Another Intel vulnerability!

Tweak42

Gawd
Joined
Dec 1, 2010
Messages
609
Reading the article it's a high hanging fruit attack vector. Who knows, state actors may have been using this for years. Also appears the Intel server chipset feature (DDIO) that enables this attack can be disabled.

Still, that unknowing factor of the next Intel security "feature" lurking around the corner has a lot of admins on edge. Or buying AMD.
 

MMitch

Gawd
Joined
Nov 29, 2016
Messages
807
Yes but it's still faster at 1080p gaming.

COME AT ME!
AHAH At least you mentioned it before someone else could say it's better at gaming while referencing 1080P benchmark on a 500+ $ CPU (Or whatever price it is) and saying how glorious it's at 4K :eek:
Courage you have ! Watch out Apple might sue you...
 

MMitch

Gawd
Joined
Nov 29, 2016
Messages
807
Fix for AMD is coming tomorrow, supposedly. Not sure the Intel security bugs will ever stop.
Let's wait to see that actual fix and what did they change to achieve their results but I would say that the issue Intel and AMD are having in this comparison is really 2 issues that are in 2 different solar system at that point...
Security problem compared to single thread max boost turbo, gg guys gg. The current only alternative to all Intel security flaws is AMD is lack luster max boost CPU (unless you think those are overblown and like to ride professional ladies without adequate protection). [Checks if in GenMay, nope, edit with common words]
 

TurboGLH

Gawd
Joined
Dec 19, 2002
Messages
615
Let's wait to see that actual fix and what did they change to achieve their results but I would say that the issue Intel and AMD are having in this comparison is really 2 issues that are in 2 different solar system at that point...
Security problem compared to single thread max boost turbo, gg guys gg. The current only alternative to all Intel security flaws is AMD is lack luster max boost CPU (unless you think those are overblown and like to ride professional ladies without adequate protection). [Checks if in GenMay, nope, edit with common words]
I threw supposedly in there on purpose, I'm not sure that it their fix will mean anything for people who are short of boost by 25mhz, so the crowd that it will matter for are the guys who say they're short 2-300mhz.

Either way, not long to wait, and I don't want this to get off topic and get locked.
 

MMitch

Gawd
Joined
Nov 29, 2016
Messages
807
I threw supposedly in there on purpose, I'm not sure that it their fix will mean anything for people who are short of boost by 25mhz, so the crowd that it will matter for are the guys who say they're short 2-300mhz.

Either way, not long to wait, and I don't want this to get off topic and get locked.
EDIT: My confusion, now get off my grass :D
 

Red Falcon

[H]F Junkie
Joined
May 7, 2007
Messages
10,645
From what I hear, they've been an issue since the Pentium IV, so I wouldn't hold my breath :D
This one specifically is from CPUs circa 2011 forward, so basically Sandy/Ivy Bridge onwards and any CPU with Intel's L3 "Smart Cache".
The rest basically date back to 1995 with the Pentium Pro, though, so running unpatched older Intel-based systems for anything other than hobbyist systems is basically a death sentence for security.
 

Tsumi

[H]F Junkie
Joined
Mar 18, 2010
Messages
13,377
Is this a real life problem?
For the home user... not really, at least based on my interpretation of the article. This essentially requires direct hardware access, and for the home user, that generally means someone that has physical access to your stuff.

The concern is for servers and data centers, where multiple users are served by the same hardware. What this attack does is allows one user to snoop on other users on the same server. Most of the Intel vulnerabilities are like this, where it's primarily based on multiple users on the same system and one user being able to steal data from other users.
 

N4CR

Supreme [H]ardness
Joined
Oct 17, 2011
Messages
4,687
The higher ups have already given me the order to phase out all Intel servers. So main Hyper-V servers are done just have to do the onsite AD/DNS servers next.
Are you serious? That's quite interesting leadership decision. Good on them though because they really can't lose moving to AMD servers it seems.

intel will always be at the top of this benchmark too

View attachment 186344
HEY! Did you consult userbenchmark first? They'll probably want to divide exploits per core whilst graphing, so it doesn't look so bad on their masters' $2k hot turd + sprinkles cpus.
 

N4CR

Supreme [H]ardness
Joined
Oct 17, 2011
Messages
4,687
For the home user... not really, at least based on my interpretation of the article. This essentially requires direct hardware access, and for the home user, that generally means someone that has physical access to your stuff.

The concern is for servers and data centers, where multiple users are served by the same hardware. What this attack does is allows one user to snoop on other users on the same server. Most of the Intel vulnerabilities are like this, where it's primarily based on multiple users on the same system and one user being able to steal data from other users.
Actually quite a few of the exploits found to date can be done remotely also, not all are physical hardware access, others hit VMs as well. It could also be used to snoop all sorts of encrypted shit in a single user scenarios too, but that goes for any hardware really if you are targeted at a high level, not much is going to stop it. There are so many holes on Intel systems now it's a concern remote or in person, plus these are only the ones we know of...
 

Lakados

2[H]4U
Joined
Feb 3, 2014
Messages
2,640
Are you serious? That's quite interesting leadership decision. Good on them though because they really can't lose moving to AMD servers it seems.
Yep, we have a lot of private and sensitive data stored and the insurance company doesn’t like the liability that Intel servers currently represent. So they recommended to my higher ups that any new purchases keep that in mind when making decisions. Laptops are due for next year so I really hope AMD brings something there to the table that is noteworthy.
 

polonyc2

Fully [H]
Joined
Oct 25, 2004
Messages
18,569
Intel needs to start working on a ground up redesign...but with AMD on their heels this is not a good time for Intel to have to deal with this...
 

N4CR

Supreme [H]ardness
Joined
Oct 17, 2011
Messages
4,687
Yep, we have a lot of private and sensitive data stored and the insurance company doesn’t like the liability that Intel servers currently represent. So they recommended to my higher ups that any new purchases keep that in mind when making decisions. Laptops are due for next year so I really hope AMD brings something there to the table that is noteworthy.
Wow, never considered that type of use case and the liability aspect, even banking I'd imagine that would apply and other markets too. Thanks for the goss :)
You might be just in time for 7nm APUs with Zen2 + Navi. That's something I'd be very excited for and may also jump then or next gen (if they include HBM on interposer), either way it's cheap, good iGPU fast laptops that won't break the bank.
 

T4rd

Fully [H]
Joined
Apr 8, 2009
Messages
17,854
Is this a real life problem?
In terms of security, not really. In terms of performance, yes. Because each hardware security patch comes with a software performance penalty as extra instructions have to run per CPU cycle to mitigate the vulnerability. Doing a quick Google about it, the performance hit can be quite considerable:

https://www.anandtech.com/show/12566/analyzing-meltdown-spectre-perf-impact-on-intel-nuc7i7bnh/4

https://www.extremetech.com/computi...take-performance-hit-spectre-meltdown-patches

Just another reason I'm glad I went Ryzen for my new build. I'm getting around 200 FPS in Wolfenstein 2 that I'm playing right now completely maxed out at 3440x1440 with a 2080 and 2700X with near 100% GPU utilization, so I'm pretty good with that.
 
Top