Major Intel CPU Hardware Vulnerability Found, Could Cost 35% Performance

Discussion in 'Security News' started by Slyguy, Jan 2, 2018.

  1. rockstarrocks

    rockstarrocks Level 14

    Apr 16, 2017
    686
    6,783
    Civil Engineer
    Delhi>India>Asia>Earth>S.S.>Milky way>Our Universe
    Windows 10
    Emsisoft
    I am guessing gamers would be skipping this patch, to run their games at maximum FPS.
     
  2. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,084
    4,346
    Fortinet Engineer
    USA
    Other OS
    Remember kids, this isn't the first time Intel has been leaving in backdoors. Anyone remember Creepy Janitor or Ring-2 backdoor? I never trusted Intel and hence, never really purposely purchased desktops with chips based on it.

    Intel left a fascinating security flaw in its chips for 16 years – here's how to exploit it
    Intel left a fascinating security flaw in its chips for 16 years

    There was a reason John Titor time traveled back to get a pristine IBM 5100, he said everything else was compromised after that system. :D
     
  3. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,285
    Caille
    Windows 10
    LOL

    Yeah, if you compromise that Ring -2 via exploitation then that is pretty devastating. In my opinion all of this is just intriguing and bad at the same time, and I will never ever buy an Intel CPU ever again.
     
    Vasudev, lowdetection, Slyguy and 5 others like this.
  4. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,143
    4,511
    Qihoo 360
    They have to match the off the shelf benchmarks too...or better them....
     
  5. Prorootect

    Prorootect Level 46

    Nov 5, 2011
    3,554
    3,740
    0wN3D by my cat!
    Opcode wrote:
    "I believe the government should be able to do their job and monitor people of interest for valid reason, but at the same time I don't think that systems should be left vulnerable for some creepy nerd to remotely access it because a hardware manufacturer felt like cutting corners or for whatever reason."
    - I think this same...

    Here you have two responses on debate.org:
    Is it justifiable to violate certain civil liberties in the name of national security?: Is it justifiable to violate certain civil liberties in the name of national security?
    "3000 people perished on 9/11 is not enough to grasp the concept of safety in time of war?
    War against terror is a real war, but people don't perceive it as such, because it is different from traditional wars. In times of extreme danger, for the safety of our nation it is vital to use extreme measures to protect the country until the level of danger subside. How many people have to die until this simple concept is assimilated? 3000 people on 9/11 is not enough?"

    ... and another voice:
    "No invasion of my personal privacy, electronic data collection, phone monitoring, internet search monitoring.
    I love my country but believe in the constitution that made us willing to fight and die for her over the years. It is obvious that the Patriot Act is the right to abuse Government oversight. The Patriot Act needs to be repealed and a clean slate of electronic assistance into Government monitoring established."

    On another thread from debate.org:
    "Read "1984" by George Orwell - the constant state of war (or fear) was the ultimate power the government had. Welcome to your future."
     
    Vasudev and AtlBo like this.
  6. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,285
    Caille
    Windows 10
    I think monitoring is fine but only with a valid reason. I don't think having a backdoor ready for usage whenever for everyone is a good idea because that same backdoor can be used by an attacker. I'm no mastermind so I don't know what alternate they can do but point is you don't know who is working at the government using such spy tools and you don't know who is rogue or not so anything can happen with it

    But a master decryption key and such is just stupid. Firstly, what are the restrictions? It will likely trigger a war not stop one. What if Russia dislike the US having one which applies for Apple products in Russia as well? Or another country doesn't want another spying with a backdoor in products used by their own government? See?

    So I think a country monitoring is far, even over-seas as sometimes it is necessary, but the governments should work more together and be less intrusive as much as possible on citizens they have done checks on to know are genuine and safe

    And stuff like being exposed for trying to sabotage Kaspersky, working with another country to hack a security company, making tools capable of framing someone else, etc... well that doesn't make me want to trust said government. Hint hint.
     
    Vasudev and AtlBo like this.
  7. Prorootect

    Prorootect Level 46

    Nov 5, 2011
    3,554
    3,740
    0wN3D by my cat!
    News from Aug 29, 2017:
    Now you, too, can disable Intel ME 'backdoor' thanks to the NSA: on csoonline.com: Now you, too, can disable Intel ME 'backdoor' thanks to the NSA
    ...
    Intel refuted those backdoor accusations, saying, “Intel does not put backdoors in its products nor do our products give Intel control or access to computing systems without the explicit permission of the end user. In short, Intel does not participate in efforts to decrease security in technology.”...
    ...Here comes the good news. As Positive Technologies researchers Mark Ermolov and Maxim Goryachy poked into the firmware, they discovered an undocumented HAP field. HAP, which stands for the High Assurance Platform (pdf) program, was developed by the NSA. The framework was for the “development of the ‘next generation’ of secure computing platforms.”
    The researchers discovered an undocumented field called “reserve-hap” and that HAP could be set to “1” for true. ...
    ...
    If you want to disable Intel ME, you should first read the in-depth technical explanation about the researchers finding “an undocumented PCH strap that can be used to switch on a special mode disabling the main Intel ME functionality at an early stage.” Positive Technologies also made its Intel ME 11.x firmware image unpacker utility available on GitHub. Use at your own risk; the methods to disable Intel ME were described as “risky and may damage or destroy your computer.”

