Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:

Evening Safety Dance

View
12 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >

12. Re: Evening Safety Dance May 16, 2019, 21:17 RedEye9
 
Bard, your first mistake was thinking work is fun. Wink
Thanks for giving us a glimpse of your daily toil.

MDS / Zombieload Mitigations Come At A Real Cost, Even If Keeping Hyper Threading On

 
Avatar 58135
 
Filmmaker John Waters advice for elders: "Whenever any magazine says, 'What photographer do you want to shoot you?' I always just say, 'The one that has the biggest retouch budget!
Reply Quote Edit Delete Report
 
11. Re: Evening Safety Dance May 16, 2019, 17:19 Bard
 
eRe4s3r wrote on May 16, 2019, 11:45:
Dacote wrote on May 16, 2019, 10:53:
Wallshadows wrote on May 16, 2019, 10:25:
eRe4s3r wrote on May 16, 2019, 07:41:
This entire thing is just hyped up to absurdity to sell more CPU's

I think it has more to do with confidence in Intel rather than being genuinely concerned in regards to MDS. Intel has been riding a wave of damage control ever since Spectre and Meltdown was discovered which was further compounded by the scope of the impact as well as the solutions which can undermine performance especially in older systems.

Just two days ago a new MDS, Zombieload, popped up. Intel's potential solution to this? Tell consumers they may have to disabled Hyper Threading. I'm still sure the chances of being affected are microscopic but this is how far down the rabbit hole Intel has found itself.

I'm not at all concerned about my system getting compromised so I've been more or less ignoring the mitigations but it leaves an incredibly sour taste in my mouth when consumers are asked to pick up the slack because Intel put performance over security whereas AMD has hardware mitigation out of the box and are quickly gaining ground.


... this probably doesn't address the point you were making. Caught myself in a tangent.
forum post snippet
"Intel engineers haven't respected ring 0 kernel mode security for ages. Its why their hyper threading has major issues... I mean their unpatched chips basically don't bother to check if bits have permission to be there until after they execute. (just saying it out loud even complete laypersons know that is bad... lets unlock the door and then check and see if that shady looking dude had a key)"

Thanks ChadD

Which is only really a problem in "cloud" VM environments. For everyone else, if you can run the application that sniffs CPU data, you can literally do anything else you want on that machine too. This problem is a design problem and it ain't ever gonna be fixed by a software patch.

As a point. None of the OS mitigation patches against Spectre or Mirage EVEN WORK unless you have a state-of-the-art intel CPU (i5 8xxx + ) that has it on the hardware level (which makes the mitigation basically pointless)

And everyone below that generation of CPU's has the problem WITH AND WITHOUT MITIGATION. That's why this brings my blood to boil. The problem has been blown up WAY over proportion. As a normal gamer you are not EVER gonna have this as an attack vector unless you download a locally run malware yourself, run it yourself and give it admin access yourself.

Privilege Escalation holes are a dime a dozen. It just requires a user to do things such as hit an infected website. Just spent a week unfucking a network from a new cryptovirus that got by eeeeeverything.. systems completely up to date with patches, virus too new to be recognised by AV vendors, actively disabled AV on impacted system, launched payload, infected hyper-v host via the Virtualisation Memory flaw, encrypted the local VHD's.

Luckily the client went with our backup solution that allowed us to run recovery VM's from the backup unit while we killed everything with fire.

IT used to be fun, now it's whack-a-mole of security vulnerabilities and vendor incompetence and I have absolutely NO faith in state intelligence services that hoard and weaponise vulnerabilities or even National Security Letter require backdoors that are inevitably discovered by other parties.


 
Reply Quote Edit Delete Report
 
10. Re: Evening Safety Dance May 16, 2019, 17:06 Bard
 
jamiedj99 wrote on May 16, 2019, 03:46:
LOL 5G is the problem here why is this network such a threat to national security. Frankly if china can spy on you with it what about anyone eles making a phone or any other china brand that is not being targeted to spy on you with. There the fact that 5G my fail now as it is going to prevent weather satilites from reading things properly. some food for thought

I think it is far more likely Huawei refused to put back doors into their systems at the behest of US Intelligence services, and is paying the price for it, and are fighting back with this 'no spying agreements' play.

