Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:
Germany 08/31
Chicago, IL USA, IL 10/19

Regularly scheduled events

Evening Tech Bits

View
13 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >

13. Re: Evening Tech Bits Jan 5, 2018, 15:05 NewMaxx
 
RedEye9 wrote on Jan 3, 2018, 13:58:
Really. Then i'm gonna have to submit a whole lot of claims for iNtel cpu's that i have never owned. :o

Never know!
 
Reply Quote Edit Delete Report
 
12. Re: Evening Tech Bits Jan 4, 2018, 05:05 eRe4s3r
 
William Rubin wrote on Jan 3, 2018, 17:52:
eRe4s3r wrote on Jan 2, 2018, 21:21:
This issue isn't exploitable over the web anyhow.

Probably/possibly not true. Proof of Concept code, written in JavaScript, may exist, from the same people who discovered the bug.

https://nixcraft.tumblr.com/post/169209890277/the-mysterious-case-of-the-linux-page-table

Google does not say either But if what google says is true, all exploit paths are already patched. With todays windows update in windows, and for any other exploits browsers (if applicable) have patched too.
 
Avatar 54727
 
Reply Quote Edit Delete Report
 
11. Re: Evening Tech Bits Jan 3, 2018, 17:52 William Rubin
 
eRe4s3r wrote on Jan 2, 2018, 21:21:
This issue isn't exploitable over the web anyhow.

Probably/possibly not true. Proof of Concept code, written in JavaScript, may exist, from the same people who discovered the bug.

https://nixcraft.tumblr.com/post/169209890277/the-mysterious-case-of-the-linux-page-table
 
Reply Quote Edit Delete Report
 
10. Re: Evening Tech Bits Jan 3, 2018, 13:58 RedEye9
 
NewMaxx wrote on Jan 3, 2018, 13:27:
RedEye9 wrote on Jan 3, 2018, 07:30:
Hells yeah. I got $15 from the the http://www.intelpentium4litigation.com/

This may be closer to double that from what I'm hearing but we'll see.
Really. Then i'm gonna have to submit a whole lot of claims for iNtel cpu's that i have never owned.
 
Avatar 58135
 
https://www.newyorker.com/humor/borowitz-report
Reply Quote Edit Delete Report
 
9. Re: Evening Tech Bits Jan 3, 2018, 13:27 NewMaxx
 
RedEye9 wrote on Jan 3, 2018, 07:30:
Hells yeah. I got $15 from the the http://www.intelpentium4litigation.com/

This may be closer to double that from what I'm hearing but we'll see.
 
Reply Quote Edit Delete Report
 
8. Re: Evening Tech Bits Jan 3, 2018, 07:30 RedEye9
 
NewMaxx wrote on Jan 2, 2018, 22:08:
Class action (may already be in the works), start writing down everything you've bought with Intel chips in the last decade (or two).
Hells yeah. I got $15 from the the http://www.intelpentium4litigation.com/ and have never owned one.
I also got $10 because http://www.classactionrebates.com/settlements/red-bull/ didn't give me wings.

Just saw that BK will give you $2, or $5 with receipt for a misleading breakfast special.

This comment was edited on Jan 3, 2018, 07:42.
 
Avatar 58135
 
https://www.newyorker.com/humor/borowitz-report
Reply Quote Edit Delete Report
 
7. Re: Evening Tech Bits Jan 2, 2018, 22:58 TheVocalMinority
 
eRe4s3r wrote on Jan 2, 2018, 21:21:
MeanJim wrote on Jan 2, 2018, 20:38:
I suppose a recall is out of the question due to the number of processors affected, many of which aren't even in production anymore.

Well, I think it would not just be out of the question, it would literally be impossible to recall 2+ billion cpu and replace them.

Better solution, fix the security issue and disable the fix when a game runs or give user white-listing abilities. 23% performance reduction would definitely make me NOT apply that update. This issue isn't exploitable over the web anyhow. Hax needs full access to your rig, so sandbox and no problem. Although.. I think this issue could actually make sandboxes leak... now wouldn't that be something.

But until we can read what is actually patched we dunno really

As you say all we have is speculation at the moment but it is possible that this could be exploited remotely. IIRC rowhammer has been found to work in Javascript but not sure how reliable it is.

From what I have read the main concern is that it may allow users to break out of a VM and have their way with the entire system.
 
VM
Reply Quote Edit Delete Report
 
6. Re: Evening Tech Bits Jan 2, 2018, 22:08 NewMaxx
 
MeanJim wrote on Jan 2, 2018, 20:38:
I suppose a recall is out of the question due to the number of processors affected, many of which aren't even in production anymore.

Class action (may already be in the works), start writing down everything you've bought with Intel chips in the last decade (or two).
 
Reply Quote Edit Delete Report
 
5. Re: Evening Tech Bits Jan 2, 2018, 22:00 NewMaxx
 
Hot on the heels of the ME exploits, I don't think this was an accidental discovery. (likely both NSA backdoors)  
Reply Quote Edit Delete Report
 
4. Re: Evening Tech Bits Jan 2, 2018, 21:21 eRe4s3r
 
MeanJim wrote on Jan 2, 2018, 20:38:
I suppose a recall is out of the question due to the number of processors affected, many of which aren't even in production anymore.

Well, I think it would not just be out of the question, it would literally be impossible to recall 2+ billion cpu and replace them.

Better solution, fix the security issue and disable the fix when a game runs or give user white-listing abilities. 23% performance reduction would definitely make me NOT apply that update. This issue isn't exploitable over the web anyhow. Hax needs full access to your rig, so sandbox and no problem. Although.. I think this issue could actually make sandboxes leak... now wouldn't that be something.

But until we can read what is actually patched we dunno really
 
Avatar 54727
 
Reply Quote Edit Delete Report
 
3. Re: Evening Tech Bits Jan 2, 2018, 21:17 Burrito of Peace
 
Well fuck. I just bought two Dell R740s to use as VM hosts. Intel, natch, since Dell won't ship an Epyc based server.  
Reply Quote Edit Delete Report
 
2. Re: Evening Tech Bits Jan 2, 2018, 20:38 MeanJim
 
I suppose a recall is out of the question due to the number of processors affected, many of which aren't even in production anymore.  
Avatar 17277
 
MeanJim on Steam
Reply Quote Edit Delete Report
 
1. Re: Evening Tech Bits Jan 2, 2018, 19:26 RedEye9
 
That kernal memory issue might be big.
It does not affect AMD.
https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2
 
Avatar 58135
 
https://www.newyorker.com/humor/borowitz-report
Reply Quote Edit Delete Report
 
13 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >


footer

Blue's News logo