Announcement
Collapse
No announcement yet.

Serious Intel x86 security flaw: Will impact Windows, Linux and iOS

Collapse
X
  • Time
  • Show
Clear All
new posts

  • Serious Intel x86 security flaw: Will impact Windows, Linux and iOS

    If you own or use a modern Intel CPU, you will be impacted by this bug. The linked article below describes what is publicly known about the flaw. The actual details have been closely held by the tech industry for a couple of months, to allow time for development of fixes.

    This is not your run-of-the-mill bug where a few bytes of code need to be patched. The resulting fixes will cause a major performance penalty for all Intel-powered devices. In terms of impact, this is probably the most serious microcode flaw in Intel's history.

    Brief explanation of the problem, for those interested:

    All modern operating systems have a "kernel." This is the center of the computer's operating system software, where code and memory run with the highest privileges, allowing the CPU to access all of the computer's hardware and software needed to carry out software instructions. For important reasons, access to the kernel software and it's in-use memory is tightly protected by security checks, to prevent other software from seeing critical, secure info.

    Separately, a feature of modern CPUs is something called speculative execution. The CPU makes informed guesses about which code will be run next. The CPU fetches the speculated code, and executes it, instead of waiting for a previous process to finish. More often than not, the CPU speculation is correct and the predictive processing makes everything run faster.

    Apparently, Intel skipped an important step in their speculative code: The speculative code isn't prevented from accessing the kernel and the kernel's in-use memory, meaning it's possible, in theory, to write software that can examine what the kernel is doing. This could expose info such as passwords, encryption results, and critical data.

    Here's the big rub: The only practical fix is updating operating system kernel software to include security checks that would normally be handled by the CPU's code. The kernel enforced security will be MUCH slower than if it were done on the CPU's embedded code. I'm seeing comments and some testing results that say Intel CPUs are going to take a 5 to 30% performance hit, depending on the software being run.

    Everything running on Intel CPU powered devices, including PCs, Macs, servers, phones, tablets, etc., need this software fix. We're talking about all of the cloud infrastructure providers (Amazon, Google, Microsoft, et. al.). Everyone running Windows on an Intel powered PC. Everyone running an iOS powered Mac with an Intel CPU.

    I'm in the web hosting business: My own hosting operations depend entirely on Intel Xeon powered machines running Xen virtualization software. All will need patching and rebooting. All of my customers web sites will take an as-yet-unknown performance hit.

    This is a globalized kick in the computing gonads.

    https://www.theregister.co.uk/2018/0...u_design_flaw/

    Current global warming temperature trend: 0.05ºC per decade, plus or minus 0.1ºC (source: UN IPCC AR5) ...Yes, the error rate is higher than the estimated rate of change.

    "Anthropogenic global warming is a proposed theory whose basic mechanism is well understood, but whose magnitude is highly uncertain. The growing evidence that climate models are too sensitive to CO2 has implications for the attribution of late-20th-century warming and projections of 21st-century climate. If the recent warming hiatus is caused by natural variability, then this raises the question as to what extent the warming between 1975 and 2000 can also be explained by natural climate variability." --Dr. Judith Curry, chair of the School of Earth and Atmospheric Sciences at the Georgia Institute of Technology

  • #2
    It seems like whatever we go with insofar as computers, they're always vulnerable.

    I smell a HUGE class action lawsuit over this one...
    **********

    "Look at it this way: think of how stupid the average person is, and then realize half of 'em are stupider than that."
    - George Carlin

    "It shouldn't be expected that people are necessarily doing what they appear to be doing on records."
    - Sir George Martin, All You Need Is Ears

    "The music business will be revitalized by musicians, not the labels or Live Nation. When the musicians decide to put music first, instead of money, the public will flock to the fruits and the scene will be healthy again."
    - Bob Lefsetz, The Lefsetz Letter

    Comment


    • bildo
      bildo commented
      Editing a comment
      Yep.

  • #3
    I’ve always been an AMD guy.

    Comment


    • #4
      Originally posted by guido61 View Post
      I’ve always been an AMD guy.
      Me, too.

      Unfortunately, in the data center space, there haven't been a lot of non-Intel options, particularly for small providers like me. The Ryzen series will change that over time, and after this debacle, it will change even faster, but Intel's relative monopoly in that space is now coming with a "past due" invoice.

      Current global warming temperature trend: 0.05ºC per decade, plus or minus 0.1ºC (source: UN IPCC AR5) ...Yes, the error rate is higher than the estimated rate of change.

