Nvidia hit with a Major Cyberattack

longblock454 said:
^ That could be a goldmine for the nouveau Linux guys.
Click to expand...
That would get them sued out of existence, this is a huge blow to them. Now any features they implement they have to be able to prove in a court they developed or reverse engineered completely on their own. If any of their contributors so much as glances at that leak the project is as good as dead.
 
Lakados said:
That would get them sued out of existence, this is a huge blow to them.
Click to expand...
Why? How? Unless Nouveau copies their code 1:1 then I can't see this happening. Also, Nvidia's code isn't exactly better than MESA. Intel's and AMD's open source drivers are arguably better than Nvidia's on Linux. Nvidia has really let their Linux drivers go over the past number of years. Nouveau's biggest problem isn't their code but the lack of firmware from Nvidia. Without it you can't set clock speeds or anything really. That and the lack of funding. Every month you hear about Intel and AMD hiring new people to work on open source drivers. Valve hires people to work on open source drivers. If anything the Nouveau guys can look at the source code and maybe be able to set the clock speeds of GPU's properly. Even still the Nouveau drivers are so bad that no Nvidia owner would use these other than to boot into Linux to install Nvidia binary drivers.
Now any features they implement they have to be able to prove in a court they developed or reverse engineered completely on their own. If any of their contributors so much as glances at that leak the project is as good as dead.
Click to expand...
Nobody is going to court for implementing a feature that's similar to Nvidia's. Firstly you need source code or hexadecimal code proof that it was stolen. Second, I really doubt anyone is going to do that. Most of Nvidia's stuff is for Nvidia stuff, so what's the point of implementing it? If anything an underground bunch of people are going to compile the code for a driver that doesn't have any mining limitations. That's the least buggiest thing one could do that doesn't require a lot of work. Anyone who tries to merge Nvidia's code with AMD or Intel drivers are going to introduce a lot of bugs that simply won't work without a lot of man power working on it. That doesn't mean AMD and Intel driver engineers won't take a peak on the code. Not the end of the world considering both AMD and Intel freely release their code for anyone including Nvidia to look at, which I'm sure they do.
 
DukenukemX said:
Why? How? Unless Nouveau copies their code 1:1 then I can't see this happening. Also, Nvidia's code isn't exactly better than MESA. Intel's and AMD's open source drivers are arguably better than Nvidia's on Linux. Nvidia has really let their Linux drivers go over the past number of years. Nouveau's biggest problem isn't their code but the lack of firmware from Nvidia. Without it you can't set clock speeds or anything really. That and the lack of funding. Every month you hear about Intel and AMD hiring new people to work on open source drivers. Valve hires people to work on open source drivers. If anything the Nouveau guys can look at the source code and maybe be able to set the clock speeds of GPU's properly. Even still the Nouveau drivers are so bad that no Nvidia owner would use these other than to boot into Linux to install Nvidia binary drivers.

Nobody is going to court for implementing a feature that's similar to Nvidia's. Firstly you need source code or hexadecimal code proof that it was stolen. Second, I really doubt anyone is going to do that. Most of Nvidia's stuff is for Nvidia stuff, so what's the point of implementing it? If anything an underground bunch of people are going to compile the code for a driver that doesn't have any mining limitations. That's the least buggiest thing one could do that doesn't require a lot of work. Anyone who tries to merge Nvidia's code with AMD or Intel drivers are going to introduce a lot of bugs that simply won't work without a lot of man power working on it. That doesn't mean AMD and Intel driver engineers won't take a peak on the code. Not the end of the world considering both AMD and Intel freely release their code for anyone including Nvidia to look at, which I'm sure they do.
Click to expand...
Opensource software development is required to keep a Clean Room approach to all features they reverse engineer for a reason, now NVidia may not necessarily go after them for implementing some features but there are big legal differences between reverse engineering something and looking at the blueprints and walking them backward. Bigger opensource projects have been shut down for less. They wouldn't need to steal the exact code, NVidia would only need to argue that there is reason to believe that they used the leaked code as a reference guide. For legitimate projects like Nouveau, this is a problem, for people who weren't concerned with the legitimacy of their projects to begin with, this only helps speed them along. But no the Nouveau guys can't look at the code.
 
longblock454 said:
Got an example handy?
Click to expand...
Github maintains a list of all their takedown requests, I don't have it at the moment but I do know it exists.
https://github.com/github/dmca

I remember a number of ones I was using in the past being taken down then just having to move to an older fork, or just swap to an alternate project but their names do escape me as they were over 10 years ago when I had to worry about those sorts of problems.
 
