Another Intel vulnerability!

Discussion in 'HardForum Tech News' started by 1_rick, Sep 10, 2019.

  1. TordanGow

    TordanGow [H]ard|Gawd

    Messages:
    1,243
    Joined:
    May 25, 2015

    #MarketLeader
     
  2. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    9,434
    Joined:
    Apr 9, 2012
    Starting to sound like Intel isn't HIPAA compliant.

    People need to start getting fired for buying Intel.

    How did cts labs miss this one?
     
    Revdarian, N4CR and dgz like this.
  3. DejaWiz

    DejaWiz Oracle of Unfortunate Truths

    Messages:
    19,060
    Joined:
    Apr 15, 2005
    Sheesh...Once all these patches and fixes that degrade performance are implemented, my 3770K is going to be so bogged down that I'll probably miss my dual P-III 1000 system.

    This probably just sealed the deal for going with a Ryzen next spring when I overhaul my gaming PC.
     
    noko, Sulphademus, Revdarian and 3 others like this.
  4. Grimlaking

    Grimlaking 2[H]4U

    Messages:
    2,920
    Joined:
    May 9, 2006
    For you and me both. My next rig unless something DRASTICALLY changes will be an AMD build for CPU.
     
    Revdarian, N4CR, DrezKill and 2 others like this.
  5. Armenius

    Armenius I Drive Myself to the [H]ospital

    Messages:
    18,617
    Joined:
    Jan 28, 2014
    So yet another vulnerability that requires local access. Stop the presses!
     
    dany man, auntjemima and DejaWiz like this.
  6. 5150Joker

    5150Joker 2[H]4U

    Messages:
    3,146
    Joined:
    Aug 1, 2005
    I'm sure there's a way to spin this as positive PR.
     
    Stryker7314 likes this.
  7. Grimlaking

    Grimlaking 2[H]4U

    Messages:
    2,920
    Joined:
    May 9, 2006
    Do you have a secure server room? Can anyone else physically access your servers? Are your USB ports shut down/disabled? Is your BIOS password protected?

    If you don't have a secure server room for all of your intel machines and non approved people can physically access your servers then you're hosed.

    If you have systems outside of the server room with server room level of access and active USB ports then you're hosed.

    If you have all of that and the ports are disabled but the BIOS isn't password protected... then you're hosed.

    Security is a picket fence where we need to pick and choose where our battles take place and where access's are prevented or allowed.

    As intel continues to have vulnerabilities exposed the picket fences grow more gaps.

    Yea to a home user some of these are eye-roll worthy. But if you work for a company with proprietary data (data being more valuable than Oil today.) and you need to control access to said data or risk devaluing your company, then these vulnerabilities ARE a big deal.

    And Admins/Engineers/Managers and above that roll their eyes at these vulnerabilities should be fired and replaced with people that actually care.
     
  8. dany man

    dany man Limp Gawd

    Messages:
    193
    Joined:
    Aug 26, 2019
    more like Pentium pro, really intel drop every last bit of p6 architecture form your CPUs and make something 100% new for once.
    No one might remember, but back in the late 90s we were talking about he holes in the Pentium pro, most of them unknowing lived on to today lol.
     
    Last edited: Sep 13, 2019
    Red Falcon and StormNobleheart like this.
  9. Malfrex

    Malfrex n00b

    Messages:
    6
    Joined:
    May 29, 2018
    I had thought it was just software bloat on my 3770K slowing things down, but since I was planning to upgrade (3900X) I didn't care to do it right away. New system is blazing fast in comparison, as would be expected, but when I rebuilt my old machine to sell off it was still running notably slower than I recalled it doing in the past with a fresh Win 10 install.
     
    DejaWiz likes this.
  10. DejaWiz

    DejaWiz Oracle of Unfortunate Truths

    Messages:
    19,060
    Joined:
    Apr 15, 2005

    That, and as Intel, motherboard manufacturers, and Microsoft partner up and rollout their remedies, the resulting performance degradation affects *everyone*.
     
