Jump to content
IGNORED

Major security flaw found in Intel processors


Recommended Posts

Patch Tuesday coming on 1/9 should be fun.  Of course, Microsoft never screws this up.

Pareto Audio AMD 7700 Server --> Berkeley Alpha USB --> Jeff Rowland Aeris --> Jeff Rowland 625 S2 --> Focal Utopia 3 Diablos with 2 x Focal Electra SW 1000 BE subs

 

i7-6700K/Windows 10  --> EVGA Nu Audio Card --> Focal CMS50's 

Link to comment

AMD PROC's may be affected also by default. If the OS "fix" is done out of fear by the DEV'S as a CYA for all x86 software in general which there is already evidence of in the Linux world it wont matter what PROC brand one chooses.

 

Then of course there is the argument that the issue has existed for over 10yrs and no one has known it then the fame seekers who made the issue public have only harmed the world by mentioning it in the first place.

 

One has to weigh the likelyhood of being exploited in the first place against the performance impact almost certainly bound to occur by fixing it. The fix could easily result in the need for one to almost double their existing PROC resources just to make up for the losses resulting in fixing it. Were talking big dollars on the enterprise scale!

 

Hackers should be labeled as terrorists and have open hunting season tags attached to them much like wild hogs. Shot on the spot with no need to report it.

Link to comment
54 minutes ago, cjf said:

Then of course there is the argument that the issue has existed for over 10yrs and no one has known it then the fame seekers who made the issue public have only harmed the world by mentioning it in the first place.

That's flawed thinking. If these researchers found it, so could the bad guys. For all you know, they've already been using it.

Link to comment
56 minutes ago, cjf said:

One has to weigh the likelyhood of being exploited in the first place against the performance impact almost certainly bound to occur by fixing it.

Yes, for an audio-only system it doesn't matter as it won't be running untrusted code.

Link to comment
21 minutes ago, MetalNuts said:

It said chips made in the last decade, so it only affect those old computers, the majority of which are comparatively slow in the current standard. 

It means processors made in the last ten years.

Pareto Audio AMD 7700 Server --> Berkeley Alpha USB --> Jeff Rowland Aeris --> Jeff Rowland 625 S2 --> Focal Utopia 3 Diablos with 2 x Focal Electra SW 1000 BE subs

 

i7-6700K/Windows 10  --> EVGA Nu Audio Card --> Focal CMS50's 

Link to comment
11 minutes ago, rickca said:

It means processors made in the last ten years.

That's obviously an approximation. The flaw affects many CPUs with speculative execution, which for Intel is more or less all 64-bit models. AMD says they are not affected by the Meltdown attack though this remains to be verified.

Link to comment

At least ARM64 seems to be affected too (and maybe some more recent 32-bit Cortex-A's too), so it is not just Intel or x86 architecture...

 

Anyway, for our audio playback use cases, this shouldn't make much performance difference.

 

Some cloud installations may have interesting times though...

Signalyst - Developer of HQPlayer

Pulse & Fidelity - Software Defined Amplifiers

Link to comment
23 minutes ago, Miska said:

At least ARM64 seems to be affected too (and maybe some more recent 32-bit Cortex-A's too), so it is not just Intel or x86 architecture...

The Spectre attack affects more systems than Meltdown which is only confirmed on Intel. The performance impact of the KPTI patches in Linux only occurs at user/kernel mode transitions, i.e. syscalls and traps. As you say, typical audio code shouldn't be heavily affected.

Link to comment
5 hours ago, cjf said:

Hackers should be labeled as terrorists and have open hunting season tags attached to them much like wild hogs. Shot on the spot with no need to report it.

 

I just cannot comprehend what you wrote. That takes stupidity to a whole new level.

 

If I were to guess every country's secret service has hackers in employment, most cyber security companies as well.

[br]

Link to comment
4 hours ago, MetalNuts said:

Decade is ten years, right?  My rough recollection is that all those models before i3, i5, i7 model.  I am pretty sure that my iMac and PC have the i5 or i7 processors. 

No it means all processors made in the last ten years, that includes i3,5 & 7 processors... Not processors made over 10 years ago. So i3s to i7s are included.