Lakados said:
Bigger opensource projects have been shut down for less.
Click to expand...
Github shuts down many projects that isn't related to stolen code. I know a number of Mangos projects that were shutdown not because of stolen code but because the use of this software can only be for illegal purposes. Though I'd argue a WoW emulated server is not illegal in of itself.
They wouldn't need to steal the exact code, NVidia would only need to argue that there is reason to believe that they used the leaked code as a reference guide. For legitimate projects like Nouveau, this is a problem, for people who weren't concerned with the legitimacy of their projects to begin with, this only helps speed them along. But no the Nouveau guys can't look at the code.
Click to expand...
The problem I see with this is that there's only so many ways to say "hello world". While I believe coding is an art, but individual lines of code aren't. Could Nvidia take Nouveau guys to court? Sure but then again nobody at Nouveau makes any money running Nouveau so this would be Nvidia flexing it's money muscle to get their way. This also doesn't help Nvidia's public imagine on their lack of open source driver support.
 
they will release v vx and vg files. I assumed v is verilog files. What are vx and vg? Maybe my assumption was wrong.
 
DukenukemX said:
Github shuts down many projects that isn't related to stolen code. I know a number of Mangos projects that were shutdown not because of stolen code but because the use of this software can only be for illegal purposes. Though I'd argue a WoW emulated server is not illegal in of itself.

The problem I see with this is that there's only so many ways to say "hello world". While I believe coding is an art, but individual lines of code aren't. Could Nvidia take Nouveau guys to court? Sure but then again nobody at Nouveau makes any money running Nouveau so this would be Nvidia flexing it's money muscle to get their way. This also doesn't help Nvidia's public imagine on their lack of open source driver support.
Click to expand...
There are two potential issues at play here and a semi-third specifically about leaks like this:

1) exact copy-pasta of the leaked proprietary code: nobody in (FL)OSS does this (or if they do they are braindead) since it’s a recipe for lawsuits

2) writing new code based on leaked proprietary code: this is much trickier to prove and as others have already posted projects like Wine have strict rules and guidelines to prevent this code entering their project. While harder to prove in a lawsuit, generally this just depends on who has better lawyers/deeper pockets (ie skewed very much towards the big corp winning)

So what’s the semi-third? Generally to reverse engineer a driver/hardware functionality someone will bit bang registers or snoop what register values the driver is writing/reading to try to figure out what the function of the registers is (btw we’re talking potentially 100s of control and config registers here). Of course there are cases where some of these hobbyists have contacts within nvidia and other companies to get access to a subset of internal spec sheets but this kind of thing is hard to prove. This type of work leads to lots of bricked hardware, for example crypto-optimizing reverse engineers do this a **lot** to figure out how to apply higher power limits via non-documented VRM controls for example and end up permanently bricking chips/SoCs.

With that said, traditionally someone trying to implement a new feature in nouveau or such would follow a similar path to reverse engineer a feature. Nvidia can’t really sue them because reverse engineering isn’t necessarily illegal. Now enter the case where some “hackers” leak all the design specs and source - **any** new feature in a project like nouveau is now instantly suspect and nvidia would have a much easier time filing lawsuits - sure, they’re not slam-dunk lawsuits but still more likely to result in nvidia’s favor than in the previous situation without the leaked data. Basically this doesn’t help anyone and could in fact jeopardize entire projects like nouveau.
 
