Security issues in CPUs

ENAY · January 10, 2018, 02:14:24

> This kinda reminds me of the whole Y2K issue. While companies were
> making millions off it I was just advising clients that the impact would
> be minimal, don't panic. I know, I should of be more ruthless and milked the situation.

I remember on year 2000 BBC, this idiotic woman was showing the Y2K by showing up close to the camera a wrist watch (that was clearly a freebie from a packet of Rice Crispies) showing the date, to be showing 1950, 1, 1 instead of 2000.

Then a guy on the show explained that the problem was fixed or solved nearly 10 years earlier since most manufacturers and holiday booking sites etc. Had to had advanced booking and expiry dates that were already showing at 2000 or higher. At worst systems had 19 permanentely burned into their screens with the 99 just rolling over to 0. Quite literally a non event.

I really hate the media sometimes.

Fast forward to 2013 (or so) where the PS3 really did have an issue with leap years and went crazy with various systems. Now that was a genuine Y2K type of issue that affected a lot of people. Where was the media coverage then?

Sorry to go off topic there.

Goodlookinguy · January 12, 2018, 02:18:19

So it looks like I unintentionally lied a little. I thought an image that had been floating around was from Intel, but it was from AMD directly. There has also been a change in wording from AMD that now invalidates what they stated previously. So without further to do: Variant 1 (Spectre) was patched by OS manufacturers and it affects AMD. Variant 2 (also Spectre) does affect AMD, but not realistically. Variant 3 (Meltdown) doesn't affect AMD.

https://www.amd.com/en/corporate/speculative-execution

Meh, no biggie. They plan on some microcode patches, similar to what Intel pushed out recently that had an impact of <10% from the looks of most tests. So I assume similarly low impact changes.

Also, the Virus Notes Database has some recommendations...
https://www.kb.cert.org/vuls/id/584653

QuoteWhile we recognize that replacing existing CPUs in already deployed systems is not practical, organizations acquiring new systems should evaluate their CPU selection in light of the expected longevity of this vulnerability in available hardware as well as the performance impacts resulting from the various platform-specific software patches.

Basically, what they are saying is that the only true fix for this problem is getting a new system without vulnerable hardware. Hmmmmmm...I think I'll accept any performance hits. Plus, no hardware is fixed, so that's a no-go.

I'm waiting for, maybe a well executed version of this (http://www.ns.umich.edu/new/releases/25336-unhackable-computer-under-development-with-3-6m-darpa-grant), to feel any sense of security on a modern computer. Then again, backdoors and the like will always ruin things like this.

Qube · January 12, 2018, 02:23:23

QuoteSo it looks like I unintentionally lied a little.

Told ya AMD was not immune, didn't I?, didn't I?

Goodlookinguy · January 12, 2018, 02:33:39

Quote from: Qube on January 12, 2018, 02:23:23
QuoteSo it looks like I unintentionally lied a little.
Told ya AMD was not immune, didn't I?, didn't I?

Hey, now they said they weren't affected like the day after it came out. Then it became, "well, we're affected by variant 1 only." Now it's, "we're sort-of affected by variant 2, but to execute it would be unbelievably difficult." AMD needs to hold off on press releases until they're sure.

Goodlookinguy · January 12, 2018, 21:26:29

So apparently, based on which chipset you have, after the Intel patches, have a chance of causing system reboots. I'd stay clear of patching your system until all of the live testers are done screwing up their machines before patching anything.

It's been 75F (23.8C) for days now. What kind of winter is this?

Qube · January 12, 2018, 21:56:29

Quote from: Goodlookinguy on January 12, 2018, 21:26:29
So apparently, based on which chipset you have, after the Intel patches, have a chance of causing system reboots. I'd stay clear of patching your system until all of the live testers are done screwing up their machines before patching anything.

It's been 75F (23.8C) for days now. What kind of winter is this?

I updated my iMac a couple of days ago and ( touch wood ) not had any issues or noticed any slow downs...yet.

Rick Nasher · January 12, 2018, 22:42:02

If my system slows down even more I'm going to scream and sue intel! (right.. like I can afford to. sigh)

Goodlookinguy · January 13, 2018, 00:21:17

Quote from: Rick Nasher on January 12, 2018, 22:42:02
If my system slows down even more I'm going to scream and sue intel! (right.. like I can afford to. sigh)

There's already a class action lawsuit in action. Actually, I think it's like 3. So eventually I'm sure there will be ads or commercials on TV about, "Do you have a system with an Intel CPU? Many people do. After recent findings, people's computers were shown to be at risk and have been slowed down. Are you a victim of a purposefully slowed computer? Call now!" Mmmmm.

To be honest, I don't know if a class action lawsuit would actually succeed. Intel didn't know about the problem until June of '17. So it's a bit hard to prove wrongdoing. The only thing that can be proved right now is that the current Intel CEO did insider trading and his ass needs to be jailed.