. That did not go well for me. It is a cancer though and stupid shit like this eventually killed that company.

Yep. Intel is being blown away technologically by all its competitors and the lower/middle management are still playing their political games and scheming against one another. The results are already starting to manifest and will be all too apparent in five years.

 

[Guru]

It's very clear that Intel made a gamble for more performance at the cost of less or NO security and while their bet worked for a while, the issues have now caught up with them and they are caught with their pants down!

 

[DrMrLordX]

Be assured of this though - security flaws will be found in AMD processors over time.

Ryzen was vulnerable to Spectre. We've already seen that AMD chips do have some security flaws - even remote exploits. And we still don't know much about Trustzone. The question is whether they, as an organization, are willing to make decisions to protect their customers and their brand name over the long term versus grabbing at quick performance boosts at the possible expense of security. Intel has already shown their true nature.

 

[chrisjames61]

Ryzen was vulnerable to Spectre. We've already seen that AMD chips do have some security flaws - even remote exploits. And we still don't know much about Trustzone. The question is whether they, as an organization, are willing to make decisions to protect their customers and their brand name over the long term versus grabbing at quick performance boosts at the possible expense of security. Intel has already shown their true nature.

Unfortunately short term gains, greed and shareholder value are the rule of the day in big business. A quality product that is a good value is a thing of the past. I cringe when I go to a Home Depot or hardware store and compare the quality to the stuff I bought when I was a kid in the 1970's and 1980's.

 

[moinmoin]

Ryzen was vulnerable to Spectre. We've already seen that AMD chips do have some security flaws - even remote exploits. And we still don't know much about Trustzone. The question is whether they, as an organization, are willing to make decisions to protect their customers and their brand name over the long term versus grabbing at quick performance boosts at the possible expense of security. Intel has already shown their true nature.

With regard to Spectre AMD is not affected in the same way Intel is. Most of Spectre is about separation of kernel and user data (or the lack of it on Intel's side), exploits for AMD chips for such weren't/aren't know but AMD still promised (and applied? Hard to test without exploits) additional hardening. What's actually affecting everybody is Spectre v1 which isn't about privilege escalation but simple isolation of data between different processes on the same privilege level, something essentially no hardware from any vendor was doing by design.

Trustzone is a separate ARM based quasi industry standard. If/when exploits for it are found we can expect all devices using Trustzone including all Zen based chips by AMD to be affected. So far the exploits seem to focus on vendor specific implementations of TEEs (see e.g. Google Project Zero's blog entry from 2017). My understanding is that aside OS agnostic SME and SEV AMD doesn't offer any such implementations itself but allows its customers to create them (for Ryzen Pro and Epyc chips). Whether Trustzone on its own (without any implementation running) can be exploited will be interesting to see, ideally that shouldn't be possible.

 

[DrMrLordX]

With regard to Spectre AMD is not affected in the same way Intel is.

Oh I know. Since we're all about being "unbiased" though, it had to be mentioned. Fortunately it was easy for AMD to patch that up.

Whether Trustzone on its own (without any implementation running) can be exploited will be interesting to see, ideally that shouldn't be possible.

Rest assured that some very independent, totally-not-on-Intel's-payroll organizations are looking into that as we speak.

 

[moinmoin]

Rest assured that some very independent, totally-not-on-Intel's-payroll organizations are looking into that as we speak.

Better sooner than later I say, there can never be too many eyes looking closely at security solutions.

In any case better use of effort than the unnecessary FUD about lack of chip longevity (while a couple more Atom based chips are confirmed to age too quickly and stop working) and missing some max boost speed by 0.025 Ghz (that turned out to be resolvable with BIOS updates and are not due to binning duds).

 

[mrblotto]

So I read the first few posts, bypassed all the flaming and finger-pointing, and read these last few posts.

tldr

In a nutshell, Intel CPU's are susceptible to another exploit (in theory? Has it been actually done?)

 

[chrisjames61]

So I read the first few posts, bypassed all the flaming and finger-pointing, and read these last few posts.

tldr

In a nutshell, Intel CPU's are susceptible to another exploit (in theory? Has it been actually done?)