schoolslave said:
It can potentially be a National Security disaster if the leaked data includes export-controlled design data (iirc this is usually some gnarly floating-point or cryptography designs).
What I'm really curious about is if Nvidia will face Federal charges in such a scenario.
Having worked at some of the "big" chip manufacturers myself - export regulations for logic designs (not sure about software) are absolutely no joke and carry heavy Federal penalties.
Click to expand...
I'd like to know what's a GPU manufacturer doing with anything security related? For them to get hacked means that Nvidia wasn't paying as much for their network security as they should.
schoolslave said:
With that said, traditionally someone trying to implement a new feature in nouveau or such would follow a similar path to reverse engineer a feature. Nvidia can’t really sue them because reverse engineering isn’t necessarily illegal. Now enter the case where some “hackers” leak all the design specs and source - **any** new feature in a project like nouveau is now instantly suspect and nvidia would have a much easier time filing lawsuits - sure, they’re not slam-dunk lawsuits but still more likely to result in nvidia’s favor than in the previous situation without the leaked data. Basically this doesn’t help anyone and could in fact jeopardize entire projects like nouveau.
Click to expand...
Nouveau is a dead project as far as I'm concerned. Without anything to give it a massive boost that it needs then not even a massive leak of Nvidia's driver code is gonna fix it. For Nvidia to go after Nouveau is literally shooting themselves in their own foot.
 
Lakados said:
In regards to the clean room policies, they are great when followed but anybody who has worked in an office can tell you no matter how clear or easy the policies are there's always some jackass in the back corner who thinks they don't apply to them and that they won't have any problems.
Click to expand...
I don't disagree, but some environments are more susceptible to that than others. Trust and reputation are vital to distributed OSS projects such as Linux, as are thorough code review processes. Linux didn't grow to become the tremendous success that it has because of formal policies, but because of its large network of contributors from around the globe that by some small miracle have managed to work together, and in the course of so doing they've had to deal with all sorts of legal issues (copyright, patents, NDAs, etc.). So this isn't new territory, or even a big deal so far as the kernel or the userspace (Mesa 3D) drivers are concerned. No one from either team is going to risk ruining their reputation, career, or worse, just to make the Nouveau driver slightly less bad. The reward isn't there. Code also has to pass review, which in the case of the kernel is a multi-stage process. I'll add that the review process does seem much more robust against legal bugs than security ones. ;)

I note that none of the above is in contradiction to your point — just adding my 10 pennies.

Edit: I don't want to spam the thread with individual links to stories that may not add any new information, so here's another from yesterday (Friday): Cybercriminals who breached Nvidia issue one of the most unusual demands ever
 
Last edited:
:'( The leak seems to have outed the Switch 2 specs...
Looks like Nintendo is going with the Tegra T239 which is pretty dope
There also looks to be some correspondence with Nintendo about possible PC releases

But now that it's been leaked knowing Nintendo they are probably going to cancel that. :(
 
Lakados said:
:'( The leak seems to have outed the Switch 2 specs...
Looks like Nintendo is going with the Tegra T239 which is pretty dope
There also looks to be some correspondence with Nintendo about possible PC releases

But now that it's been leaked knowing Nintendo they are probably going to cancel that. :(
Click to expand...
It would be incredible if Nintendo sued Nvidia over the breach
 
Lakados said:
Not really there are no winners in that situation, no matter the outcome they both lose, and while they argue it out in court the rest of us lose, it would suck.
Click to expand...
adjective: incredible
1.
impossible to believe.
"an almost incredible tale of triumph and tragedy"

Similar:
unbelievable
2.
difficult to believe; extraordinary.
"the noise from the crowd was incredible"

:D
 
Lakados said:
:'( The leak seems to have outed the Switch 2 specs...
Looks like Nintendo is going with the Tegra T239 which is pretty dope
There also looks to be some correspondence with Nintendo about possible PC releases

But now that it's been leaked knowing Nintendo they are probably going to cancel that. :(
Click to expand...
Are they going to release a new shield?
 
serpretetsky said:
adjective: incredible
1.
impossible to believe.
"an almost incredible tale of triumph and tragedy"

Similar:
unbelievable
2.
difficult to believe; extraordinary.
"the noise from the crowd was incredible"

:D
Click to expand...

