Massive security flaw found in Intel x86-64 processors

"An extremely severe security flaw has been found to affect nearly every Intel processor made in the past decade or more, giving any hackers who might know how to exploit it access to protected information systemwide. The Register reports that programmers are rushing to make the sweeping changes necessary to protect against the vulnerability on Linux and Windows operating systems, with such fixes required on macOS as well. Even worse, you can expect these vital updates to noticeably slow down your computer."

http://www.popularmechanics.com/technology/security/a14537256/horrific-security-flaw-affects-decades-of-intel-processors/

AMD fans rejoice?

That's an old news but still, I'm glad I'm using 4th gen Intel CPU :P

Either way so does Linux and IOS are breach-able - nothing is safe.

@PredatorRules: old? it's just hitting major news outlets today.

I heard the same news a few months ago, maybe they found some more security issues.

"Microsoft has been working on a Windows kernel patch for this issue since November 2017." maybe it was a month ago - can't really tell TBH

@PredatorRules: You mean Haswell? Cause that's affected as well, every intel CPU the past 10 years is. Also, the older it is the worse it's affected.

Direct response from Intel:

Intel Responds to Security Research Findings

Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.

Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.

Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.

Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.

Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.

Link: https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

I heard they can fix it and working currently on doing so but the performance impact will be 30% loss in performance at some CPUs. - that sucks ass, no wonder right now AMD's market stock share been raised.

Well.... AMDs stock is rising because they've finally offered up a product that can compete with intel's I series. Something they hadn't done for a decade.

I was generally an AMD guy for the longest time but i can remember the day i tried a second gen I5 for the first time, it left me dumbfounded with AMD, wondering WTF they were doing to compete with intel and the answer was.... nothing. It took them like eight years to decide they needed to change course.

It must be fun playing copycat...

https://www.gamespot.com/forums/system-wars-314159282/intel-screws-up-with-a-major-kernel-memory-leak-33421670/#42

Different user, different forum and I think this is more suitable place for this topic rather than SW but I'm not SW fan so...

sorry, i seldom visit the hellhole that is SW :) Didn't really see this as a SW topic anyway.

anyway, story does have some legs. google pushed forward a release of more info on the topic

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

The register also responding to Intel's press release on the subject.

May not be a big deal for gamers but keep in mind something like 90%+ of servers worldwide are running Intel processors that are affected by this..

so has the fix came yet or it is coming?

It isn’t just intel there are two security issues called spectra and meltdown, spectra was also found in AMD and ARM CPUs.. it would seem almost every CPU since 1995 has this problem.

http://www.bbc.co.uk/news/technology-42561169

Its more likely that someone who likes technology/hardware DOESN'T visit the teenage cesspool that is systemwars (claiming copycat on something that's the complete opposite of this board is very random)

Very dependent on usage. virtual machines are affected by this. For your gaming, the effect is about zero.

Yeah I saw the Deus Ex and Dota 2 bench before and after patch.

It seems like what is most affected is SSD performance, in some cases random write times are tanked by ~40%.

Well it's because the CPU is doing extra commands as I assume another layer of security for each file that is read or write.

I believe it has to do with calls to the OS for IO operations. the OS calls now take additional time due to the partitioning of data in memory to isolate kernal resources from ordinary program access.

if you are running applications without a lot of need to access OS resources, you probably don't have as much a perf. hit