 
Reply Quote Edit Delete Report
 
9. Re: Evening Safety Dance May 16, 2019, 11:45 eRe4s3r
 
Dacote wrote on May 16, 2019, 10:53:
Wallshadows wrote on May 16, 2019, 10:25:
eRe4s3r wrote on May 16, 2019, 07:41:
This entire thing is just hyped up to absurdity to sell more CPU's

I think it has more to do with confidence in Intel rather than being genuinely concerned in regards to MDS. Intel has been riding a wave of damage control ever since Spectre and Meltdown was discovered which was further compounded by the scope of the impact as well as the solutions which can undermine performance especially in older systems.

Just two days ago a new MDS, Zombieload, popped up. Intel's potential solution to this? Tell consumers they may have to disabled Hyper Threading. I'm still sure the chances of being affected are microscopic but this is how far down the rabbit hole Intel has found itself.

I'm not at all concerned about my system getting compromised so I've been more or less ignoring the mitigations but it leaves an incredibly sour taste in my mouth when consumers are asked to pick up the slack because Intel put performance over security whereas AMD has hardware mitigation out of the box and are quickly gaining ground.


... this probably doesn't address the point you were making. Caught myself in a tangent.
forum post snippet
"Intel engineers haven't respected ring 0 kernel mode security for ages. Its why their hyper threading has major issues... I mean their unpatched chips basically don't bother to check if bits have permission to be there until after they execute. (just saying it out loud even complete laypersons know that is bad... lets unlock the door and then check and see if that shady looking dude had a key)"

Thanks ChadD

Which is only really a problem in "cloud" VM environments. For everyone else, if you can run the application that sniffs CPU data, you can literally do anything else you want on that machine too. This problem is a design problem and it ain't ever gonna be fixed by a software patch.

As a point. None of the OS mitigation patches against Spectre or Mirage EVEN WORK unless you have a state-of-the-art intel CPU (i5 8xxx + ) that has it on the hardware level (which makes the mitigation basically pointless)

And everyone below that generation of CPU's has the problem WITH AND WITHOUT MITIGATION. That's why this brings my blood to boil. The problem has been blown up WAY over proportion. As a normal gamer you are not EVER gonna have this as an attack vector unless you download a locally run malware yourself, run it yourself and give it admin access yourself.
 
Avatar 54727
 
Reply Quote Edit Delete Report
 
8. Re: Evening Safety Dance May 16, 2019, 10:53 Dacote
 
Wallshadows wrote on May 16, 2019, 10:25:
eRe4s3r wrote on May 16, 2019, 07:41:
This entire thing is just hyped up to absurdity to sell more CPU's

I think it has more to do with confidence in Intel rather than being genuinely concerned in regards to MDS. Intel has been riding a wave of damage control ever since Spectre and Meltdown was discovered which was further compounded by the scope of the impact as well as the solutions which can undermine performance especially in older systems.

Just two days ago a new MDS, Zombieload, popped up. Intel's potential solution to this? Tell consumers they may have to disabled Hyper Threading. I'm still sure the chances of being affected are microscopic but this is how far down the rabbit hole Intel has found itself.

I'm not at all concerned about my system getting compromised so I've been more or less ignoring the mitigations but it leaves an incredibly sour taste in my mouth when consumers are asked to pick up the slack because Intel put performance over security whereas AMD has hardware mitigation out of the box and are quickly gaining ground.


... this probably doesn't address the point you were making. Caught myself in a tangent.
forum post snippet
"Intel engineers haven't respected ring 0 kernel mode security for ages. Its why their hyper threading has major issues... I mean their unpatched chips basically don't bother to check if bits have permission to be there until after they execute. (just saying it out loud even complete laypersons know that is bad... lets unlock the door and then check and see if that shady looking dude had a key)"

Thanks ChadD
 
Reply Quote Edit Delete Report
 
7. Re: Evening Safety Dance May 16, 2019, 10:25 Wallshadows
 
eRe4s3r wrote on May 16, 2019, 07:41:
This entire thing is just hyped up to absurdity to sell more CPU's

I think it has more to do with confidence in Intel rather than being genuinely concerned in regards to MDS. Intel has been riding a wave of damage control ever since Spectre and Meltdown was discovered which was further compounded by the scope of the impact as well as the solutions which can undermine performance especially in older systems.

