Originally posted by darkbasic
View Post
Announcement
Collapse
No announcement yet.
Intel CPUs Reportedly Vulnerable To New "SPOILER" Speculative Attack
Collapse
X
-
Is it just me or does it almost seem like Intel was doing things on the cheap? Instead of paying for the expensive R&D to shrink the die, they focused on cheap, exploitable workarounds and now are being found out. By the time all of the exploits are discovered and plugged, Intel chips may not be any faster than AMD is now at the same die size.
- Likes 6
Comment
-
Originally posted by Vistaus View PostAm I the only who doesn't notice any slowdowns with the mitigations enabled?
Originally posted by Prescience500 View PostIs it just me or does it almost seem like Intel was doing things on the cheap? Instead of paying for the expensive R&D to shrink the die, they focused on cheap, exploitable workarounds and now are being found out. By the time all of the exploits are discovered and plugged, Intel chips may not be any faster than AMD is now at the same die size.
- Likes 2
Comment
-
Originally posted by xiando View Post
You do have a valid point though it is somewhat flawed. Today you can make an informed decision whether to buy a Intel or AMD CPU based on the number of known security issues with Intel but that wasn't the case before these issues became known. It's like buying an electric car thinking it's fine for your needs but when winter comes you discover that it won't start in sub-zero temperatures. It's unlikely that you'd have bought it if you knew beforehand. Those willing to pay extra for security would probably have gone another route if they knew. It's not like Intel didn't sit on the Meltdown issue for half a year pretending all was well while they off-loaded their defective-by-design CPUs onto unsuspecting customers.
I guess the FSB's right, the good old typewriter is the real security choice.
Where I tend to disagree is for those who were paying attention, it was already known that shared resource computing was more than a theoretical risk. For the past several years there's been research into timing side channel attacks revealing various weaknesses in Intel's HyperThreading implementation that result in information leakage. How about the IME (and probably AMD PSP) vulnerabilities and exploits? There's the baseband module attacks that are actively under exploit. TPM also has it's own weaknesses that can be exploited
There's a lot of hype around speculative execution flaws, but to say that people would have chose otherwise if they knew (when it's clear "they" are still purchasing Intel hardware even now with disclosure of Spectre, Meltdown, LTSB, IME exploits, etc already exposed) is a bit naive. Security doesn't sell to the general public, and it pretty much doesn't sell to corporations when the price of security is more than the cost of liability. Those that "would have spent more on security" already did. They're using mainframes and other more secure platforms.
The only way to fix the problem in the general computing sector for the rest of us is to make the price of liability of breach significantly higher than the cost of a (more) secure infrastructure. That will require government intervention.
- Likes 1
Comment
-
Originally posted by stormcrow View Post
To be reluctantly fair, most users don't want to pay for safety/security so it's not entirely Intel's fault. It's as much the fault of their customers as Intel's (including myself on some ocassions). Intel has largely delivered what their customers wanted. Cheap computing with a very strong backwards compatibility ethic. Only now we're getting the "past due" notice on the technical debt that was already in the mail over 20 years ago.
Adding after a moment thought: I wonder if or how much Itanium is vulnerable to speculative architecture attacks. I know POWER and ARM both have such vulnerabilities in their implementation.
- Likes 2
Comment
-
Originally posted by Spooktra View PostI have no doubt that the "mitigations" effects performance, what I don't believe is that without them any harm in a real world setting can actually take place and I defy anyone to show me an example where any of these "exploits" caused any real world harm.
- Likes 7
Comment
Comment