Yeah, another intel bug like Meltdown. AMD is definitely looking better.
Name your new notable thing “SPOILER” to make it virtually search engine kryptonite, gg.
So, this sounds really, really bad, especially to cloud providers. That’s a monstrous number of CPUs that have to be replaced.
For those who aren’t afraid of the flaws, it may mean a lot of cheap used hardware appearing on the market soon. I mean, you would think?
Are we reasonably certain that the only reason similar flaws haven’t been found in AMD is because of security by obscurity? I don’t have any reason to think they are vulnerable, but then again, is anyone actually working on attacking them, given how prevalent Intel is?
Don’t know, but that approach has worked pretty damned well for macs for the last two decades.
That’s one possible explanation, another is that AMD just didn’t have the same level of optimizations that Intel had, and hence has fewer surfaces to attack.
According to SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability • The Register
The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior.
For this specific bug, yes. That wasn’t the point.
Here we go again
In a call with TechCrunch, Intel said the microcode updates, like previous patches, would have an impact on processor performance. An Intel spokesperson told TechCrunch that most patched consumer devices could take a 3 percent performance hit at worst, and as much as 9 percent in a datacenter environment. But, the spokesperson said, it was unlikely to be noticeable in most scenarious.
Edit: Ars has a better article with more details
Another intel-specific design exploit. I still wonder if AMD doesn’t have just as many mistakes, but they just haven’t been found or disclosed publicly because it isn’t as popular.
This was a pretty serious (and rather large) team of security experts from around the world. Assume they’re on the cutting-edge of this stuff, and they’re testing every new method on all modern chips. AMD came clean in this case.
Oh, and Google is disabling hyperthreading in Chrome OS to mitigate this. So those high-end Chromebooks you bought just got slower.
Speaking of which, today’s cumulative Win10 update finally enables retpoline, which should mitigate a lot of the performance impact from Spectre mitigations.
https://support.microsoft.com/en-us/help/4494441/windows-10-update-kb4494441
MDS mitigation performance hit is real.
https://phoronix.com/scan.php?page=news_item&px=MDS-Zombieload-Initial-Impact
And that’s with hyperthreading left on. It gets worse if you shut it off.
Just a PSA, but I noticed in the past couple of weeks that Dell has pushed out brand-new BIOSes for my Haswell i3 and i7 boxes with all the latest Spectre mitigations. It’s pretty crazy that Dell is pushing out BIOS updates for 6-year-old machines, but here we are.
You might want to check your manufacturer’s site.
Not CPU-related, but…
If you are running a malicious app that can exploit badly written drivers, you are already seriously stuffed.
Nothing for my 2014 Asus board sadly.
Not sure what you mean. Drivers have root access, so you could be visiting a website that runs javascript that knows how to activate a flaw in the kernel.
The bottom line is always: everything is vulnerable. Don’t expect to ever be safe, really.
It’s not exactly straight shooting on ZDnet’s part to refer to security issues in Windows drivers as ‘security flaws in kernel drivers’. Without qualification, I read ‘kernel whatever’ as ‘Linux kernel whatever’.