  11. cyklondx

    cyklondx Limp Gawd

    Messages:
    295
    Joined:
    Mar 19, 2018
    some patches exclude ryzen cpu's (some older amd cpu's are affected) though there were couple controversies about patches being rolled out to ppl with ryzen/epyc systems while they only hurt performance without providing anything for them.
     
    DejaWiz likes this.
  12. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    9,434
    Joined:
    Apr 9, 2012
    Like if you forget your keys in the car the window already has a hole in it?
     
  13. GoodBoy

    GoodBoy [H]ard|Gawd

    Messages:
    1,518
    Joined:
    Nov 29, 2004
    Doesn't look like the majority of our CPU's are even affected...
     
    Dayaks likes this.
  14. Ready4Dis

    Ready4Dis Gawd

    Messages:
    555
    Joined:
    Nov 4, 2015
    This one doesnt require physical access.. just access to the same network. Or at least that's how I read it.
    The name of the paper is "NetCAT: Practical Cache Attacks from the Network"

    And from the paper...
    "By performing PRIME+PROBE in a loop, NetCAT can find out whenever the victim types something in a network connection."

    So, it reads as if you need access to the network, not physical access to the machine, as I agree those are kind of, meh.
     
    dgz likes this.
  15. Ready4Dis

    Ready4Dis Gawd

    Messages:
    555
    Joined:
    Nov 4, 2015
    Sounds like this does not require physical access to the machine, just a connection on the network.

    "Their research is prompting an advisory for Intel that effectively recommends turning off either DDIO or RDMA in untrusted networks."

    Good qoute:

    "Anyone who uses Intel-made processors inside data centers or other untrusted networks should carefully review the research, Intel's advisory, and any advisories by the network provider to ensure DDIO doesn't present a threat. People should also be aware that disabling DDIO comes at a significant performance cost. So far as the researchers know, chips from AMD and other manufacturers aren't vulnerable because they don't store networking data on shared CPU caches."

    AMD doesn't share network data in shared cache so aren't affected... Now we know how Intel got that performance crown, lol.
     
    d3athf1sh, noko, dgz and 4 others like this.
  16. cybereality

    cybereality [H]ardness Supreme

    Messages:
    4,695
    Joined:
    Mar 22, 2008
    Chickens coming home to roost.
     
  17. tunatime

    tunatime 2[H]4U

    Messages:
    3,019
    Joined:
    Sep 15, 2011
    It's all a plan for them to say we fixed our cpu look at how much faster it is then past year model...1.1x faster but 3x as fast once you run all the patches on the old rig lol
     
    Sulphademus and N4CR like this.
  18. N4CR

    N4CR 2[H]4U

    Messages:
    3,852
    Joined:
    Oct 17, 2011
    What other ass do you think they pulled that huge claimed IPC increase from recently?
     
  19. GoodBoy

    GoodBoy [H]ard|Gawd

    Messages:
    1,518
    Joined:
    Nov 29, 2004
    This vulnerability doesn't affect i7's...
     
  20. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    9,434
    Joined:
    Apr 9, 2012
    yeah just their bread and butter server parts.
     
    Red Falcon likes this.
  21. Grimlaking

    Grimlaking 2[H]4U

    Messages:
    2,920
    Joined:
    May 9, 2006
    This is just.... Stupidly painful at this point. Turn off all of the great features we use for performance cheats... Thanks for buying out cpus at 10k a pop. They now perform worse than the 600 dollar end user versions.
     
  22. tangoseal

    tangoseal [H]ardness Supreme

    Messages:
    7,602
    Joined:
    Dec 18, 2010
    Who the F figures this shit out?

    I swear some people just come up with ideas like... what if we tape aluminum foil to a 5ghz wifi coax, add a laser at 876nm, press f5 6 times, and inject a keylogger into an active session of battlefield V in the state of Rhode island at 1236am on july 31st we will discover a new intel exploit.
     
