• AnyStream is having some DRM issues currently, Netflix is not available in HD for the time being.
    Situations like this will always happen with AnyStream: streaming providers are continuously improving their countermeasures while we try to catch up, it's an ongoing cat-and-mouse game. Please be patient and don't flood our support or forum with requests, we are working on it 24/7 to get it resolved. Thank you.

Meltdown & Spectre potpourri

I'm hoping Intel fixes this and the hard drives speeds go back up. To what I have read this hit puts intel chips close to amd except for single core performance. I've now got 3500 bucks saved but still waiting tell all this shit settles down.
I cant believe you are not going to wait for the new Nvidia cards. Word around the water cooler is that NVIDIA is preparing to launch a couple of new graphics cards, the GeForce GTX 2080 and GeForce GTX 2070, during its GPU Technology Conference (GTC) next month. Thenew cards are said to be based on NVIDIA's upcoming 12-nanometer 'Ampere' architecture, ...
 
I cant believe you are not going to wait for the new Nvidia cards. Word around the water cooler is that NVIDIA is preparing to launch a couple of new graphics cards, the GeForce GTX 2080 and GeForce GTX 2070, during its GPU Technology Conference (GTC) next month. Thenew cards are said to be based on NVIDIA's upcoming 12-nanometer 'Ampere' architecture, ...

... and I foresee that supply will be limited, prices will be ridiculous, and crypto-miners will continue to rain on the parade making life suck for real people who need real video cards to do things like play games, edit video, etc. ******* sad when I have zero enthusiasm about what we'll see next in the evolution of graphics.
 
... and I foresee that supply will be limited, prices will be ridiculous, and crypto-miners will continue to rain on the parade making life suck for real people who need real video cards to do things like play games, edit video, etc. ******* sad when I have zero enthusiasm about what we'll see next in the evolution of graphics.
I know I can get one if they are released. But I might want to wait for the Ti model.Speculation suggests that when the GTX 2060 and GTX 2080cards do launch, they will be packing Samsung-built 16 Gbps or 18 Gbps GDDR6 RAM.
 
Last edited:
I cant believe you are not going to wait for the new Nvidia cards. Word around the water cooler is that NVIDIA is preparing to launch a couple of new graphics cards, the GeForce GTX 2080 and GeForce GTX 2070, during its GPU Technology Conference (GTC) next month. Thenew cards are said to be based on NVIDIA's upcoming 12-nanometer 'Ampere' architecture, ...
I don't need a graphics card. My rx470 is fine for my needs. Does 4k fine and 1440p gaming and 1080p. I only play one game cs source but am heavy into video production
 
Fudzilla: CTS who? AMD brushes off chipset security bugs with firmware patches

Summary: The flaws are real and do exist. The flaws will be fixed via firmware updates. AMD states that CTS Labs over-hyped things. CTS Labs did. AMD predictably throws out the "it's no big deal because administrative access is required in the first place" as if no one fails to follow best practices and/or a system is ever compromised which then allows an attacker administrative access.
 
Last edited:
Fudzilla: CTS who? AMD brushes off chipset security bugs with firmware patches

Summary: The flaws are real and do exist. The flaws will be fixed via firmware updates. AMD states that CTS Labs over-hyped things. CTS Labs did. AMD predictably throws out the "it's no big deal because administrative access is required in the first place" as if no one fails to follow best practices and/or a system is never compromised which then allows an attacker administrative access.
Anyone stupid enough to leave administration password nil or unrestricted access deserves this attack. Geez
 
Anyone stupid enough to leave administration password nil or unrestricted access deserves this attack. Geez

Sorry, but you are doing the same thing AMD did. They intentionally are throwing out the "administrative access" defense to put blame elsewhere; deflecting, downplaying, and effectively blaming the end user. The flaws do exist. So in one breath they are saying, yes, the flaws exist and we'll fix them with firmware updates but, well, that's on you because you are an idiot and we don't really want to accept any blame. Nothing to see here. Move along now. Nice PR spin. And, remember, there are already lawsuits about Meltdown & Spectre. They don't want any more bad press.

Attackers can compromise a system that doesn't follow best practices, and/or a system that isn't fully updated to protect against known vulnerabilities, and/or a system that has already been compromised using some other attack vector which is not known/patched where the administrative access is gained. Once they have the access then go for the vulnerabilities that CTS Labs found.

I previously commented on my opinion of security experts and the downplaying of anything that requires administrative access. It's a deflection. In an ideal world that wouldn't be something anyone would have to worry about but: (1) not everyone is the most intelligent, (2) people don't always properly secure their systems, and (3) even if people do secure their systems there are new flaws being found that allow access. So, I consider the "administrative access" argument to be simply lame. It's ignoring the bigger issue that a flaw exists to begin with.
 
Last edited:
Sorry, but you are doing the same thing AMD did. They intentionally are throwing out the "administrative access" defense to put blame elsewhere; deflecting, downplaying, and effectively blaming the end user. The flaws do exist. So in one breath they are saying, yes, the flaws exist and we'll fix them with firmware updates but, well, that's on you because you are an idiot and we don't really want to accept any blame. Nothing to see here. Move along now. Nice PR spin. And, remember, there are already lawsuits about Meltdown & Spectre. They don't want any more bad press.