Link to comment
On 1/4/2018 at 5:25 AM, mordante said:

 

I just cannot comprehend what you wrote. That takes stupidity to a whole new level.

 

If I were to guess every country's secret service has hackers in employment, most cyber security companies as well.

I guess you need to try harder then.

 

I suppose by your line of thinking that those folks you listed are also the ones involved in stealing/using credit card info and peoples personal identities, launching DOS attacks responsible for taking down major internet providers and corporations across the globe all just to say they could do it and take credit for it publicly while collecting a paycheck and paying taxes? Its no different then burning down your own neighborhood.

 

Wake up dude. The people you listed have a job because of these other slime balls.

 

If the other parasites spent half as much time putting their skills to work for good and useful things the world would be in a much better place.

Link to comment

Note, one of my favorite white-hat hacker groups is Google's Project Zero, who found also this bug. Since nation state actors and criminals don't publish their vulnerability findings, it is extremely important that we have such people who are paid to responsibly find bugs and vulnerabilities so those can be fixed and overall security improves.

https://googleprojectzero.blogspot.com

 

There are also companies who do similar work on order, to test security before the products come out. Hackers who are paid to analyze and try to break your/my software. This helps fixing problems before products face real jungle out there. Many who are very professional and clever people. I'm happy to know and have worked with such people and have my utmost respect.

 

Signalyst - Developer of HQPlayer

Pulse & Fidelity - Software Defined Amplifiers

Link to comment
On 1/3/2018 at 11:49 PM, cjf said:

Hackers should be labeled as terrorists and have open hunting season tags attached to them much like wild hogs. Shot on the spot with no need to report it.

 

Thats too bad because the folks who discovered the flaw would be dead and you wouldn’t of heard about it until hackers out of your reach took down your infrastructure. 

Custom room treatments for headphone users.

Link to comment
On 1/4/2018 at 7:38 PM, AudioDoctor said:

I am running 13.13.3 Beta version 3, allegedly has the fix, I have noticed no slowdowns at all.

 

 

I want to quote myself here, I see nor observe any slowdown on either my 2011 Mac mini, i5, 16GB RAM, and an SSD, and on my brand spanking new iMac with its i7, 32GB of RAM, SSD, etc...

No electron left behind.

Link to comment
  • 3 weeks later...

Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners

https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/

 

Belay that order: Intel says you should NOT install its Meltdown firmware fixes

The warning, which encompasses just about every Intel processor out there, from all PC manufacturers, takes effect immediately. And there’s no indication when it will get fixed.

https://www.computerworld.com/article/3250250/malware-vulnerabilities/belay-that-order-intel-says-you-should-not-install-its-meltdown-firmware-fixes.html

Quote

In what appears to be a catastrophic curtain call to the "oops" moment that I discussed 10 days ago, it now seems that the bright, new firmware versions — which Intel has had six months to patch — have a nasty habit of causing “higher system reboots.”

 

I'm just updating and securing my browser for now, let's wait and see how it goes.

Link to comment

Pareto Audio AMD 7700 Server --> Berkeley Alpha USB --> Jeff Rowland Aeris --> Jeff Rowland 625 S2 --> Focal Utopia 3 Diablos with 2 x Focal Electra SW 1000 BE subs

 

i7-6700K/Windows 10  --> EVGA Nu Audio Card --> Focal CMS50's 

Link to comment

OfVThWo.png

 

Stable Channel Update for Desktop

https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html

Quote

The Chrome team is delighted to announce the promotion of Chrome 64 to the stable channel for Windows, Mac and Linux.

 

Direct download links

https://www.wilderssecurity.com/threads/chrome-stable-channel-update.355822/page-57#post-2734031

 

Actions required to mitigate Speculative Side-Channel Attack techniques

https://www.chromium.org/Home/chromium-security/ssca

Quote

Chrome's JavaScript engine, V8, will include mitigations starting with Chrome 64, which will be released on or around January 23rd 2018. Future Chrome releases will include additional mitigations and hardening measures which will further reduce the impact of this class of attack. Additionally, the SharedArrayBuffer feature is being disabled by default. The mitigations may incur a performance penalty.

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...