77 more intel vulnerabilities found and being patched this month.

pillagenburn said:
Is this a joke?
Click to expand...

no but it's kinda comical...

until you realize that all not only yours but everyone's data and money are most likely stored on a server that's using an intel platform. but yeah this whole intel security thing is getting out of hand.

actually at this point there almost seems to be an :eek: "EPYC" amount of security holes in intel's products!
 
I had a big (for me) meeting with Dell yesterday where we planned out my summer server upgrades, not once during the meeting did they propose a Xeon based system. Our existing Gen 6 Xeon servers have seen a solid 20% performance decrease with the security and firmware updates at least 2 years and the users on those boxes have noticed and are quite vocal about it. If these security fixes hurt performance much more than the existing ones already have I may be dealing with a riot in the administration wing long before those new servers get installed.
 
Lakados said:
But then the people who operate AirVPN then have access to what ever you are doing on their VPN so all you have done is changed who has access to what you are doing.
Click to expand...


you need to read up on your vpn's. they are ABSOLUTELY NO LOGS. i will try to find the article rating the "actual" security of most vpn's. air was one of only 2 that passed w/ flying colors.
 
d3athf1sh said:
you need to read up on your vpn's. they are ABSOLUTELY NO LOGS. i will try to find the article rating the "actual" security of most vpn's. air was one of only 2 that passed w/ flying colors.
Click to expand...
If they keep absolutely no logs how can they assure their services are running correctly, they have no means of doing troubleshooting on issues they can't track any security breaches they are basically running a black box that they themselves are in the dark on. And sure they may have passed some 3'rd party inspection once but who is to say they didn't make changes the very next day, unless they are being surprised by security audits on a somewhat regular basis who's to say what is going on there.
 
Last edited:
Lakados said:
Their servers may not log things but that doesn't mean their admin's dont do periodic checks to make sure things aren't working and during that check they have to take a log of some sort then maybe they don't delete them, and it is sitting on one of their laptops not their servers. Or maybe they turn off all the logs for the inspection get a great rating then turn it back on after as they can use it for great PR. They have their own local laws they must comply with which means they have to be keeping some sort of records. I never trust any service that says they keep no logs because then they can't even assure somebody their service is working correctly.
Click to expand...

it's encrypted, ding dong. did you even read the article?
 
d3athf1sh said:
it's encrypted, ding dong. did you even read the article?
Click to expand...
They are literally the man in the middle, they control the encryption they can see what is going on regardless of what you think you are encrypting, SSL decryption is not a dificult thing to do if you own the VPN hardware people are using.
 
Lakados said:
I had a big (for me) meeting with Dell yesterday where we planned out my summer server upgrades, not once during the meeting did they propose a Xeon based system. Our existing Gen 6 Xeon servers have seen a solid 20% performance decrease with the security and firmware updates at least 2 years and the users on those boxes have noticed and are quite vocal about it. If these security fixes hurt performance much more than the existing ones already have I may be dealing with a riot in the administration wing long before those new servers get installed.
Click to expand...


If this is repeating in server rooms across the world, the next market share reports will be interesting!
 
Zarathustra[H] said:
If this is repeating in server rooms across the world, the next market share reports will be interesting!
Click to expand...
AMD is poised to have something like 5% by 2021, Q1 2018 they were less than 1%, so those gains are huge, they are already closing in on 3.5% for this year. Intels board can't be happy about that and I am sure they arent taking this lieing down.
 
Lakados said:
They are literally the man in the middle, they control the encryption they can see what is going on regardless of what you think you are encrypting, SSL decryption is not a dificult thing to do if you own the VPN hardware people are using.
Click to expand...

you can also setup AirVPN to use tor so that way it masks it from them too. but hey to get the thread back on topic lets just hope they aren't using intel hardware on their servers....
 
"No one ever got fired for buying Intel."
That statement is soooo not true any more.

77 just this month, that makes it over 100 total since Q1 2018.
If it weren't for AMD, I would say x86-64's days are truly numbered, and in short-order...
 
Mega6 said:
The Tencent contract (just announced) for Cloud Computing (Epyc) is Huge for AMD.
Click to expand...
Yeah they are working on their own version of Apple Arcade / Stadia, too much money there to not do that.
 
Mega6 said:
Largest Cloud provider in China.
Click to expand...
Alibaba currently is the largest in China and 3'rd largest in the world behind Microsoft and Amazon, Tencent wants a piece of that and given their failed attempt at launching their own console to compete with MS and Sony this seems like the perfect way for them to do it. They easily have the money on hand to get themselves to #2 in China which could get them to a solid #4 globally. And given Asia's internet infrastructure I could easily see a stadia like platform functioning there far better than in Canada or the US. As more projects like Stadia and Apple arcade launch it will draw more developers and as those systems are pretty unique any titles on them are going to be unique, so if they take off fast forward 10 years and that eats into a very large portion of Tencent's current entertainment platform. Being proactive on this is in their best interest.