    _______________

    Ah, maybe we have little strap to remove so that the Intel CPU problem disappears suddenly?
    Search... and you will find!
     
    Vasudev, Opcode, bribon77 and 2 others like this.
  8. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,143
    4,511
    Qihoo 360
    If they were willing to be sincere and transparent with everyone, there could be a system that everyone can live with across the board...business to gamers.

    I appreciate what Intel says here, but if Intel had helped the U.S. government develop back door technologies to be built into their products, would anyone ever believe Intel wouldn't just blatantly lie about doing so? Well, If indeed everyone started expecting answers about connections between the U.S. government and Intel and Microsoft and so on that were true, we would be about 99% likely to get lies from Intel or whoever was involved. These lies would be STONE COLD too. No apologies and no regrets. No amateur hour lies...professionally scripted like there's no tomorrow lies.

    I hope that the U.S. government didn't get into business with Intel or Microsoft or any of the communications companies on any level, and I hope vice versa also. I also hope Intel can come up with a quick answer to this gigantic dilemma. However, if Intel and or MS did get involved with government on any level other than to be on the same page about developing a securable structure to the internet and a securable structure for communications (if there was wanton careless disregard for the well-being of good people on any level in any collaboration between the entities), I know it will come to light. In that case, the difficulties that would surely follow would be deserved by all involved parties.

    Government in the U.S. exists only to look after the interests of the people. American law considers a company a person, but any association with communications or computer related businesses is outside the scale of reasonable for the American government to attempt. This kind of association is completely unmanageable for a government agency. The CIA would be turned into the keystone cops trying do business with the individuals who represent these companies. No, American government needs a system that guarantees them that they can monitor communication passively (computer searching for potential dangers) for dangerous activities, but anything beyond that is foolishness and contempt for common sense.

    Honestly, it seems normal to me that the U.S. government should be working with the communications/computer industry at the present time. However, they should be working together with a clear understanding that they have separate interests. Whatever is going on, they don't seem to have this for now. Ultimately, the U.S. government can buy American businesses security and peace of mind by being able to monitor passively and generically. They can deliver this through simple CIA automated analysis of communications traffic...that is whatever they are able to monitor. The rest will be up to the operatives within that agency. Business keeps the U.S. military in its uniforms and the CIA and the rest ot them staffed. These entities have got to start being real with each other at some point. The sooner the better.

    Yes, I have to believe they will come up with something better than a new processor for everyone. Seriously...:rolleyes:

    100% the worst sign to see from the American government. With this government, where there is smoke, there is fire. I know by the end of all of the struggles of the PC industry, everything will be sorted out properly. It's a pretty rough ride, though...
     
  9. bribon77

    bribon77 Level 10

    Jul 6, 2017
    488
    3,363
    spain
    Windows 7
    Emsisoft
    This means. All we use Intel, We will become, In Totugas Cybernautics.:eek:
     
    Opcode and AtlBo like this.
  10. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,084
    4,346
    Fortinet Engineer
    USA
    Other OS
    #51 Slyguy, Jan 3, 2018
    Last edited: Jan 3, 2018
    Intel response is lame as heck.

    "Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. "

    So it's not a bug or flaw but it requires software patching to fix the non-bug and non-flaw that will reduce performance by up to 35%+? Sounds good intel, keep talking... Then there is this gem;

    “Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time,”

    35% isn't significant? Own up to this Intel, you skirted security and common sense to squeak out more speed and hoped nobody would find out. Your CEO dumped his stock after finding out others knew and it would be disclosed.

    Intel Responds to Security Research Findings
     
  11. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,285
    Caille
    Windows 10
    I don't believe them either.
     
  12. Danielx64

    Danielx64 Level 8

    Mar 24, 2017
    396
    1,689
    Australia
    Windows 10
    ESET
    Does anyone knows if any mobile phone use anything from Intel in then?
     
    Vasudev, Sunshine-boy and AtlBo like this.
  13. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,143
    4,511
    Qihoo 360
    #54 AtlBo, Jan 3, 2018
    Last edited: Jan 3, 2018
    What about steal data? WHAT are they attempting with this statement? Intel should be silent on the data security issue other than to say the issue is being looked into and that there will be patches for some things which should should safeguard data from data theft in the short term.