In a nutshell maybe you should read a few more of the posts lol.

 

[nicalandia]

In a nutshell, Intel CPU's are susceptible to another exploit (in theory? Has it been actually done?)

In a Nutshell Intel CPUs and Information Security have become a dichotomy

 

[DrMrLordX]

In a nutshell, Intel CPU's are susceptible to another exploit (in theory? Has it been actually done?)

Go to the source:

NetCAT - vusec

NetCAT shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform)...

www.vusec.net

Better sooner than later I say, there can never be too many eyes looking closely at security solutions.

There're those who want to find the truth and those who have made up their minds in advance. But yeah I hope somebody is looking carefully at AMD's hardware very carefully. It's just gotta be for the right reasons. We don't need any more hatchet jobs.

 

[moinmoin]

There're those who want to find the truth and those who have made up their minds in advance. But yeah I hope somebody is looking carefully at AMD's hardware very carefully. It's just gotta be for the right reasons. We don't need any more hatchet jobs.

The "funny" part is those guys did actually point out some valid bugs within all the charade, and AMD subsequently fixed them. People just didn't care anymore either way since the whole stuff just was too stupid.

 

[DrMrLordX]

The "funny" part is those guys did actually point out some valid bugs within all the charade, and AMD subsequently fixed them. People just didn't care anymore either way since the whole stuff just was too stupid.

Oh they did find a few thing. Nothing major, and as you said, that's fixed now. It was the way it was found that was so absurd.

I don't think anyone paid researchers to do a hit on Intel. The findings independent researchers have produced are quite useful to sysadmins and others.

 

[Markfw]

There is a pattern here that actually worries me. First the Meltdown/spectre hitting Intel hard. Then Intel paying someone to make AMD look bad, Then Intel failing on 10nm, then all the "stunts" Intel has pulled trying to make AMD look bad. Then AMD comes out with Ryzen 2 (3000 series) and Rome and murders Intel in performance, price, and every metric.

What worries me is there appears to be no end in sight for Intels "shenanigans", and no good new products. I really don't want AMD to become complacent like Intel has been.

 

[darkswordsman17]

The "funny" part is those guys did actually point out some valid bugs within all the charade, and AMD subsequently fixed them. People just didn't care anymore either way since the whole stuff just was too stupid.

The "funny" part is that those vulnerabilities also affected Intel because they either required you to already have root access (meaning the system was already compromised which would make any and all exploits possible and that would be true no matter what system you have), or they were actually in the ASMedia chipset (which was used on some Intel systems as well), but they conveniently ignored that and put everything solely on AMD. And how they went about it was absolutely hot garbage where they gave AMD effectively no chance to patch before going live, while we've seen many of the Intel security issues to have months if not years of forewarning (wherein Intel has repeatedly just ignored them until they're forced to and even then its usually Microsoft and the software vendors having to push out a patch to deal with them while Intel tries to figure out how they're going to address them - which often has been "well they'll be fixed in future processors" although I'm even concerned about that as I believe Zombieload has been shown to work on newer Intel processors that were supposedly fixed of other similar vulnerabilities - and Intel knew about Zombieload for I think over a year).

Which that's the thing I'm trying to highlight. I'm not saying AMD will never have security issues. That's the key though. Its one thing to be vulnerable. Its how you handle that. When AMD becomes aware, they try to resolve it and make good faith effort to deal with it (at least from what I've seen, but I'm not a security researcher). Intel repeatedly ignores it, then relies on the software companies to deal with the immediate fallout, then they claim they'll fix it (and do when it is easy or convenient for them apparently). But then we see them continuing to ignore vulnerabilities. That's the real issue.

That's not to say AMD didn't have things to fix there (as their secure processor could be compromised to enable persistent access even after you fixed the root compromise, which absolutely made the issue worse, but I have a hunch that is true of almost all such setups including Intel and I think was true in the recent Apple secure processor issue), but CTS Labs outright lied about aspects of those vulnerabilities in order to make it sound like AMD's CPUs were completely broken and unfixable in any way when they absolutely could be and were patched.

