Announcement

Collapse
No announcement yet.

Researchers Discover Intel CPU Ring Interconnects Vulnerable To Side Channel Attack

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • RussianNeuroMancer
    replied
    Originally posted by sandy8925 View Post

    And way better driver support than AMD. AMD failed to provide the most basic support for even their CPUs (temperature, voltage, current monitoring, RDRAND bug). Their GPU drivers are constantly breaking in some way or the other.

    I'd rather have a working, dependable system than having to constantly go fix problems myself for free, because AMD can't be fuck bothered.

    Intel finishes their support well ahead of time, and only some exceptions such as the Iris Xe Max are bad. Otherwise everything just works, and I can focus on getting things done, instead of constantly having to deal with critical components not working properly due to crap software support from the hardware vendor.
    1. Got my hands on Dell Optiplex 3010 a couple of weeks ago - Intel's iGPU can't even display a single frame on Dell UP3017 (2560x1600) unless I boot kernel with nomodeset. Last time I seen something like this with Rockchip RK3399-base boards, but now even ARM GPUs looks more stable than Intel GPU drivers.
    2. On Lenovo IdeaPad Duet 3 picture on the integrated screen turn upside down (literally) from time to time when iGPU enter RC6; also Intel broke brightness adjustment on this device since Linux 5.11 (it always stay 100% so battery drain is very high, which is why I had to rollback to 5.10). And they also broke brightness adjustment on Lenovo Miix2 8 since Linux 5.10 (it worked just fine even in 5.10rc6; I don't have time to run bisect yet, and won't have it for at least a few months).
    3. There is no working drivers for Intel XMM modems, all generations of Intel Atom ISP, Intel IPU3, which means no working LTE and cameras for many Linux users.
    4. Some functions could be broken in existing drivers, for example power readings (via powertop) on HP Elite x3 1013 G3 is useless - powertop report something like 0.2 Watt power consumption and 197 remaining hours, which is obviously useless.
    5. Issue that was known since October of 2017 could remain unfixed for years. - they just ask for logs from drm-tip for years, again, again and again.You know, year or two is understandable, but it's seems like this one is never going to be fixed. HP EliteBook Folio G1 will be obsolete in a couple of years (or maybe a little bit later) so when time for upgrade will come it will be replaced with Qualcomm or AMD-based laptop. Or it could be MediaTek-based Chromebook or Apple M1-based MacBook Air, who knows. The point is - it will be anything else besides Intel. "Fool me once" is enough for some people to make conclusions.

    And this list could go on. Your sentence "Otherwise everything just works, and I can focus on getting things done, instead of constantly having to deal with critical components not working properly due to crap software support from the hardware vendor." is false.
    Last edited by RussianNeuroMancer; 13 March 2021, 03:32 PM.

    Leave a comment:


  • sandy8925
    replied
    Originally posted by Sonadow View Post
    Not that I care.

    Do Intel hardware enjoy greater availability than AMD hardware right now? Yes? Decision made.

    All these 'vulnerabilities' are nothing more than academic hot air. Spectre and Meltdown caused a big hooha, and yet even today there are boatloads of people and organizations disabling Spectre and Meltdown mitigations and hardly being worse off in any way.
    And way better driver support than AMD. AMD failed to provide the most basic support for even their CPUs (temperature, voltage, current monitoring, RDRAND bug). Their GPU drivers are constantly breaking in some way or the other.

    I'd rather have a working, dependable system than having to constantly go fix problems myself for free, because AMD can't be fuck bothered.

    Intel finishes their support well ahead of time, and only some exceptions such as the Iris Xe Max are bad. Otherwise everything just works, and I can focus on getting things done, instead of constantly having to deal with critical components not working properly due to crap software support from the hardware vendor.

    Leave a comment:


  • JustRob
    replied
    Originally posted by CTTY View Post
    What are the solutions and how fast are they compared to the insecure stuff?
    In a word: "Expensive".

    Research: TLS Fingerprinting, Encrypted Traffic Analysis, Intent Based Networking, etc.
    Read various Blogs, example: https://www.csoonline.com/article/33...-activity.html

    Leave a comment:


  • Teggs
    replied
    Originally posted by phoronix
    Intel supported the researchers in their mission while the company found their findings to just be another side channel.
    It amuses me how this highlights the current security situation. 'Oh, it's no big deal, just another side channel.' And how many side channel attacks does that make now? 20? 50?

    One knock against the recent change in leadership at Intel is that the new-old bigwigs are some of the same muppets who screwed all this up to begin with. Their investors had better hope that old dogs can in fact learn new tricks.

    Leave a comment:


  • CTTY
    replied
    This is not exploitable via JavaScript in the browser, is it?

    Leave a comment:


  • CTTY
    replied
    Originally posted by stormcrow View Post
    There are better solutions. Do your research.
    What are the solutions and how fast are they compared to the insecure stuff? Are there any laptops out there?

    Leave a comment:


  • stormcrow
    replied
    Originally posted by Sonadow View Post
    Not that I care.

    Do Intel hardware enjoy greater availability than AMD hardware right now? Yes? Decision made.

    All these 'vulnerabilities' are nothing more than academic hot air. Spectre and Meltdown caused a big hooha, and yet even today there are boatloads of people and organizations disabling Spectre and Meltdown mitigations and hardly being worse off in any way.
    Missed the part about Spectre exploits now being in the wild did you? It was only a matter of time. Thing about Spectre is you probably will never know if you have been hit with them till the keys to the castle get leaked on some hacker's clearing house and by then it's too late.

    If you're that concerned about performance, what are you doing on a 5-10 year old Intel computer anyway? There are better solutions. Do your research.

    Leave a comment:


  • kingu
    replied
    There is insecurity at the time of reporting as to whether this vulnerability does in fact have a logo.

    Leave a comment:


  • milkylainen
    replied
    Originally posted by ms178 View Post

    As security matters for some customers, it makes me wonder why hardware design hasn't been a priority for companies and researches alike up until Spectre/Meltdown hit the surface. Maybe it was simply thought as beeing too hard to exploit?
    Yeah.
    You'd have various hardware issues, but few ever made it to "manure spreading" security problems.
    These side channels definitely opened up a whole new can of ****.

    Leave a comment:


  • angrypie
    replied
    Originally posted by ms178 View Post

    As security matters for some customers, it makes me wonder why hardware design hasn't been a priority for companies and researches alike up until Spectre/Meltdown hit the surface. Maybe it was simply thought as beeing too hard to exploit?
    x86 is a joke ISA that Intel tricked IBM into buying. "Security" was hardly ever a concern until shit started hitting the fan, and even then it's security theater like Secure Boot.

    Leave a comment:

Working...
X