Just two days ago a new MDS, Zombieload, popped up. Intel's potential solution to this? Tell consumers they may have to disabled Hyper Threading. I'm still sure the chances of being affected are microscopic but this is how far down the rabbit hole Intel has found itself.

I'm not at all concerned about my system getting compromised so I've been more or less ignoring the mitigations but it leaves an incredibly sour taste in my mouth when consumers are asked to pick up the slack because Intel put performance over security whereas AMD has hardware mitigation out of the box and are quickly gaining ground.


... this probably doesn't address the point you were making. Caught myself in a tangent.
 
Avatar 50040
 
Reply Quote Edit Delete Report
 
6. Re: Evening Safety Dance May 16, 2019, 09:52 Mr. Tact
 
jamiedj99 wrote on May 16, 2019, 03:46:
There the fact that 5G my fail now as it is going to prevent weather satilites from reading things properly. some food for thought
Everything I've ever read about 5G has made me think it was "fail" to begin with. The whole idea makes so little sense, it is an obvious money grab and little else.
 
Truth is brutal. Prepare for pain.
Reply Quote Edit Delete Report
 
5. Re: Evening Safety Dance May 16, 2019, 09:18 RedEye9
 
eRe4s3r wrote on May 16, 2019, 07:41:
This entire thing is just hyped up to absurdity to sell more CPU's
And AMD thanks them.
 
Avatar 58135
 
Filmmaker John Waters advice for elders: "Whenever any magazine says, 'What photographer do you want to shoot you?' I always just say, 'The one that has the biggest retouch budget!
Reply Quote Edit Delete Report
 
4. Re: Huawei would sign no spy contract May 16, 2019, 08:06 Verno
 
Simon Says wrote on May 15, 2019, 21:29:
Well, I guess now all they need to do is agree to sign a spy contract for the five eyes and they'll allow their devices to be used in their network.

You must have the right kind of backdoor opened to the right people you stupid Huawei!

China spying = BAD
West/Five Eyes spying = GOOD

It's really simple...

Uh of course? Look at the kind of government they have in China. Is Russia spying "BAD" to you? It is to me, look at what Russia stands for. So yes spying by us and our allies (even on each other) is fine and even expected. Intelligence is pretty fucking important in ensuring that we don't all bomb each other back to the stone age. The difference here is that we want balance and the Chinese government is well known for state sponsored (and enforced) backdoors/hacking so giving them access to our national communications networks might not be a great idea for us!
 
Avatar 51617
 
Playing: Pillars of Eternity II, Dragon's Dogma, Final Fantasy V
Watching: Chernobyl, Barry, NBA Playoffs
Reply Quote Edit Delete Report
 
3. Re: Evening Safety Dance May 16, 2019, 07:41 eRe4s3r
 
I still to this day do not understand why we even have mitigations on the OS level. All those theoretical attacks on intel cpu require full RING-0 access. Meaning, you would have to get hacked so hard that basically, reading out CPU data is the LEAST problematic thing to worry about.

This entire thing is just hyped up to absurdity to sell more CPU's
 
Avatar 54727
 
Reply Quote Edit Delete Report
 
2. Re: Evening Safety Dance May 16, 2019, 03:46 jamiedj99
 
LOL 5G is the problem here why is this network such a threat to national security. Frankly if china can spy on you with it what about anyone eles making a phone or any other china brand that is not being targeted to spy on you with. There the fact that 5G my fail now as it is going to prevent weather satilites from reading things properly. some food for thought  
Reply Quote Edit Delete Report
 
1. Huawei would sign no spy contract May 15, 2019, 21:29 Simon Says
 
Well, I guess now all they need to do is agree to sign a spy contract for the five eyes and they'll allow their devices to be used in their network.

You must have the right kind of backdoor opened to the right people you stupid Huawei!

China spying = BAD
West/Five Eyes spying = GOOD

It's really simple...

This comment was edited on May 16, 2019, 05:22.
 
Reply Quote Edit Delete Report
 
12 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >


footer

Blue's News logo