As is often the case. The "crime" can often be not that big of a deal, its the "coverup" that makes it a big deal. If you know about a serious issue, deal with it. But if you try and ignore it or cover it up, or possibly resort to other behavior to mitigate it, that's far worse, as the problem is both still there, but you also ruin your credibility such that you make it an issue to trust you going forward. We're finding out that Intel should be trusted about as far as we can throw their collective butts, because if they're not perpetrating anti-competitive behavior, they're apparently trying to ignore security issues (so you can't trust their performance that people were using to justify going with them when they were doing anti-competitive things).

 

[darkswordsman17]

There is a pattern here that actually worries me. First the Meltdown/spectre hitting Intel hard. Then Intel paying someone to make AMD look bad, Then Intel failing on 10nm, then all the "stunts" Intel has pulled trying to make AMD look bad. Then AMD comes out with Ryzen 2 (3000 series) and Rome and murders Intel in performance, price, and every metric.

What worries me is there appears to be no end in sight for Intels "shenanigans", and no good new products. I really don't want AMD to become complacent like Intel has been.

Eh, if AMD, when in dire, desperate times isn't willing to compromise to gain performance that they desperately needed, I'm not that worried. Now, that doesn't mean I think AMD is infallible, quite the opposite actually, as we've seen them have blunders as well (Spectre, TLB Bug, secure processor issue on Zen).

I'm most worried about the behavior of the customers. They've been the ones pushing for these secure processors and "features" that lead to security vulnerabilities. They're the ones that do a horrible job of security in general, and they don't even seem all that concerned with Intel's (and others) security issues when they come up.

 

[amrnuke]

Possibly. We may never know. If it got them some procurement wins then it was probably worth it, at least in the short term.

And because executive pay is often now tied to stock price, such short-term decisions are made with more and more frequency across the entire US corporate world. Not to get too off-topic, but the short-mindedness of corporations is very worrying to me both as an individual and as an American.

Back to Intel, they made these remote-access and security decisions in the name of ease-of-use (for net admins) and speed. They were just hoping it would take too long to figure out the poor decisions. At this point, as many have echoed, so many big companies are invested in Intel that they've already won the war, even as they keep losing speed and efficiency and security battles. At some time, it might up-end their hegemony but I'm not sure.

 

[Amol S.]

These aren't quite like that, like software exploits, these are due to INTENTIONAL CORNER-CUTTING, during their older design work. They played fast-n-loose with the implementation of their ISAs, and it turned around and bit them in the azz. They wanted performance, not security.

That actually is not true. If they wanted performance they would only be selling Core, Xeon, and Itanium processors. On top of that, AMD had to go thru an entire CPU refabrication process as it is very known that very old AMD CPU's 2000-10 and older era AMD CPU's had very severe performance and other issues compared to Intel at that time.

On top of that, because of the fact that AMD does not make the majority of the market (as the person you responded to pointed out), they really are not that big of an incentive for attackers to attack. Its almost a similar but not completely exact reason to why you don't see Macs having a lot less number of malware than Windows, (of course there is the other reason of how Apple creates their own devices with security in mind, which also reduces the vulnerabilities.) The point here being is that it has nothing to do with older architecture, if it had to do with that, then every Intel processor would be vulnerable to this attack. We can see that is not the case here, and only Xeon and Itanium processors got attacked. Intel does not use one single die to make their processors, and their dies have changed over time.

My reply to the thread:

The fact that the issue over this backdoor in server based CPUs made by Intel, does not imply that AMD is better. Who knows, there could be an even worse backdoor in every AMD CPU and not in any Intel CPU that could cause your pc or laptop to catch fire, or let an attacker gain complete control of your computer remotely. CPUs are made by humans, and humans make mistake. It would not be a normal thing for AMD to never get a severe issue like Intel is facing. Things like this always happen. Just like Ajay has stated in the following quote,

Too be fair, AMD didn't have SMT (hyperthreading). So far, it seems, AMD has learned from Intel's errors. Be assured of this though - security flaws will be found in AMD processors over time. There is no such thing as bulletproof in the security world. It's not a matter of if, but a matter of when - sadly that's the world we live in.

