- This topic has 8 replies, 5 voices, and was last updated May 17-11:52 am by oops.
-
Posts
-
VW
After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors. The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them.
“These are the times that try men's souls" - Thomas Paine
Anonymous
I’m not sure it steals the data. Maybe it just borrows the data but forgets to return it?
VW
Best to buy a new processor:
Patches Often Slow Down Existing CPUs
“These are the times that try men's souls" - Thomas Paine
I’m sure glad all of my newer cpus are AMD and not intel right now.
AMD and ARM CPUs are unaffected by Zombieload, MDS-class vulnverabilities despite also utilising a simultaneous multithreading within their processors.as stated on
https://www.pcgamesn.com/intel/zombieload-mds-vulnerability-security-patch-hyperthreading-mitigation-performance
lol I never bought a new intel–since in the 90’s the pentium couldn’t add. I got an AMD-p75 instead.
The intel ones I have are all from throw-aways. Maybe a good time to look at ARM and AMD for future purchases.To make it short and easy understandable:
As a home / hobby user, you’ve got nothing to worry about.
Theoretically exploitable over the javaScript in web browser but, all web browser (‘all’ == Google Chrome & FireFox) developers are patching their browsers regularly.
Professionals (== Linux servers) are having a seriuos problem.
In case where multiple VM’s are running on the same host (== as good as always) and if ‘the bad guy’ starts his ‘hostile’ guest VM on the same server, it can read all (random) data of all other VM’s which run on the exact same processor core/thread in a given moment.
https://www.heise.de/newsticker/meldung/Neue-Sicherheitsluecken-in-Intel-Prozessoren-ZombieLoad-4421217.html
https://www.heise.de/ct/artikel/Updates-gegen-die-Intel-Prozessorluecken-ZombieLoad-Co-4422413.htmlMeltdown, Spectre and Co. are ‘running’ just as fine on AMD processor as well as on your Smartphones (Qualcomm) as well as almost every other hyperthreading processor ever made.
Intel got a few culprits more just because they made the most efficient hyperthreading up to date.
Additional Intel problem is IMEI — which is digged very deep in their products.
After the last year’s hack and the one before it, there’s another one …
https://www.heise.de/security/meldung/Viele-Intel-Rechner-brauchen-wieder-BIOS-Updates-4335118.html
https://www.heise.de/security/meldung/Intel-fixt-teils-kritische-Luecken-in-UEFI-BIOS-ME-und-Linux-Grafiktreiber-4423912.htmlyeah regular people aren’t the main targets …things like the
cloud servers, data centers, and any online banking have alot to worry about
with this … I just like to poke fun at intel now and then because they make
some tradeoffs for speed instead of security that the others didn’t do.
not saying any cpu is perfect just that the other ones were a little more
responsible with security precautions.Trade off (and the protection measure) == disabling hyperthreading
It’s the same in case of any processor that’s using that technology.
How true,
the other cpus exploits just haven’t been brought to light yet.
Anytime there are multiple cores then the exploits are there when
the cores interact with each other or the memory. no matter what
cpu/architecture is running.
oops
@linuxdaddy: “…the other cpus exploits just haven’t been brought to light yet.(interact with the memory)”
… It ‘s probable. 😉
- You must be logged in to reply to this topic.
