Intel CPU's have a security flaw?

[pixelplucker]

Just as I was looking into a workstation I heard that the Intel chips have a security flaw and when patched the performance will be impacted. Not sure what chips they are "fixing".

[robcat2075]

Wow.



Meltdown and Spectre FAQ: Fix for Intel CPU flaws could slow down PCs and Macs

 

I predict class action lawsuits.

 

 

I'm afraid to look at what this will do to Intel stock.

[robcat2075]

MS supposedly has a patch out yesterday but my Windows update doesn't show it available or previously done.

[Roger]

Wow.

 

 

 

Meltdown and Spectre FAQ: Fix for Intel CPU flaws could slow down PCs and Macs

 

I predict class action lawsuits.

 

 

I'm afraid to look at what this will do to Intel stock.

 

The fix is supposed to slow down the CPUs by 5-30%. I can tell you that AMD is up nearly $2/share right now, from where it was a month ago.

[Fuchur]

The patch MS will bring is only the first of a few they need to get out and we do not yet know what needs to be done yet.

 

AMD is (likely) not affected by the first one but the second is more likely a problem for AMD too. Nevertheless, AMD's processor seem to be very minorly affected by this.

We do not know yet how much performance this will cost, but at the moment I would not buy an Intel chip (or in fact any workstation even with AMD in it) till it is clear what is going on.

 

In the end it looks like Intel did not care about security much while AMD at least thought about it. That made the AMD chips a little less performant but more secure. Intel did the opposite.... didnt care about security but wanted to have the benchmarks in favour of their own processors. (not that I am surprised in any ways... I do not like Intel much for several reasons and especially for how they are reacting to this at the moment (very unprofessionally) or how they sold processors in the last years (very expensive without a good reason for it) or how they got in the position to be like that (they gave money to electronic stores for not offering AMD systems and they tried even to force, that AMD is not sold at all in the same store otherwise they increased the prices or even forbit to sell their processors there... this is, why they have been sued and had to pay 1.06 Billion Euros, the highest penality ever payed... and they still earned a lot more from what they did there because they could hold down the competition... )

 

And if you think that is all: One of the highest managers at intel did sell all his stock when he was told about this in late summer to autumn and they still did not fix it. This is what really makes me furious.

 

Best regards

*Fuchur*

[robcat2075]

Looks like the first patch got to me last night.

So far, it seems not to have changed render times on the Teapot Benchmark.

[pixelplucker]

Is there a particular line of chips affected? Where the Xeons in the mix or i5's?

I am running into a snag with my FormZ where there are issues with their Renderzone internal renderer and intel and AMD video compatibility. Mainly because of OGL libraries I assume. Got the poor guys over there scratching their heads. In the meantime I am looking into a solid workstation to port all my programs over to.

 

Always some stupid snag... nothing ever goes easy hehe

[Fuchur]

On the intel-side: All intel core-based cpus including server. It seems like especially writing to and reading from fast ssds is affected, but it may not be very important.

[robcat2075]

Is there a particular line of chips affected?

 

 

 

Google says “effectively every” Intel processor released since 1995 is vulnerable to Meltdown, regardless of the OS you’re running or whether you have a desktop or laptop. (You can find a full list of affected Intel processors in this article.)

AMD processors aren’t affected by the Meltdown bug. But chips from Intel, AMD, and ARM are susceptible to Spectre attacks.

 

1995. That's pretty much my entire life with Windows.

[pixelplucker]

So it isn't a security issue as much as an exploit that can bypass the thermal shutdown, right?

[robcat2075]

So it isn't a security issue as much as an exploit that can bypass the thermal shutdown, right?

 

You mean "Meltdown"? I'm pretty sure that's the poorly-chosen name of an exploit and not about actual overheating.

[Fuchur]

It is about being able to access data in the memory/cache of other processes on your computer. That means, if you for instance put in a password in Chrome, another program can access the password too without you noticing anything. All three attack vectors do this in different ways. The worst one is the one, which can do that using the browser. That means, that a specially prepared website can easily look through everything else that may be running on your computer including for instance the indexing engine of windows/linux/etc. which for instance could currently index your password list file, etc.

 

It really is a very bad security flaw. We currently dont know what it really can do, but it is quite bad. Only thing that can currently save you is, what could do it till now anyway: Be careful what you open in your browser, email or whatever and only work with programs or websites you trust.

 

Meltdown is not really poorly choosen but for a non-tech-person it is a little missleading, yes.

 

Best regards

*Fuchur*

[pixelplucker]

Yup your right, my brother said the same thing.

[Rodney]

If I was the suspicious type... which I am... I'd say the flaw was known to select people but hit its shelf life some time ago and so this one could safely be released to the public so that others (who have recently discovered the exploits existence) can't act to exploit it. Of course in that imaginary world a better exploit would need to be in place before this one was revealed or it'd be easier just to kill people.

[pixelplucker]

I don't think you can just access the cache without some sort of virus or trojan. Nothing to really worry about unless your in the habit of scavenging the web for naughty bits.

[robcat2075]

It's catching...

 

Nvidia admits its GPU chips are vulnerable to same flaw affecting Intel and AMD

 

 

Santa Clara-based chipmaker Nvidia this week admitted that some of its chips are affected by a wide-reaching security flaw impacting rivals Intel Corp, Advanced Micro Devices and ARM Holdings.

In a security note Tuesday, Nvidia said its GeForce, Quadro, NVS, Tesla and GRID chips will need to be patched. Nvidia shares fell more than 1 percent at the opening bell.

The twin security flaws, dubbed Meltdown and Spectre, impact the chips inside millions of smartphones, computers and servers sold within the last five years.

Nvidia says it believes its GPU chips are only susceptible to the Spectre flaw, which theoretically allows hackers to exploit weaknesses in chip design to trick applications into handing over secret information, like passwords and encryption keys...

 

[pixelplucker]

Doesn't seem to effect the iphones does it?

[pixelplucker]

Update on the update. So far my desktop didn't seem to have any performance issue or none that I could tell. My laptop on the other hand was really impacted to the point it was barely usable on heavy graphic manipulation to the point it was just difficult even to select objects, pan etc. The laptop does have integrated video so maybe that is part of the problem.

I ended up removing the patch and all is happy again.

For those that are impacted the patch is KB4058702. Under Win 10 you can access the old style programs and features by opening a command prompt and typing "control" then hit enter. The update should be in the list.

 

Sometimes the cure is worse than the condition.