Intel Kernel Bug

Sal1950 · Jan 22, 2018

amirm said:
I trust the company (Gibson Research). They have been around forever.

But yes, there is some risk and I was worried about installing the software.

Related, there are people who are distributing malware claiming to be a patch for these bugs. So be very careful.

I do worry also about what could be called "knee jerk" reactions to these type of things. IE rushing out patches that haven't been vetted completed.
I'm still unsure how big a security risk this poses to Joe Keyboard, and who might be looking to take advantage of any holes from this demographic?
Huge risks or mainly hypothetical?

Deleted member 65 · Jan 22, 2018

Sal1950 said:
I do worry also about what could be called "knee jerk" reactions to these type of things. IE rushing out patches that haven't been vetted completed.
I'm still unsure how big a security risk this poses to Joe Keyboard, and who might be looking to take advantage of any holes from this demographic?
Huge risks or mainly hypothetical?

Any security hole will be used. Spectre & Meltdown attacks won't leave any trace on the affected PC only in the Bank account.

https://www.csoonline.com/article/3...ty-facts-figures-and-statistics-for-2017.html

" Cyber crime damage costs to hit $6 trillion annually by 2021. ...

This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.

Global ransomware damage costs are predicted to exceed $5 billion in 2017.

What does it all mean? In 2015, Ginni Rometty, IBM's chairman, president and CEO, said, "Cyber crime is the greatest threat to every company in the world."

And she was right. During the next five years, cyber crime might become the greatest threat to every person, place and thing in the world.

Billionaire businessman Warren Buffet takes it a step further and says that cyber attacks are the number one problem with mankind, even worse than nuclear weapons. "

Sal1950 · Jan 22, 2018

LarsS said:
Any security hole will be used.

Absolutely, but Joe Keyboard Windows users have always had big gaping security holes, the worst of which is the nut behind the keyboard.

But the question is how much of a public panic is justified? Now that it's become "common" knowledge it only makes sense to try and close the hole. But the hole has existed for a long time and I doubt it's percentage of contribution to the the staggering cybercrime numbers you post is very large.

amirm · Jan 22, 2018

Sal1950 said:
But the question is how much of a public panic is justified? Now that it's become "common" knowledge it only makes sense to try and close the hole. But the hole has existed for a long time and I doubt it's percentage of contribution to the the staggering cybercrime numbers you post is very large.

If a hole is out there but not known, then it doesn't do damage. Hackers routinely act on such discoveries to develop exploits because not everyone applies the patches.

RayDunzl · Jan 22, 2018

"Intel is now telling customers to forgo installing the Spectre and Meltdown patches due to lingering issues that it has confirmed with customers, and identified in its own testing. In addition, Intel says that it has identified the root cause for the reboots."

"We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior," said Navin Shenoy is Executive VP and GM for Intel's Data Center Group.

https://hothardware.com/news/intel-identifies-spectre-and-meltdown-patch-reboot-bug-root-cause

https://newsroom.intel.com/news/roo...-updated-guidance-for-customers-and-partners/

amirm · Jan 22, 2018

Intel is so incompetent sometimes....

RayDunzl · Jan 22, 2018

Who isn't?

Deleted member 65 · Jan 23, 2018

Linus Torvalds on Intel, Meltdown & Spectre: https://lkml.org/lkml/2018/1/21/192

" BULLSHIT. ...
The patches do things like add the garbage MSR writes to the kernel entry/exit points. That's insane. That says "we're trying to protect
the kernel". We already have retpoline there, with less overhead.

So somebody isn't telling the truth here. Somebody is pushing complete garbage for unclear reasons. Sorry for having to point that out. ...

As it is, the patches are COMPLETE AND UTTER GARBAGE.
They do literally insane things. They do things that do not make sense. ...

WHAT THE F*CK IS GOING ON?
And that's actually ignoring the much _worse_ issue, namely that the whole hardware interface is literally mis-designed by morons. ... "

svart-hvitt · Jan 23, 2018

Does he, somehow, mean that Intel’s chips are flawed, a risk to your IT security, and that attempts at resurrecting are illogical at best?