  23. Sulphademus

    Sulphademus Limp Gawd

    Messages:
    351
    Joined:
    Mar 18, 2010
    Going Epyc?
     
  24. Uvaman2

    Uvaman2 2[H]4U

    Messages:
    3,124
    Joined:
    Jan 4, 2016
    Hubris and greed... Every time, hubris and greed.
    Same as Boeing.
    Neither are paying enough for their hubris and greed.
     
  25. dub77nj

    dub77nj [H]Lite

    Messages:
    101
    Joined:
    Oct 10, 2007


    Video of the latest high level meeting at Intel.
     
    Ranulfo, Revdarian, dgz and 6 others like this.
  26. Ready4Dis

    Ready4Dis Gawd

    Messages:
    555
    Joined:
    Nov 4, 2015
    Does that make it better or worse?
     
    Red Falcon likes this.
  27. MMitch

    MMitch Gawd

    Messages:
    775
    Joined:
    Nov 29, 2016
    AHAH give that man a cookie !
     
    auntjemima and Master_shake_ like this.
  28. ryan_975

    ryan_975 [H]ardForum Junkie

    Messages:
    14,182
    Joined:
    Feb 6, 2006
    Revdarian, dgz, Verado and 2 others like this.
  29. Unknown-One

    Unknown-One [H]ardForum Junkie

    Messages:
    8,886
    Joined:
    Mar 5, 2005
    I just upgraded from a 3770k myself... to a 6800k. CPU was $170, RAM was $160, motherboard was free.

    Turns out, Broadwell-E on X99 still holds up pretty well, and there are excellent deals available on slightly older hardware: https://valid.x86.fr/0l6cps
     

    Attached Files:

    DejaWiz and cybereality like this.
  30. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,662
    Joined:
    Feb 3, 2014
    Hyper-V servers are all running on 7551p’s now. My smaller onsite AD/DNS/DHCP servers will be replaced with the imbedded 3000 series epics. Don’t need a lot of power onsite anymore it makes administrating things way easier.

    additional:
    Getting those 7551p’s stable was a bitch and a half took a few bios revisions, firmware updates and changes to power delivery to make it work.
     
    Last edited: Sep 13, 2019
    Ready4Dis, Sulphademus and Red Falcon like this.
  31. Staples

    Staples [H]ardness Supreme

    Messages:
    7,850
    Joined:
    Jul 18, 2001
    A year ago we heard that the patches for meltdown and specter impacted performance up to 10%.
    What is the impact of these other 20 holes that need to be patched?

    If I get a CPU that doesn't have hyper threading, am I safe from these vulnerabilities and the subsequent slowdowns that the patches will cause?

    Thinking of buying an i7 9700 (which doesn't have hyper threading capabilities).
     
  32. Red Falcon

    Red Falcon [H]ardForum Junkie

    Messages:
    9,984
    Joined:
    May 7, 2007
    Hyper-Threading is exploited by the Foreshadow vulnerability, and disabling only partially alleviates the vulnerability.
    Well, when my 6700K started to feel like a 2600K in most tasks, especially VMs, I decided to give up the ghost and drop Intel CPUs all together.

    As long as they are patched, it isn't a big deal, but where this starts to hurt is just how many exploits are still going to continue to be found due to Intel's "shortcuts" for their performance gains.
    Just got tired of the constant patches, vulnerabilities, random performance hits (depending on the tasks), loss of features, and mainly paying for the cost of a processor that ends up having 2/3 the performance as was originally advertised.

    If you want to go with Intel CPUs, go for it and vote with your wallet, but understand the potential future-risks going into it, and the potential loss of features and value going forward as well.
    AMD is the only company truly innovating with x86-64 at this point in time, and Intel has so many issues to deal with, that this may well be the hole that ends up growing to be big enough to sink the ship within the next decade.
     
