LTC8K6
Lifer
- Mar 10, 2004
- 28,520
- 1,575
- 126
I get laughed at when I mention what Intel said about having fixed CPUs out this year...
PingSpike
Lifer
- Feb 25, 2004
- 21,730
- 561
- 126
Well, so far they haven't been able to release working microcode updates this year so I think people are justified in being skeptical that they can turn hardware around that fast. Not to mention Intel says a lot of things lately, some of them even sort of true.
We'll see I guess, I honestly have no idea how long it would take to tweak the issues out of a design if you kept the scope limited. It may not be as ugly as some people say.
LTC8K6
Lifer
- Mar 10, 2004
- 28,520
- 1,575
- 126
No one here is capable of waiting and seeing. We must all make definite pronouncements immediately, particularly if they involve doom and gloom.
thecoolnessrune
Diamond Member
- Jun 8, 2005
- 9,672
- 578
- 126
I'm very much aware of the havoc that's been brought in the industry from these patches. That's on Intel. That's an entirely separate discussion from how bad the current situation is, and the belief that somehow consumers don't have to worry about this.
Meltdown and Spectre require local access, but that means nothing in regards to the vector used to get that local access. It's also, again an entirely different discussion from what a hacker can "do to your machine."
The only thing that separates a normal program that we use everyday from a virus, worm, exploit, etc. etc. is the intention of the program. A hacker can craft a package for a myriad of purposes. A hacker getting something on your machine has absolutely zero correlation with a hacker getting unfettered access to your machine. In fact, the vast majority of malicious packages out there do no such thing. They stay under the radar getting access to just a couple of things needed to suit whatever their end goal is. The Slammer Worm from the early 2000's for instance did not give a hacker the ability to "do anything they wanted". It merely exploited a vulnerability in Microsoft SQL to overload networks with traffic. Subsequent buffer overflows could be used in vulnerable systems (and systems made vulnerable by being a recipient of the junk traffic) could then have then have leaked confidential data that could be harvested.
This exploit is the exact same way, specifically in regards to Spectre. Just because browsers are now safer, does not mean there are not other vectors that can be used to exploit a Spectre vulnerability. A spectre exploit need not be a one-stop-shot package that infects, exploits, harvests, and sends data, and it need not be kicked off by someone holding onto your system. A worm could deliver a spectre exploit that simply leverages another known (or unknown) program long out of support to do its spectre mitigation. For all we know, some version of WinDirStat could be used as a vector if it has such a vulnerability. That's the nasty thing about Spectre, and why this needs to be at least partially handled at the CPU level. I just can't agree that this is some issue consumers don't need to worry about. They need to worry about it like they do any new vulnerability.
If you accept the assumption that this group is more knowledgeable about tech matters than the average person, you should not be surprised at the reactions your postings are receiving. Accepting that silicon fixes will be ready later this year appears very naive if genuinely believed. Intel will have to have known about the situation a long time before the official Google notification, and sat on it. One thing we all share is 24hrs/day. Having all the money in the world cannot change that.No one here is capable of waiting and seeing. We must all make definite pronouncements immediately, particularly if they involve doom and gloom.
With regards to waiting. The next time you see a Semi heading towards you, try waiting to see if it swerves at the last second.
LTC8K6
Lifer
- Mar 10, 2004
- 28,520
- 1,575
- 126
Is it a Tesla battery powered semi that I can't hear, that will automatically avoid me?
Posting what Intel says is not an indication that I believe it will occur.
Not sure why that is so hard to understand.
I'm certain I said we'd need to wait and see what Intel does, and judge as we find.
If anyone can throw enough money at this problem to get it fixed reasonably fast, it's Intel.
If they can't, oh well. We'll have to wait.
The very last thing we need is another CPU maker monopoly.
psolord
Golden Member
- Sep 16, 2009
- 1,910
- 1,192
- 136
Wow, Asrock pulled the 1.40 BIOS for my z370 Extreme 4 motherboard. I had already installed it and I don't have any problems however.
