Major Intel Memory Vulnerability

sesso at djsesso.com sesso at djsesso.com
Fri Jan 5 11:45:36 MST 2018


Spectre also affected AMD. Nobody is safe. 

Regards,

Jason
________________________________
From: Stephen Partington <cryptworks at gmail.com>
Sent: Friday, January 5, 2018 11:40 AM
To: Main PLUG discussion list
Subject: Re: Major Intel Memory Vulnerability

​I still do not want my car to be the massively online thing that car makers seem to think is the bes thing ever. cause they have no clue what security is.​

Leave my car dumb, gime a bluetooth interface to my phone and leave me be...


And get off my lawn :-P

On Fri, Jan 5, 2018 at 10:47 AM, der.hans <PLUGd at lufthans.com> wrote:
>
> Am 05. Jan, 2018 schwätzte Stephen Partington so:
>
>> It is certainly a deciding factor in my desire to move to AMD on my CPU
>> rollout.
>
>
> Trying to imagine a car salesperson knowing which CPUs are in a particular
> model and utterfly failing.
>
> Luckily IoT generally has so many holes that we don't need to worry about
> meltdown and spectre for them...
>
> ciao,
>
> der.hans
>
>> On Fri, Jan 5, 2018 at 9:39 AM, <techlists at phpcoderusa.com> wrote:
>>
>>>
>>> I think they have a moral obligation to destroy all effected chips that
>>> are in the pipeline.  Dell and others need to stop sales and not continue
>>> selling until the CPU is fixed.
>>>
>>> This is much bigger than we know.  Almost every computer is effected.  The
>>> intermittent fix is software.  What keeps some smart and devious person
>>> from creating an app that replaced the patch with their own and then they
>>> can drain your bank account... crash your automated or self driving car....
>>> Yikes.
>>>
>>> The real solution is a new generation of chips that are not exploitable.
>>> That means replacing every computer and device that is effected.
>>>
>>> This should be a wake up call to all of us.  We are way too dependent on
>>> computers.
>>>
>>> There will be major fireworks over this.  I can see a lot of companies
>>> getting sued.  And the only ones that win are the lawyers.
>>>
>>> This is going to be with us for years.
>>>
>>> I have 7 computers that can be or already are connected to the internet.
>>> A lot of it is old technology, however it's value is in testing.  I am a
>>> software developer.  As long as I keep them on a private net I am ok....
>>> Otherwise I will need to replace at least 2.
>>>
>>> This is a potential nightmare.... Patching hardware with software is a
>>> weak plan.  All that need to happen is some wise person to figure out how
>>> to replace the patch with their own.  Say good by to our economy if that
>>> happens.
>>>
>>> What a mess!!
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 2018-01-03 18:12, Matthew Crews wrote:
>>>
>>> I would be more concerned IF the next gen CPU has this fixed. All's I know
>>> is that if Intel wants to fix the very next gen, they will need to scrap a
>>> lot of silicon that has already been finished.
>>>
>>>
>>> Sent from ProtonMail <https://protonmail.com>, Swiss-based encrypted
>>>
>>> email.
>>>
>>>
>>>
>>>
>>>
>>> -------- Original Message --------
>>> On Jan 3, 2018, 15:35, Nathan O'Brennan wrote:
>>>
>>>
>>> I'm more curious to know which versions of Intel's upcoming chips have
>>> been fixed already. I would like to upgrade my current workstation in the
>>> next year and will stick with Intel despite any performance impact over AMD.
>>>
>>>
>>>
>>> On 2018-01-03 00:43, Aaron Jones wrote:
>>>
>>>
>>> I read the performance hit for Intel chips will be %35 or so after the
>>> fix.
>>>
>>> On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
>>>
>>> so, does this mean that the UEFI might get patched first? OR, does the OS
>>> ecology have to do so first? Lastly, how much of a performance hit will
>>> this represent?
>>>
>>> -eric
>>> from the central offices of the Technomage Guild, the "oh look! yet
>>> another bug!" Dept.
>>>
>>> On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote:
>>>
>>>
>>> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>>>
>>> In a nutshell, it is a major security flaw in Intel hardware dating back a
>>> decade that is requiring a complete kernel rewrite for every major OS
>>> (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out
>>> with a CPU microcode update. Major enough that code comments are redacted
>>> in the patches until an embargo period is expired. Also the reported fix
>>> will have a huge performance impact.
>>>
>>> Also crucial to note is that AMD chips are not affected by this.
>>>
>>> How the heck does something like this go unnoticed for so long?
>>>
>>>
>>>
>>>
>>> Sent from ProtonMail <https://protonmail.com/>, Swiss-based encrypted
>>> email.
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>>
>>
>
> -- 
>https://www.LuftHans.com   https://www.PhxLinux.org
> #  The Internet is the front line of the battle
> #  to protect our freedom. -- Nathaniel Borenstein
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss




-- 
A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.

Stephen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180105/2842fd90/attachment.html>


More information about the PLUG-discuss mailing list