    SvenBent likes this.
  33. aliaskary77

    aliaskary77 Limp Gawd

    Messages:
    288
    Joined:
    Dec 18, 2006
  34. Dayaks

    Dayaks [H]ardness Supreme

    Messages:
    7,204
    Joined:
    Feb 22, 2012
    Don’t most of these vulnerabilities require physical access to the machine? I can’t remember one that doesn’t but I don’t really pay attention to these. I was planning on having all AMD for a while so ignored the Intel side of things.
     
  35. ole-m

    ole-m Limp Gawd

    Messages:
    451
    Joined:
    Oct 5, 2015
    many doesn't.. no.

    Meltdown, foreshadow, spectre etc require code to run on the machine.
    websites can do that :)

    This one requires network access, not exactly physical :)
     
  36. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    13,030
    Joined:
    Mar 18, 2010
    As I stated above, most of the impact is on servers. For the home user, most of these (as I understand them) will require elevated permissions, so it's a moot point. The notable exceptions were Spectre and Meltdown where administrative access was not needed.
     
  37. ShuttleLuv

    ShuttleLuv [H]ardness Supreme

    Messages:
    7,052
    Joined:
    Apr 12, 2003
    Intel is in bed with ______________
     
  38. Hagrid

    Hagrid [H]ardForum Junkie

    Messages:
    8,456
    Joined:
    Nov 23, 2006
    I know the answer! It's the vulnerability monster?
     
    Sulphademus and ShuttleLuv like this.
  39. Grimlaking

    Grimlaking 2[H]4U

    Messages:
    2,920
    Joined:
    May 9, 2006
    Yea these vulnerabilities are a freaking nightmare.

    Imagine you work for an enterprise and lets say you have over 1500 VM servers running in a 4-1 over allocation to processor threads. (not uncommon)

    Now lets say that an intel vulnerability comes out and the fix from Vmware is to turn off hyperthreading for the hosts.

    Do you do this and take your 4-1 over allocation and with the flip of a switch make it 8-1 over allocation? Can you AFFORD to loose 1/2 of your effective compute resources? Or do you choose to take the risk and keep your ESXi Hosts and associated guests exposed?

    This is a freaking nightmare scenario that MANY Engineers are having to deal with. I would STRONGLY lean AGAINST using Intel Compute in a Vmware cluster if I were building a new one today.
     
    Red Falcon and Sulphademus like this.
  40. GoodBoy

    GoodBoy [H]ard|Gawd

    Messages:
    1,518
    Joined:
    Nov 29, 2004
    Just look in vCenter at your hosts' CPU utilization...

    Ours before all the spectre/meltdown shit were typically 10-20% utilized on the CPU, with the RAM at about 70% to 80% utilized. i.e. full clusters.

    So far the hit from spectre meltdown in our environment (1400 hosts, 10k+ vm's) has only impacted a few clusters that had spikes into high cpu utilization of 70to80% before the spectre/meltdown fixes were applied.

    ESXi side-channel aware scheduler is enabled, so the largest possible hit we should feel (up to 30%). But, since RAM in most typical virtual environments is the limiting factor, we haven't really felt this that much.

    Even with a 30% perf hit, cpu utilization would go from 20% to 50%, in out environment. Still have room for the occasional cpu spiking vm even.

    The ones with the spiking cpu utilization (cas boxes for exchange email) we've been more careful with balancing the vm's, enabled high performance options in the bios settings, and added a couple hosts.

    There probably are virtual environments where these impacts have been felt more strongly, but luckily not ours.

    Moving 1400 hosts to AMD isn't going to happen... incompatible with Intel EVC modes so no hot migration. Can you imagine trying to coordinate the powering off of 14k vm's with all those varied system administrators/customers? Plus these hosts are only tech refreshed every 5 to 7 years. Probably the same for most server floors.
     
    Last edited: Sep 16, 2019
    Red Falcon and Lakados like this.