Definition of incredible

1 : too extraordinary and improbable to be believed, making incredible claims​

2 : amazing, extraordinary incredible skill, an incredible appetite, met an incredible woman​

 
noko said:
I don't see why companies don't allow hackers into false access to false data that blows up in their face. Basically making hacking not worth it, exposing hackers, locking up their equipment etc. False traps. Making hacking a particular company mostly suicide.

I also fail to see why sensitive information is not behind a wall of encryption with access only by hardware key with additional fingerprint/face etc. besides the usual password for access to the computer. Having a separate email/correspondence/internet network so internal work I would also think would be the norm. Anyways I just don't know enough about this in the end, I just wonder how in the world can Nvidia can be hacked at any significant level, source code breach etc.
Click to expand...
Well you have to give your users access to the data somehow. How would such a system work? Users login to a virtual environment that has an encrypted connection to somewhere else? Adds latency, time and complexity.

Even if you made some fake honeypot for hackers totally separate, how much information will you really get from them and what is the incentive for a company to setup the extra expense?

It sounds like a great idea (that's why I am asking), just don't see how it would be practically implemented.
 
Samsung Seemingly Falls Victim to Nvidia Attackers

Lapsus$, a hacking extortion group that previously targetted Nvidia, has begun crowing about a significant Samsung data leak that it has architected...the hackers claimed they plundered about 200GB of compressed data from Samsung servers, including confidential documentation, code, and other proprietary information...more specifically, Lapsus$ claims to have its hands on Knox authentication code, biometric unlock algorithms, bootloader code for all recent Samsung devices, Trusted Applet source code, code behind online services and Samsung accounts, and much more...

https://www.tomshardware.com/news/samsung-seemingly-falls-victim-to-nvidia-attackers
 
serpretetsky said:
adjective: incredible
1.
impossible to believe.
"an almost incredible tale of triumph and tragedy"

Similar:
unbelievable
2.
difficult to believe; extraordinary.
"the noise from the crowd was incredible"

:D
Click to expand...
Not sure what dictionary you got this from, but...

"in" latin root that basically translates to "not"
"un" old english root that basically translated to "not"

Also, if you look up the base words you get...
1. credible - capable of being believed
2. believable - capable of being believed
Source: The American Heritage® Dictionary of the English Language, 5th Edition.
So they're the same and just let stuff like that go. Out word nazi'd your word nazism. :p

Back on topic... it looks like, either way, nVidia drivers are about to be open source on Friday?
 
Last edited:
polonyc2 said:
Samsung Seemingly Falls Victim to Nvidia Attackers

Lapsus$, a hacking extortion group that previously targetted Nvidia, has begun crowing about a significant Samsung data leak that it has architected...the hackers claimed they plundered about 200GB of compressed data from Samsung servers, including confidential documentation, code, and other proprietary information...more specifically, Lapsus$ claims to have its hands on Knox authentication code, biometric unlock algorithms, bootloader code for all recent Samsung devices, Trusted Applet source code, code behind online services and Samsung accounts, and much more...

https://www.tomshardware.com/news/samsung-seemingly-falls-victim-to-nvidia-attackers
Click to expand...
Start a new thread. That has all kinds of implications, too. No more locked bootloaders on Samsung devices?
 
Lakados said:
:'( The leak seems to have outed the Switch 2 specs...
Looks like Nintendo is going with the Tegra T239 which is pretty dope
Click to expand...
I wonder if that's going to be more powerful than Valve's Deck?
There also looks to be some correspondence with Nintendo about possible PC releases
Click to expand...
They should have been doing this decades ago. If PC emulators have anything to say about Nintendo games is that there's a demand for them on PC. Good chance the amazing work of emulator authors have made Nintendo piracy super easy, and the reason why Nintendo is considering releasing their games on it. I'm just wondering what DRM they're going to use to ruin it?
 
