Major Intel Memory Vulnerability

Stephen Partington cryptworks at gmail.com
Fri Jan 5 09:41:08 MST 2018


It is certainly a deciding factor in my desire to move to AMD on my CPU
rollout.

On Fri, Jan 5, 2018 at 9:39 AM, <techlists at phpcoderusa.com> wrote:

>
> I think they have a moral obligation to destroy all effected chips that
> are in the pipeline.  Dell and others need to stop sales and not continue
> selling until the CPU is fixed.
>
> This is much bigger than we know.  Almost every computer is effected.  The
> intermittent fix is software.  What keeps some smart and devious person
> from creating an app that replaced the patch with their own and then they
> can drain your bank account... crash your automated or self driving car....
> Yikes.
>
> The real solution is a new generation of chips that are not exploitable.
> That means replacing every computer and device that is effected.
>
> This should be a wake up call to all of us.  We are way too dependent on
> computers.
>
> There will be major fireworks over this.  I can see a lot of companies
> getting sued.  And the only ones that win are the lawyers.
>
> This is going to be with us for years.
>
> I have 7 computers that can be or already are connected to the internet.
> A lot of it is old technology, however it's value is in testing.  I am a
> software developer.  As long as I keep them on a private net I am ok....
> Otherwise I will need to replace at least 2.
>
> This is a potential nightmare.... Patching hardware with software is a
> weak plan.  All that need to happen is some wise person to figure out how
> to replace the patch with their own.  Say good by to our economy if that
> happens.
>
> What a mess!!
>
>
>
>
>
>
> On 2018-01-03 18:12, Matthew Crews wrote:
>
> I would be more concerned IF the next gen CPU has this fixed. All's I know
> is that if Intel wants to fix the very next gen, they will need to scrap a
> lot of silicon that has already been finished.
>
>
> Sent from ProtonMail <https://protonmail.com>, Swiss-based encrypted
> email.
>
>
>
>
>
> -------- Original Message --------
> On Jan 3, 2018, 15:35, Nathan O'Brennan wrote:
>
>
> I'm more curious to know which versions of Intel's upcoming chips have
> been fixed already. I would like to upgrade my current workstation in the
> next year and will stick with Intel despite any performance impact over AMD.
>
>
>
> On 2018-01-03 00:43, Aaron Jones wrote:
>
>
> I read the performance hit for Intel chips will be %35 or so after the
> fix.
>
> On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
>
> so, does this mean that the UEFI might get patched first? OR, does the OS
> ecology have to do so first? Lastly, how much of a performance hit will
> this represent?
>
> -eric
> from the central offices of the Technomage Guild, the "oh look! yet
> another bug!" Dept.
>
> On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote:
>
>
> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>
> In a nutshell, it is a major security flaw in Intel hardware dating back a
> decade that is requiring a complete kernel rewrite for every major OS
> (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out
> with a CPU microcode update. Major enough that code comments are redacted
> in the patches until an embargo period is expired. Also the reported fix
> will have a huge performance impact.
>
> Also crucial to note is that AMD chips are not affected by this.
>
> How the heck does something like this go unnoticed for so long?
>
>
>
>
> Sent from ProtonMail <https://protonmail.com/>, Swiss-based encrypted
> email.
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180105/2d9df571/attachment.html>


More information about the PLUG-discuss mailing list