I recall a story that MS and Sony were working in tandum on a cloud gaming platform but I am unable to currently find any of the specifics on it outside of an announcement of it happening on Polygon, no clue what ever became of it.
 
  • Like
Reactions: N4CR
like this
From TFA, not just CPU flaws, 11 are for network controllers, 8 for graphics drivers, and 6 for WiFi drivers. So if your AMD powered server has the wrong Intel NIC in it, you are bagged by this advisory. A brief glance at one of the NIC entries listed privilege escalation as one of the issues.

Wonder how many 'smart' gizmos have buggy Intel NICs or WiFi controllers that will never see an update?
 
d3athf1sh said:
you need to read up on your vpn's. they are ABSOLUTELY NO LOGS. i will try to find the article rating the "actual" security of most vpn's. air was one of only 2 that passed w/ flying colors.
Click to expand...

That "no logs" thing worked great for NordVPN, wait...

https://www.extremetech.com/internet/300602-nordvpn-admits-it-was-hacked-last-year

A server doesn't need logs to be vulnerable to hacking, and there are numerous attack vectors that don't need any sort of log to work. VPNs aren't privacy, you're just trusting a different company instead of your ISP to not mishandle your data.
 
Lakados said:
I had a big (for me) meeting with Dell yesterday where we planned out my summer server upgrades, not once during the meeting did they propose a Xeon based system. Our existing Gen 6 Xeon servers have seen a solid 20% performance decrease with the security and firmware updates at least 2 years and the users on those boxes have noticed and are quite vocal about it. If these security fixes hurt performance much more than the existing ones already have I may be dealing with a riot in the administration wing long before those new servers get installed.
Click to expand...
Considering the amount of bitching from some sys admins/acquisition types about Dell not offering AMD... that's quite telling indeed, they know more than we do I'd say about what's coming next... Thanks for sharing.
 
GiGaBiTe said:
That "no logs" thing worked great for NordVPN, wait...

https://www.extremetech.com/internet/300602-nordvpn-admits-it-was-hacked-last-year

A server doesn't need logs to be vulnerable to hacking, and there are numerous attack vectors that don't need any sort of log to work. VPNs aren't privacy, you're just trusting a different company instead of your ISP to not mishandle your data.
Click to expand...

not sure if you read the article i linked above "hypocrisy plaguing vpn providers" but i woldn't use nord in the first place. to quote the article:

NordVPN
  • Sets 6 cookies, 2 of them associated with various tracking services.
  • Contains 9 external trackers
  • Utilizes 4 external analytical services
  • Uses CloudFlare DNS + proxying service. SSL certificate is held by Cloudflare.
  • 3rd party hosted email
doesn't sound that safe to me. check out that article it's very eye opening.
 
Mullvad has a pretty good track record and takes cash/BTC/etc.
 
Has anyone bothered to read the Intel security bulletin?

77 vulnerabilities spread across a range of products:

Advisory ID Title Internally Found CVSS Range
INTEL-SA-00241 Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory 22 of 24 2.3 – 9.6
INTEL-SA-00313 Intel® BMC Advisory 12 of 12 3.7 – 9.0
INTEL-SA-00255 Intel® Ethernet 700 Series Controllers Advisory 10 of 11 5.6 – 8.8
INTEL-SA-00242 Intel® Graphics Driver for Windows* Advisory 5 of 8 4.0 – 8.8
INTEL-SA-00287 Intel® WIFI Drivers and Intel® PROSet/Wireless WiFi Software extension DLL Advisory 3 of 3 8.2 – 8.7
INTEL-SA-00288 Intel® PROSet/Wireless WiFi Software Security Advisory 3 of 3 5.3 – 8.5
INTEL-SA-00220 Intel® SGX and TXT Advisory 2 of 2 8.2 – 8.2
INTEL-SA-00240 Intel® CPU Security Advisory 2 of 2 7.5 – 8.2
INTEL-SA-00293 Intel® SGX Advisory 1 of 2 7.0 – 7.8
INTEL-SA-00280 IPU UEFI Advisory 1 of 2 7.5 – 7.5
INTEL-SA-00309 Nuvoton* CIR Driver for Windows® 8 for Intel® NUC Advisory 0 of 1 6.7
INTEL-SA-00210 Intel® Processor Machine Check Error Advisory 1 of 1 6.5
INTEL-SA-00260 Intel® Processor Graphics Update Advisory 1 of 1 6.5
INTEL-SA-00270 TSX Transaction Asynchronous Abort Advisory 0 of 1 6.5
INTEL-SA-00164 Intel® TXT Advisory 1 of 1 6.0
INTEL-SA-00219 Intel® SGX with Intel® Processor Graphics Update Advisory 1 of 1 6.0
INTEL-SA-00254 Intel® SMM Advisory 1 of 1 6.0
INTEL-SA-00271 Intel® Xeon® Scalable Processors Voltage Setting Modulation Advisory 1 of 1 5.8