If so, why would anyone want chips from such a company?

Or is Torvalds just bigmouthed?

Soniclife · Jan 23, 2018

svart-hvitt said:
Or is Torvalds just bigmouthed?

He's not known for holding back, https://search.theregister.co.uk/?q...or=&date=the+dawn+of+time&results_per_page=20

Sal1950 · Jan 23, 2018

Linus does add a bit of flare to his prose.

Don Hills · Jan 23, 2018

Sal1950 said:
Linus does add a bit of flare to his prose.

I see what you did there.

Deleted member 65 · Jan 31, 2018

Windows disables part of the Meltdown/Spectre patches

Last night, Microsoft released KB 4078130, which is specifically designed to turn off the Intel-identified buggy code in the Meltdown/Spectre patches.
The patch is only available from the Update Catalog, and it’s the same patch for all versions of Windows.

It’s highly likely that when Intel gives the all-clear for Spectre variant 2, it’ll be part of yet another patch.

Moral of the story: Wait.

Sal1950 · Jan 31, 2018

LarsS said:
Windows disables part of the Meltdown/Spectre patches

Last night, Microsoft released KB 4078130, which is specifically designed to turn off the Intel-identified buggy code in the Meltdown/Spectre patches.
The patch is only available from the Update Catalog, and it’s the same patch for all versions of Windows.

It’s highly likely that when Intel gives the all-clear for Spectre variant 2, it’ll be part of yet another patch.

Moral of the story: Wait.

What a mess. The updates/patches over the last month have made my Win 10 installs booting and hard drive grinding activity during the first 5-10 minutes of startup intolerably slow. I dread having to boot into that partition to use it, I'm best to fire it up and go make a cup of coffee before trying to get any work done.
Alternatively my Linux desktop goes from grub selection to desktop and virtually silent drive activity in 25 seconds.

RayDunzl · Jan 31, 2018

Sal1950 said:
The updates/patches over the last month

You can delay them, no? I figure that gives others more time to complain so MSFT can get it more right, along with more bundling for fewer intrusions.

I haven't noticed any automatic reboots or other problems. Updates nag me a little bit until I give in and let them go.

The "reminders" I get seem to give me a "Not now..." option.

Maybe my experience is different since I rarely shut down, and don't give it a chance to do sneaky things.

(The above settings reflect the maximum, not necessarily what I use)

Sal1950 · Jan 31, 2018

RayDunzl said:
You can delay them, no? I figure that gives others more time to complain so MSFT can get it more right, along with more bundling for fewer intrusions.

Yes but the main reason for current slowness is not a result of yet another update downloading or installing.
More now some background processes running during the boot, log-in, and post desktop loading at each reboot?
Takes so long to get available cpu cycles to get any actual work done.

Wayne · Feb 2, 2018

Do we know what future Intel chips will not have the Meltdown/Spectre issues?

amirm · Feb 2, 2018

Wayne said:
Do we know what future Intel chips will not have the Meltdown/Spectre issues?

In the last financial call their CEO said it would be end of this year before new chips come out with this bug fixed.

Deleted member 65 · Feb 3, 2018

Intel Forms Product Assurance and Security Group amid Meltdown and Spectre Fallout

"In response to the Meltdown and Spectre exploits that potentially affect all CPUs released in the recent years, Intel on Monday created a new group that will focus on product assurance and security."

https://www.anandtech.com/show/1226...urity-group-amid-meltdown-and-spectre-fallout

DonH56 · Feb 3, 2018

Ah, yes, the old "shut the barn door after the horses got out, and shut them with a committee inside so we look good" approach...

How many years they been in business, and now they decide a QAS group is needed? Hmph...

Intel Kernel Bug

Grand Contributor

Deleted member 65

Guest

Grand Contributor

Founder/Admin

Grand Contributor

Founder/Admin

Grand Contributor

Deleted member 65

Guest

Major Contributor

Major Contributor

Grand Contributor

Addicted to Fun and Learning

Deleted member 65

Guest

Grand Contributor

Grand Contributor

Grand Contributor

Active Member

Founder/Admin

Deleted member 65

Guest

Master Contributor

Similar threads