Who would have thought about something like the Equfax hacks before it even happened? Equfax was like something you would expect to always be secure. Similarly is the case here with Intel's CPUs that were designed for servers and the enterprise market. Just like how aigomorla has said in their post quoted bellow,

Im gonna play the black sheep and say it could be that intel didnt expect a back door like this to exist.
Honestly this is intel and enterprise, do you think they would honestly knowingly allow for such a thing to exist and impliment it regardless?
Its hands down open door to a major class action lawsuit.

Its like meltdown.
Its not known if anyone would of found out the expliot had it not been google that tackled the issue in every level possible.
Maybe someone did know and was exploiting it, but who knows.

 

[mrblotto]

Go to the source:

NetCAT - vusec

NetCAT shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform)...

www.vusec.net

.

Thank you

 

[Markfw]

That actually is not true. If they wanted performance they would only be selling Core, Xeon, and Itanium processors. On top of that, AMD had to go thru an entire CPU refabrication process as it is very known that very old AMD CPU's 2000-10 and older era AMD CPU's had very severe performance and other issues compared to Intel at that time.

On top of that, because of the fact that AMD does not make the majority of the market (as the person you responded to pointed out), they really are not that big of an incentive for attackers to attack. Its almost a similar but not completely exact reason to why you don't see Macs having a lot less number of malware than Windows, (of course there is the other reason of how Apple creates their own devices with security in mind, which also reduces the vulnerabilities.) The point here being is that it has nothing to do with older architecture, if it had to do with that, then every Intel processor would be vulnerable to this attack. We can see that is not the case here, and only Xeon and Itanium processors got attacked. Intel does not use one single die to make their processors, and their dies have changed over time.

My reply to the thread:

The fact that the issue over this backdoor in server based CPUs made by Intel, does not imply that AMD is better. Who knows, there could be an even worse backdoor in every AMD CPU and not in any Intel CPU that could cause your pc or laptop to catch fire, or let an attacker gain complete control of your computer remotely. CPUs are made by humans, and humans make mistake. It would not be a normal thing for AMD to never get a severe issue like Intel is facing. Things like this always happen. Just like Ajay has stated in the following quote,

Who would have thought about something like the Equfax hacks before it even happened? Equfax was like something you would expect to always be secure. Similarly is the case here with Intel's CPUs that were designed for servers and the enterprise market. Just like how aigomorla has said in their post quoted bellow,

Another denial reply. Just becuase they WERE the biggest does not mean they did not screw up big time. There are many other cases out there not based on CPUs; One example is the WV diesel cars. You don't think they did it itentionally ? Wake up, big business is all about money, not doing things right. They get caught with their hands in the cookie jar all the time.

Intel got caught with their pants down. PERIOD

 

[Hitman928]

On top of that, AMD had to go thru an entire CPU refabrication process as it is very known that very old AMD CPU's 2000-10 and older era AMD CPU's had very severe performance and other issues compared to Intel at that time.

Link?

 

[BigDaveX]

That actually is not true. If they wanted performance they would only be selling Core, Xeon, and Itanium processors. On top of that, AMD had to go thru an entire CPU refabrication process as it is very known that very old AMD CPU's 2000-10 and older era AMD CPU's had very severe performance and other issues compared to Intel at that time.

What exactly are you talking about? The only AMD CPUs in the timeframe you're talking about that had any severe bug were the very first Phenoms, and even then the bug didn't make the system insecure; it just caused it to crash under certain, very rare circumstances.

 

[beginner99]

Another denial reply. Just becuase they WERE the biggest does not mean they did not screw up big time. There are many other cases out there not based on CPUs; One example is the WV diesel cars. You don't think they did it itentionally ? Wake up, big business is all about money, not doing things right. They get caught with their hands in the cookie jar all the time.

Intel got caught with their pants down. PERIOD

While I agree that companies cheat intentionally, I'm not so sure this as the case here. Maybe it was simply an engineering trade-off or they didn't even think about it. I say that because back then when this general uArch was designed (Core uarch, I think Yonah) such security consideration sure weren't such a great deal and cloud was non-existent back then. In case of VW intentionally cheating the law is something entirely different.