The good news? They are taking security seriously and putting all of that communication in one place.
The 77 was pointed out because 67 of those 77 were bugs Intel found themselves. That shows how serious they are (finally) taking security.
 
N4CR said:
Mullvad has a pretty good track record and takes cash/BTC/etc.
Click to expand...

yep it was the one of the only three that they recommended. just as long as you don't use their email, as it is hosted by google. AirVPN and IVPN.net were the only one's that passed with flying colors.
 
  • Like
Reactions: N4CR
like this
GoodBoy said:
Has anyone bothered to read the Intel security bulletin?

77 vulnerabilities spread across a range of products:

Advisory ID Title Internally Found CVSS Range
INTEL-SA-00241 Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory 22 of 24 2.3 – 9.6
INTEL-SA-00313 Intel® BMC Advisory 12 of 12 3.7 – 9.0
INTEL-SA-00255 Intel® Ethernet 700 Series Controllers Advisory 10 of 11 5.6 – 8.8
INTEL-SA-00242 Intel® Graphics Driver for Windows* Advisory 5 of 8 4.0 – 8.8
INTEL-SA-00287 Intel® WIFI Drivers and Intel® PROSet/Wireless WiFi Software extension DLL Advisory 3 of 3 8.2 – 8.7
INTEL-SA-00288 Intel® PROSet/Wireless WiFi Software Security Advisory 3 of 3 5.3 – 8.5
INTEL-SA-00220 Intel® SGX and TXT Advisory 2 of 2 8.2 – 8.2
INTEL-SA-00240 Intel® CPU Security Advisory 2 of 2 7.5 – 8.2
INTEL-SA-00293 Intel® SGX Advisory 1 of 2 7.0 – 7.8
INTEL-SA-00280 IPU UEFI Advisory 1 of 2 7.5 – 7.5
INTEL-SA-00309 Nuvoton* CIR Driver for Windows® 8 for Intel® NUC Advisory 0 of 1 6.7
INTEL-SA-00210 Intel® Processor Machine Check Error Advisory 1 of 1 6.5
INTEL-SA-00260 Intel® Processor Graphics Update Advisory 1 of 1 6.5
INTEL-SA-00270 TSX Transaction Asynchronous Abort Advisory 0 of 1 6.5
INTEL-SA-00164 Intel® TXT Advisory 1 of 1 6.0
INTEL-SA-00219 Intel® SGX with Intel® Processor Graphics Update Advisory 1 of 1 6.0
INTEL-SA-00254 Intel® SMM Advisory 1 of 1 6.0
INTEL-SA-00271 Intel® Xeon® Scalable Processors Voltage Setting Modulation Advisory 1 of 1 5.8

The good news? They are taking security seriously and putting all of that communication in one place.
The 77 was pointed out because 67 of those 77 were bugs Intel found themselves. That shows how serious they are (finally) taking security.
Click to expand...
I am very glad Intel is stepping up, I mean they have too, the last 2 years have given them a bit of a bloody nose but they are starting to learn.
 
Lakados said:
I am very glad Intel is stepping up, I mean they have too, the last 2 years have given them a bit of a bloody nose but they are starting to learn.
Click to expand...

Intel's been pretty well on top of security. The stuff related to virtualization and whatnot is an exception as they felt that the likelihood of exploitation was extremely low, and that has so far been shown to be the case.
 
GoodBoy said:
The 77 was pointed out because 67 of those 77 were bugs Intel found themselves. That shows how serious they are (finally) taking security.
Click to expand...
They are taking it seriously because the cat is out of the bag and their industry-wide credibility is at stake, and falling fast.
 
  • Like
Reactions: N4CR
like this
Is me or does all of this security "seriousness" come so close to the advent of Ryzen (more specifically the 3000 series)?

Legit question, is this seriousness because Ryzen is kicking Intel in the dick right now?
 
Red Falcon said:
They are taking it seriously because the cat is out of the bag and their industry-wide credibility is at stake, and falling fast.
Click to expand...
Yup they have that little upstart company yapping at their most profitable market, going from 1 to 5% in enterprise in a year and accelerating...
 
You must log in or register to reply here.
Back
Top