DukenukemX said:
I wonder if that's going to be more powerful than Valve's Deck?

They should have been doing this decades ago. If PC emulators have anything to say about Nintendo games is that there's a demand for them on PC. Good chance the amazing work of emulator authors have made Nintendo piracy super easy, and the reason why Nintendo is considering releasing their games on it. I'm just wondering what DRM they're going to use to ruin it?
Click to expand...
I don’t know about faster, existing cellphones using the A78AE cores score around 3200 to the decks 3700 in Geekbench, but that’s using Mali and not using Ampere. But the Tegra will probably be pulling 7-15w compared to the Decks 40??
 
Lakados said:
I don’t know about faster, existing cellphones using the A78AE cores score around 3200 to the decks 3700 in Geekbench, but that’s using Mali and not using Ampere. But the Tegra will probably be pulling 7-15w compared to the Decks 40??
Click to expand...
Right now the Switch isn't that much better in battery life compared to the Deck. The Deck does have a slightly larger battery as well. I'm guessing Nintendo will nerf this chip like they did to the Tegra X1 but who knows. I'm thinking the battery life with be the same if not worse than the current Switch.
 
DukenukemX said:
Right now the Switch isn't that much better in battery life compared to the Deck. The Deck does have a slightly larger battery as well. I'm guessing Nintendo will nerf this chip like they did to the Tegra X1 but who knows. I'm thinking the battery life with be the same if not worse than the current Switch.
Click to expand...
The battery packs aren’t even close.
The Switch battery is rated at 4310 mAh which is 4.31 Wh.
The steam decks battery is rated at 40Wh it has a vastly larger battery.

So yes similar life expectancy under usage but the Deck has almost 10x the battery capacity.

The Switch’s X1 only pulls 7w on battery and 16w max while docked.
The T239 hasn’t been disclosed and isn’t even confirmed as to who is making it, rumours state everything from Samsung 8 to TSMC 6, so that changes much but the stock T239 is isn’t too dissimilar to many MediaTek offerings which operate in the 8-16w range.

And in regards to a nerf on the X1 at a full featured configuration it was a 65w part, a smidge extreme for a mobile solution. Likewise the full featured version of the T239 is the Orion which is another 65w part. Which the AGX Orion they have been selling since 2019 and is a beast.
 
serpretetsky said:
from my reading it 3.7 v. so i think closer to 16Wh.
Click to expand...
I read the wrong stat when punching in the calc I read the low power state which was a 1.2v draw so thats me not knowing how to read a table. But yeah still a significantly smaller battery than the Deck.

I still think I want a deck, eventually if for nothing else than it’s emulation capability.
 
Lakados said:
The battery packs aren’t even close.
The Switch battery is rated at 4310 mAh which is 4.31 Wh.
The steam decks battery is rated at 40Wh it has a vastly larger battery.
Click to expand...
The steam deck uses a 5,313mAh battery. It's not that much bigger.
 
jmilcher said:
Thank you for that.

So I didn't see actual confirmation I trust. Did they leak what they promised? If so, how do you guys think that will effect nvidia in the future?
Click to expand...
All I know of this weekends leaks are that they published NVidia’s driver certificates so malware publishers can use them to certify the installers.

Wonder how long its going to take to get those invalidated.

The leaked certificates are already in circulation and new malware/virus variants are already popping up using them.

There is a registry tweak how to prevent Windows from validating them. Because Windows will still allow the installation of expired certs for legacy reasons.
 
Last edited:
Lakados said:
All I know of this weekends leaks are that they published NVidia’s driver certificates so malware publishers can use them to certify the installers.

Wonder how long its going to take to get those invalidated.

The leaked certificates are already in circulation and new malware/virus variants are already popping up using them.

There is a registry tweak how to prevent Windows from validating them. Because Windows will still allow the installation of expired certs for legacy reasons.
Click to expand...
So much for their hacking for the people.
 
You must log in or register to reply here.
Back
Top