Attackers can compromise a system that doesn't follow best practices, and/or a system that isn't fully updated to protect against known vulnerabilities, and/or a system that has already been compromised using some other attack vector which is not known/patched where the administrative access is gained. Once they have the access then go for the vulnerabilities that CTS Labs found.

I previously commented on my opinion of security experts and the downplaying of anything that requires administrative access. It's a deflection. In an ideal world that wouldn't be something anyone would have to worry about but: (1) not everyone is the most intelligent, (2) people don't always properly secure their systems, and (3) even if people do secure their systems there are new flaws being found that allow access. So, I consider the "administrative access" argument to be simply lame. It's ignoring the bigger issue that a flaw exists to begin with.

Ok stupid was a harsh word as my aunt needs my help with many windows issues all the time. The point is you have to be physically in my home and in front of my pc to hack the bios or admin to be subject to this type of attack. You cannot do this is via a malware attachment or download from a malicious program. You must have physical access to the terminal from within the place it is housed and have admin privileges. Intel security flaws can be accessed anywhere. BIG difference
 
Never heard of privilege escalation vulnerabilities?

Sent from my SM-N9005 using Tapatalk
I guess with a A root kit it may be possible. Once you gain access you can work your way to the kernel.
 
No, not with a rootkit. The exploits ARE the "rootkit". Hence the name EXPLOITS. They abuse design flaws to gain elevated priveleges on the system, to then do further acts
 
Fudzilla: Intel chips have new side channel bug

Insecurity experts have found that Intel chips are vulnerable to another side-channel attack similar to Meltdown and Spectre.

Researchers from the College of William and Mary, Carnegie Mellon, the University of California Riverside, and Binghamton University have described a security attack that uses the speculative execution features of modern processors to leak sensitive information and undermine the security boundaries that operating systems and software erect to protect important data.

Dubbed "BranchScope" the attack is similar to Meltdown and Spectre, can be exploited by an attacker to obtain potentially sensitive information they normally would not be able to access directly.

The attacker needs to have access to the targeted system and they must be able to execute arbitrary code. But the researches think that the attack requirements are realistic.

The BranchScope attack has been demonstrated on devices with three types of Intel i5 and i7 CPUs based on Skylake, Haswell and Sandy Bridge microarchitectures.

[...]

[...]

Intel has commented on the findings saying it had been working with these researchers and we have determined the method they describe is similar to previously known side channel exploits.

"We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers."

Ars Technica: As predicted, more branch prediction processor attacks are discovered

Researchers from the College of William and Mary, Carnegie Mellon, the University of California Riverside, and Binghamton University have described a security attack that uses the speculative execution features of modern processors to leak sensitive information and undermine the security boundaries that operating systems and software erect to protect important data.

That probably sounds familiar.

The Spectre attacks, published earlier this year, take advantage of the speculative execution features of modern processors to leak sensitive information. The new attack, named BranchScope by the researchers, shares some similarity with variant 2 of the Spectre attack, as both BranchScope and Spectre 2 take advantage of the behavior of the processor's branch predictor.

[...]

Hopefully Intel is correct that previous mitigations against attacks will be effective.
 
Beta News: Meltdown patches from Microsoft made Windows 7 and Windows Server 2008 less secure

If you're running Windows 7 and you've not yet installed the March updates, now is very much the time to do so. It turns out that the Meltdown patches released in January and February actually opened up a security hole in both Windows 7 and Windows Server 2008 R2.

A Swedish security researcher found that the patches changed access permissions for kernel memory, making it possible for anyone to read from and write to user processes, gain admin rights and modify data in memory.

Writing on his blog, Ulf Frisk says that Microsoft's January and February patches "stopped Meltdown but opened up a vulnerability way worse." He goes on to say: "It allowed any process to read the complete memory contents at gigabytes per second, oh -- it was possible to write to arbitrary memory as well."

What is particularly worrying about the new security issue introduced by the supposed patches is that there was no need to take advantage of complicated exploits; data was simply there for read and write access.

[...]

Reference: Total Meltdown?

[...]

Is my system vulnerable?

Only Windows 7 x64 systems patched with the 2018-01 or 2018-02 patches are vulnerable. If your system isn't patched since December 2017 or if it's patched with the 2018-03 patches or later it will be secure.

Other Windows versions - such as Windows 10 or 8.1 are completely secure with regards to this issue and have never been affected by it.

Other

I discovered this vulnerability just after it had been patched in the 2018-03 Patch Tuesday. I have not been able to correlate the vulnerability to known CVEs or other known issues.

Summary: Keep your system updated. :)
 
Last edited:
Hexus: Intel CPU 'BranchScope' vulnerabilities detailed

[...]