      "Anthropogenic global warming is a proposed theory whose basic mechanism is well understood, but whose magnitude is highly uncertain. The growing evidence that climate models are too sensitive to CO2 has implications for the attribution of late-20th-century warming and projections of 21st-century climate. If the recent warming hiatus is caused by natural variability, then this raises the question as to what extent the warming between 1975 and 2000 can also be explained by natural climate variability." --Dr. Judith Curry, chair of the School of Earth and Atmospheric Sciences at the Georgia Institute of Technology

      Comment


      • #5
        Originally posted by Phil O'Keefe View Post
        It seems like whatever we go with insofar as computers, they're always vulnerable.

        I smell a HUGE class action lawsuit over this one...
        Honestly, I don't know how that would play out. I certainly wouldn't hold Intel stock until the dust settles.

        Current global warming temperature trend: 0.05ºC per decade, plus or minus 0.1ºC (source: UN IPCC AR5) ...Yes, the error rate is higher than the estimated rate of change.

        "Anthropogenic global warming is a proposed theory whose basic mechanism is well understood, but whose magnitude is highly uncertain. The growing evidence that climate models are too sensitive to CO2 has implications for the attribution of late-20th-century warming and projections of 21st-century climate. If the recent warming hiatus is caused by natural variability, then this raises the question as to what extent the warming between 1975 and 2000 can also be explained by natural climate variability." --Dr. Judith Curry, chair of the School of Earth and Atmospheric Sciences at the Georgia Institute of Technology

        Comment


        • #6
          Ouch......
          "The historical experience of socialist countries has sadly demonstrated that collectivism does not do away with alienation but rather increases it, adding to it a lack of basic necessities and economic inefficiency." ------------------ Pope John Paul II

          Comment


          • #7
            Intel is saying the media is fake news

            "In a statement on its website, Intel says that it planned to disclose the vulnerability next week when additional software patches were available, but was forced to make a statement today due to "inaccurate media reports."

            According to Intel, the issue is not limited to Intel chips and the exploits in question do not have the potential to corrupt, modify, or delete data. Despite Intel's statement, Intel chips are more heavily impacted, and it's worth noting that Intel makes no mention of reading kernel level data."

            For Mac users, Apple has already addressed the design flaw in macOS 10.13.2, which was released to the public on December 6.https://www.macrumors.com
            Last edited by ohmygod; 01-03-2018, 03:53 PM.
            I'm not a rookie

            Comment


            • #8
              Originally posted by rbstern View Post
              If you own or use a modern Intel CPU, you will be impacted by this bug. The linked article below describes what is publicly known about the flaw. The actual details have been closely held by the tech industry for a couple of months, to allow time for development of fixes.

              This is not your run-of-the-mill bug where a few bytes of code need to be patched. The resulting fixes will cause a major performance penalty for all Intel-powered devices. In terms of impact, this is probably the most serious microcode flaw in Intel's history.

              Brief explanation of the problem, for those interested:

              All modern operating systems have a "kernel." This is the center of the computer's operating system software, where code and memory run with the highest privileges, allowing the CPU to access all of the computer's hardware and software needed to carry out software instructions. For important reasons, access to the kernel software and it's in-use memory is tightly protected by security checks, to prevent other software from seeing critical, secure info.

              Separately, a feature of modern CPUs is something called speculative execution. The CPU makes informed guesses about which code will be run next. The CPU fetches the speculated code, and executes it, instead of waiting for a previous process to finish. More often than not, the CPU speculation is correct and the predictive processing makes everything run faster.

              Apparently, Intel skipped an important step in their speculative code: The speculative code isn't prevented from accessing the kernel and the kernel's in-use memory, meaning it's possible, in theory, to write software that can examine what the kernel is doing. This could expose info such as passwords, encryption results, and critical data.

              Here's the big rub: The only practical fix is updating operating system kernel software to include security checks that would normally be handled by the CPU's code. The kernel enforced security will be MUCH slower than if it were done on the CPU's embedded code. I'm seeing comments and some testing results that say Intel CPUs are going to take a 5 to 30% performance hit, depending on the software being run.

              Everything running on Intel CPU powered devices, including PCs, Macs, servers, phones, tablets, etc., need this software fix. We're talking about all of the cloud infrastructure providers (Amazon, Google, Microsoft, et. al.). Everyone running Windows on an Intel powered PC. Everyone running an iOS powered Mac with an Intel CPU.

              I'm in the web hosting business: My own hosting operations depend entirely on Intel Xeon powered machines running Xen virtualization software. All will need patching and rebooting. All of my customers web sites will take an as-yet-unknown performance hit.

              This is a globalized kick in the computing gonads.

              https://www.theregister.co.uk/2018/0...u_design_flaw/
              It's certainly going to be a very serious problem, and I heard that AMD CPUs aren't affected. Is this true?

              BTW, I think when you said 'iOS powered Mac' did you mean that? AFAIK, iOS only runs on ARM CPUs on devices such as iPads and iPhones. I know that somewhere in the article 64 bit ARM linux patches are mentioned.