    This sounds like a complete attempt at redirection. In the opening, this statement says, "Intel believes these exploits do not have the potential to corrupt, modify or delete data." Now they say their products are as unsafe as everyone else's? This is gibberish. Unsafe is unsafe, and unsafe is headed for lawsuits if it doesn't come up with answers fast. It's seriously that simple. "Tolerate my unsafety like everyone else's"....puleez...:LOL: They'll have their day in court if their product(s) is/are unsafe, Intel.

    Now they AGAIN admit there is an issue with their product and then that there will be a performance problem, all the while dragging AMD into the issue. The statement comes across like a child who just broke some valuable antique. Well, unfortunately, think I hear a lawsuit coming from AMD if they're processors don't have this issue, and Intel's do. On performance, of course, they probably know how much truth there is to the concerns over performance loss. Yet, Intel is not being straight here with the simple truth about their processors. Either they are compromisable or not. If they are, all they should say is that they are working on the issue. They should be the same way about the performance issue.

    Hope this is true, but we will find out. Also, this statement is a tap dance. It's absurd to hear this from individuals representing the best of technology and its single ability to empower humans for greatest success.

    Translated..."We're going out for a beer you guys. Don't pay any attention to what anybody says about us or how unsafe our products are to use. Just get the patch, bro...Srsly, you didn't need that processor power...c'mon..." :devil:

    If Intel has issues with what's being said, because they have facts to the otherwise, they should just say they have facts. I expect a whole lot better than this statement from a corporation in this situation. This should have been a short statement citing security reasons for saying that there will be information on the issue later. Leave it right there for now. The whole article comes across as intentional vaguery...or drunken babble. (n):(

    It's a bad statement, but I do hope the problem is overstated. IDK what to say. I guess we will have to wait like everyone else and see what happens in the next several days.

    EDIT: I am really concerned now that I think about it about the omission of data theft from Intel's second sentence in this statement. Looking at this statement again, it almost reads like Intel is trying to omit data theft from the issue. Almost seems like they could be trying to cover up something here to me. Not to say it's true, but reading the statement carefully really concerns me. First, "there have been rumors that data can be stolen". But then there is, "Intel believes these exploits do not have the potential to corrupt, modify or delete data." NO mention of stealing data. Looks so much like an attempted deflection to me. And why isn't data theft mentioned? I don't like this from Intel one bit, and I think people are going to see through to what isn't being said here...
     
  14. Danielx64

    Danielx64 Level 8

    Mar 24, 2017
    396
    1,689
    Australia
    Windows 10
    ESET
    Hmmm even worse than everyone think it is, could have been around since 1995.....

    Critical flaws revealed to affect most Intel chips since 1995

     
  15. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,285
    Caille
    Windows 10
    Lol if a PoC source code goes out, it is gonna get copy pasted and used. That is common sense
     
  16. Prorootect

    Prorootect Level 46

    Nov 5, 2011
    3,554
    3,740
    0wN3D by my cat!
    AtlBo wxrote:
    "Translated..."We're going out for a beer you guys. Don't pay any attention to what anybody says about us or how unsafe our products are to use. Just get the patch, bro...Srsly, you didn't need that processor power...c'mon..." :devil:"


    - New Intel statements do not improve the company's image.
    On the contrary, they are in the process of sinking like children, who are surprised to do bad, strange things, their faces can be reddish with shame....?

    Only truth will set you free.
     
    ZeroDay, AtlBo and bribon77 like this.
  17. LASER_oneXM

    LASER_oneXM Level 17
    Content Creator

    Feb 4, 2016
    847
    4,405
    university/IT
    Germany / Poland
    Windows 8.1
    Kaspersky
    source (bleepingcomputer.com): OS Makers Preparing Patches for Secret Intel CPU Security Bug

     
  18. Danielx64

    Danielx64 Level 8

    Mar 24, 2017
    396
    1,689
    Australia
    Windows 10
    ESET
    "Some tech and hardware blogs have already started benchmarking CPU performance for operating systems before and after the patch, and some have reported performance dips. Nonetheless, readers should take into consideration that these are in-dev OS versions and the patched OSes may receive further patching and optimization."

    Thank god for that, I would hate to see my CPU slow down because of this security issue.
     
  19. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,285
    Caille
    Windows 10
    It'll definitely slow down because there'll be more overhead because of the Kernel Page Table Isolation (KPTI), but hopefully with good implementation and optimisation patches, it won't be so bad.
     
    AtlBo, LASER_oneXM and bribon77 like this.
Loading...
Similar Threads Forum Date
The Intel Broadwells Have a Major Design Defect When Running Office 2016 News Archive Sep 29, 2015
iOS iPhone Jailbreaking Dies Slowly as Major Repositories Shut Down Android, iOS and Windows 10 Mobile Nov 24, 2017
Vulnerabilities Discovered in Mobile Bootloaders of Major Vendors Security News Sep 4, 2017