It's the first time in history that I have a BIOS not available on the manufacturers website. I kinda feel my system is special. lol
It's the first time in history that I have a BIOS not available on the manufacturers website. I kinda feel my system is special. lol
DrMrLordX
Lifer
- Apr 27, 2000
- 21,617
- 10,824
- 136
Pardon me if I remain skeptical. My guess is their "fix in silicon" will be: hey, we ship all our products with updated firmware now. They will come pre-patched, and for some users . . . pre-crippled.
Trippy isn't it? Kinda like running a beta BIOS you got off some enthusiast website. It's all fun and games until you find out why it's beta . . .
No it isn't a separate discussion. I'm talking about risk potential for end consumers, and not corporations or businesses.
1) The current mitigations for these vulnerabilities affect performance and stability in a significant way. This might change in the future, but until then, they are unacceptable to me personally.
2) Being primarily a gamer, the chances of being affected by these vulnerabilities is extremely remote. According to Google, there are currently no malware out in the field that target these vulnerabilities, and they require local access to be utilized, which is a huge obstacle for malware writers to overcome.
As I said before, if it's gotten to the point that a hacker has local access to your personal machine, taking advantage of Spectre and Meltdown (which has memory read only restrictions) would be a complete waste of time for them as they have great latitude to do what they want. In effect, my primary consideration should be to prevent a hacker from getting local access to my machine, as the risk potential for that would be far more devastating.
LTC8K6
Lifer
- Mar 10, 2004
- 28,520
- 1,575
- 126
- Jun 10, 2004
- 14,328
- 4,913
- 136
You don't need local access to the machine to exploit these vulnerabilities. Full stop.
The "updated microcode" in the Asus Prime Deluxe X299 has a HUGE performance hit on storage. Using Intel 900P 480G saw serious write performance drops. Flashed back to previous BIOS and saw performance back to prior levels. Not worth it.
IndyColtsFan
Lifer
- Sep 22, 2007
- 33,656
- 687
- 126
IndyColtsFan
Lifer
- Sep 22, 2007
- 33,656
- 687
- 126
Are you sure about that? These are the CVEs associated with Spectre and Meltdown, and all of them state that local access is required for a successful attack. I suppose with Spectre, you can supposedly do a java script attack that could leak protected information, but unless you have local access, how could you get the data and make use of it?
Spectre 1
Spectre 2
Meltdown
Despoiler
Golden Member
- Nov 10, 2007
- 1,966
- 770
- 136
Apparently Intel has lots of beers for everyone to hold.
Intel Warned Chinese Companies of Chip Flaws Before U.S. Government
https://www.wsj.com/articles/intel-...f-chip-flaws-before-u-s-government-1517157430
Intel Warned Chinese Companies of Chip Flaws Before U.S. Government
https://www.wsj.com/articles/intel-...f-chip-flaws-before-u-s-government-1517157430
Jimzz
Diamond Member
- Oct 23, 2012
- 4,399
- 190
- 106
Jesus , and people still try to defend intel and the CEO for selling all his shares and options before all this came out.
I thought the worst had already come out about intel but things like this just make me wonder what bomb shell will drop next. So glad AMD makes good chips again.
In fairness, the Chinese companies mentioned were Lenovo and Alibaba. IOW their biggest customers.
I'd say it's a bigger deal about the rumor that they were told on the same day that BK's stock sold.
I'd say it's a bigger deal about the rumor that they were told on the same day that BK's stock sold.
Can't really think of any logical reasoning why Intel wouldn't have informed the US Government 1st. You'd think they'd have priority over all others in the end.
Guess you could go the conspiracy route and say the US Government already knew about the exploits and was using them for spying purposes.
Would seem silly if the reasoning behind it was just $'s.
zinfamous
No Lifer
- Jul 12, 2006
- 110,562
- 29,171
- 146
the crap? what kind of deals has Intel been working with China all along?
I hate conspiracy nonsense...but this is really "weird," is it not? Why alert the big Chinese customers before you alert the US gov't and relevant security industries?
TRENDING THREADS
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 9K
-
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 7K
-
Facebook
Twitter