              Probably time for me to go back to my old Sparcstation 10.
              Strangers on this road we are on,
              and we are not two, we are one.

              Comment


              • #9
                Originally posted by Gromit View Post
                It's certainly going to be a very serious problem, and I heard that AMD CPUs aren't affected. Is this true?
                I read several articles claiming that, and at least one quote from an AMD engineer stating the same.

                BTW, I think when you said 'iOS powered Mac' did you mean that? AFAIK, iOS only runs on ARM CPUs on devices such as iPads and iPhones. I know that somewhere in the article 64 bit ARM linux patches are mentioned.
                I may be wrong. I don't know Mac products well enough to say definitively. If it's running atop an Intel CPU, the flaw is there.

                Probably time for me to go back to my old Sparcstation 10.
                Indeed. Some of those older workstations were robust.


                Current global warming temperature trend: 0.05ºC per decade, plus or minus 0.1ºC (source: UN IPCC AR5) ...Yes, the error rate is higher than the estimated rate of change.

                "Anthropogenic global warming is a proposed theory whose basic mechanism is well understood, but whose magnitude is highly uncertain. The growing evidence that climate models are too sensitive to CO2 has implications for the attribution of late-20th-century warming and projections of 21st-century climate. If the recent warming hiatus is caused by natural variability, then this raises the question as to what extent the warming between 1975 and 2000 can also be explained by natural climate variability." --Dr. Judith Curry, chair of the School of Earth and Atmospheric Sciences at the Georgia Institute of Technology

                Comment


                • #10
                  Originally posted by ohmygod View Post
                  Intel is saying the media is fake news

                  "In a statement on its website, Intel says that it planned to disclose the vulnerability next week when additional software patches were available, but was forced to make a statement today due to "inaccurate media reports."

                  According to Intel, the issue is not limited to Intel chips and the exploits in question do not have the potential to corrupt, modify, or delete data. Despite Intel's statement, Intel chips are more heavily impacted, and it's worth noting that Intel makes no mention of reading kernel level data."

                  For Mac users, Apple has already addressed the design flaw in macOS 10.13.2, which was released to the public on December 6.https://www.macrumors.com
                  Sounds like corporate double-speak. None of the articles I have read describe corruption, modification or deletion of data. They all stated, rather clearly, the issue was access of sensitive data, i.e., read access.


                  Current global warming temperature trend: 0.05ºC per decade, plus or minus 0.1ºC (source: UN IPCC AR5) ...Yes, the error rate is higher than the estimated rate of change.

                  "Anthropogenic global warming is a proposed theory whose basic mechanism is well understood, but whose magnitude is highly uncertain. The growing evidence that climate models are too sensitive to CO2 has implications for the attribution of late-20th-century warming and projections of 21st-century climate. If the recent warming hiatus is caused by natural variability, then this raises the question as to what extent the warming between 1975 and 2000 can also be explained by natural climate variability." --Dr. Judith Curry, chair of the School of Earth and Atmospheric Sciences at the Georgia Institute of Technology

                  Comment


                  • #11
                    Originally posted by rbstern View Post
                    If you own or use a modern Intel CPU, you will be impacted by this bug.
                    Only if you are online obviously. If your DAW is offline like mine is you are unaffected unless you download those patches.

                    Comment


                    • #12
                      Originally posted by guido61 View Post
                      I’ve always been an AMD guy.
                      Same here, but if your using Win 10/8 and you are online you already received the first patch in November. This goes for OSX users as well. AMD actually begged MS to differentiate to be left out of the update patch, but no dice as one size-fits-for all.
                      Last edited by Alndln3; 01-03-2018, 06:40 PM.

                      Comment


                      • #13
                        That's it. I'm going back to 12AX7's and 6L6GC's.
                        ..................................................
                        Amerussia Uber Alles!

                        Ein Volk, Ein Reich, Ein Glaube!

                        Comment


                        • #14
                          Originally posted by thankyou View Post
                          That's it. I'm going back to 12AX7's and 6L6GC's.
                          Or cassette based Porta Studio's.

                          Comment


                          • #15
                            seems to `widening' a bit...

                            That Intel chip problem? It's now a far worse security issue hitting AMD and ARM too

                            https://www.bizjournals.com/sanjose/...hoo&yptr=yahoo

                            Google discovers 'serious' flaws in Intel and other chips

                            https://finance.yahoo.com/m/3e769c07...discovers.html

                            hopefully this won't slow the implementation of skynet - "hey, we're not `spying on you', we're merely `monitoring the situation' for your own safety" ...

                            Last edited by wallywanker; 01-03-2018, 10:13 PM.
                            __________________________________________________ ______________________________
                            new sig currently under construction

                            Comment

                            Working...
                            X