Intel's statement regarding BranchScope, released to Security Week, says that the firm has been working with the researchers. Importantly Intel added that "We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper." However, one of the lead researchers says that Intel's existing microcode updates might only fix the BTB vector, which means BranchScope attacks could still be possible.
 
Microsoft has pushed KB4100480, an out-of-band security update, for Windows 7 x64 and Windows Server 2008 x64 to resolve the vulnerabilities created by the January Meltdown update.

GHacks: KB4100480 out-of-band security update for Windows 7 and Server 2008 R2

[...]

The update patches a security issue discovered earlier this month by security researcher Ulf Frisk who documented it on a GitHub page. The researcher discovered that Microsoft's Meltdown patch, CVE-2017-5754, released on the January 2018 Microsoft patch day, changed the user/supervisor permission bit to user which made the page tables "available to user mode code in every process" whereas they should only be accessible by the kernel on Windows machines.

The support page for KB4100480 lists all updates that Microsoft released that caused the issue on systems running 64-bit versions of Windows 7 or Windows Server 2008 R2. Basically, any update released on January 3, 2018 or later is affected.

[...]

Microsoft: Windows kernel update for CVE-2018-1038
 
Tech Radar: Intel won’t patch some of its older processors against Meltdown and Spectre

[...]

As the Register reports, the processors which won’t be getting a patch include chips in the Bloomfield, Clarksfield, Gulftown, Harpertown Xeon C0 and E0, Jasper Forest, Penryn, SoFIA 3GR, Wolfdale and Yorkfield families (and Xeon variants).

That means CPUs which run the gamut across Core, Xeon, Pentium, Celeron and Atom chips. For example, the Bloomfield processors in question are high-end first-generation models: the Intel Core Processor Extreme Edition i7-975 and i7-965, and Core i7-920, 930, 940, 950, 960 (alongside Xeon offerings).

There are over 230 affected CPUs in total.

[...]

Intel has a number of excuses for changing its mind and limiting the release of microcode updates for older CPUs. One reason is a lack of interest by motherboard manufacturers or the likes of Dell, Acer, etc. Do they really want to push BIOS updates for old CPUs? Of course not. That said, Intel could push the microcode update as they have already been doing for Skylake, Coffee Lake, etc through as a Windows update. Not really sure why Microsoft won't but likely just so they don't get stuck with blame if issues arise. In the end, the biggest reason is likely all about money. Intel, Dell, etc, want people to buy new systems with new CPUs.

Download link for PDF for the updated Intel Microcode update plans: https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

ExtremeTech: Intel Won’t Patch Older CPUs to Resolve Spectre Flaws
PC World: Intel finishes Spectre patching, some older CPUs won't receive planned updates
Digital Trends: Intel decides not to patch Spectre vulnerability for older processors
 
Last edited:
Time again for Patch Tuesday. Some AMD owners running Windows 10 1709 get some attention: KB4093112

April 10, 2018—KB4093112 (OS Build 16299.371)

[...]
  • Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context (See AMD Architecture Guidelines around Indirect Branch Control and AMD Security Updates for more details). Follow instructions outlined in KB4073119 for Windows Client (IT Pro) guidance to enable usage of IBPB withinsome AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.
[...]

Edit: This really isn't a concern for normal users.
 
Last edited:
Fudzilla: Intel faces another CPU bug

Intel has fixed a hole in the configuration of several CPU series that allow an attacker to alter the behaviour of the chip's SPI Flash memory.

Intel deployed fixes for this vulnerability (CVE-2017-5703) on April 3. The chipset maker says the following CPU series utilize unsafe opcodes that allow local attackers to take advantage of this security bug:

Code:
8th generation Intel Core Processors
7th generation Intel Core Processors
6th generation Intel Core Processors
5th generation Intel Core Processors
Intel Pentium and Celeron Processor N3520, N2920, and N28XX
Intel Atom Processor x7-Z8XXX, x5-8XXX Processor Family
Intel Pentium Processor J3710 and N37XX
Intel Celeron Processor J3XXX
Intel Atom x5-E8000 Processor
Intel Pentium Processor J4205 and N4200
Intel Celeron Processor J3455, J3355, N3350, and N3450
Intel Atom Processor x7-E39XX Processor
Intel Xeon Scalable Processors
Intel Xeon Processor E3 v6 Family
Intel Xeon Processor E3 v5 Family
Intel Xeon Processor E7 v4 Family
Intel Xeon Processor E7 v3 Family
Intel Xeon Processor E7 v2 Family
Intel Xeon Phi Processor x200
Intel Xeon Processor D Family
Intel Atom Processor C Series

The bug has received a severity score of 7.9 out of 10 on the CVSSv3 scale. Intel said it discovered the bug all by itself and it didn't need any hackers to point out the error of its ways. That might explain why it was kept secret for so long.
 
ASUS is beginning to roll out new BIOS updates: 3801. Among other changes the microcode has been updated.

Version 3801 2018/04/20

Improved system performance.
Updated Intel CPU microcode.
Improved DRAM compatibility.

The Maximus VIII Extreme has received it.
 
Last edited:
Back
Top