Meltdown & Spectre potpourri

Discussion in 'General Chat' started by DrinkLyeAndDie, Jan 4, 2018.

  1. RedFox 1

    RedFox 1 Super Moderator

    I cant believe you are not going to wait for the new Nvidia cards. Word around the water cooler is that NVIDIA is preparing to launch a couple of new graphics cards, the GeForce GTX 2080 and GeForce GTX 2070, during its GPU Technology Conference (GTC) next month. Thenew cards are said to be based on NVIDIA's upcoming 12-nanometer 'Ampere' architecture, ...
     
  2. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    ... and I foresee that supply will be limited, prices will be ridiculous, and crypto-miners will continue to rain on the parade making life suck for real people who need real video cards to do things like play games, edit video, etc. ******* sad when I have zero enthusiasm about what we'll see next in the evolution of graphics.
     
    whatever_gong82 likes this.
  3. RedFox 1

    RedFox 1 Super Moderator

    I know I can get one if they are released. But I might want to wait for the Ti model.Speculation suggests that when the GTX 2060 and GTX 2080cards do launch, they will be packing Samsung-built 16 Gbps or 18 Gbps GDDR6 RAM.
     
    Last edited: Mar 20, 2018
  4. gereral1

    gereral1 Well-Known Member

    I don't need a graphics card. My rx470 is fine for my needs. Does 4k fine and 1440p gaming and 1080p. I only play one game cs source but am heavy into video production
     
    RedFox 1 likes this.
  5. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    Fudzilla: CTS who? AMD brushes off chipset security bugs with firmware patches

    Summary: The flaws are real and do exist. The flaws will be fixed via firmware updates. AMD states that CTS Labs over-hyped things. CTS Labs did. AMD predictably throws out the "it's no big deal because administrative access is required in the first place" as if no one fails to follow best practices and/or a system is ever compromised which then allows an attacker administrative access.
     
    Last edited: Mar 21, 2018
  6. gereral1

    gereral1 Well-Known Member

    Anyone stupid enough to leave administration password nil or unrestricted access deserves this attack. Geez
     
  7. RedFox 1

    RedFox 1 Super Moderator

    I wouldnt say stupid, naive maybe but many people are not technologically adaptive.
     
    DrinkLyeAndDie likes this.
  8. BrianG61UK

    BrianG61UK Well-Known Member

    Never heard of privilege escalation vulnerabilities?

    Sent from my SM-N9005 using Tapatalk
     
    DrinkLyeAndDie likes this.
  9. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    Sorry, but you are doing the same thing AMD did. They intentionally are throwing out the "administrative access" defense to put blame elsewhere; deflecting, downplaying, and effectively blaming the end user. The flaws do exist. So in one breath they are saying, yes, the flaws exist and we'll fix them with firmware updates but, well, that's on you because you are an idiot and we don't really want to accept any blame. Nothing to see here. Move along now. Nice PR spin. And, remember, there are already lawsuits about Meltdown & Spectre. They don't want any more bad press.

    Attackers can compromise a system that doesn't follow best practices, and/or a system that isn't fully updated to protect against known vulnerabilities, and/or a system that has already been compromised using some other attack vector which is not known/patched where the administrative access is gained. Once they have the access then go for the vulnerabilities that CTS Labs found.

    I previously commented on my opinion of security experts and the downplaying of anything that requires administrative access. It's a deflection. In an ideal world that wouldn't be something anyone would have to worry about but: (1) not everyone is the most intelligent, (2) people don't always properly secure their systems, and (3) even if people do secure their systems there are new flaws being found that allow access. So, I consider the "administrative access" argument to be simply lame. It's ignoring the bigger issue that a flaw exists to begin with.
     
    Last edited: Mar 21, 2018
  10. gereral1

    gereral1 Well-Known Member

    Ok stupid was a harsh word as my aunt needs my help with many windows issues all the time. The point is you have to be physically in my home and in front of my pc to hack the bios or admin to be subject to this type of attack. You cannot do this is via a malware attachment or download from a malicious program. You must have physical access to the terminal from within the place it is housed and have admin privileges. Intel security flaws can be accessed anywhere. BIG difference
     
  11. gereral1

    gereral1 Well-Known Member

    I guess with a A root kit it may be possible. Once you gain access you can work your way to the kernel.
     
  12. Ch3vr0n

    Ch3vr0n Translator NL & Mod

    No, not with a rootkit. The exploits ARE the "rootkit". Hence the name EXPLOITS. They abuse design flaws to gain elevated priveleges on the system, to then do further acts
     
  13. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    Fudzilla: Intel chips have new side channel bug

    Ars Technica: As predicted, more branch prediction processor attacks are discovered

    Hopefully Intel is correct that previous mitigations against attacks will be effective.
     
    RedFox 1 likes this.
  14. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    Beta News: Meltdown patches from Microsoft made Windows 7 and Windows Server 2008 less secure

    Reference: Total Meltdown?

    Summary: Keep your system updated. :)
     
    Last edited: Mar 29, 2018
  15. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    Hexus: Intel CPU 'BranchScope' vulnerabilities detailed

     
  16. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    Microsoft has pushed KB4100480, an out-of-band security update, for Windows 7 x64 and Windows Server 2008 x64 to resolve the vulnerabilities created by the January Meltdown update.

    GHacks: KB4100480 out-of-band security update for Windows 7 and Server 2008 R2

    Microsoft: Windows kernel update for CVE-2018-1038
     
    whatever_gong82 and RedFox 1 like this.
  17. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    Tech Radar: Intel won’t patch some of its older processors against Meltdown and Spectre

    Intel has a number of excuses for changing its mind and limiting the release of microcode updates for older CPUs. One reason is a lack of interest by motherboard manufacturers or the likes of Dell, Acer, etc. Do they really want to push BIOS updates for old CPUs? Of course not. That said, Intel could push the microcode update as they have already been doing for Skylake, Coffee Lake, etc through as a Windows update. Not really sure why Microsoft won't but likely just so they don't get stuck with blame if issues arise. In the end, the biggest reason is likely all about money. Intel, Dell, etc, want people to buy new systems with new CPUs.

    Download link for PDF for the updated Intel Microcode update plans: https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

    ExtremeTech: Intel Won’t Patch Older CPUs to Resolve Spectre Flaws
    PC World: Intel finishes Spectre patching, some older CPUs won't receive planned updates
    Digital Trends: Intel decides not to patch Spectre vulnerability for older processors
     
    Last edited: Apr 4, 2018
  18. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    Time again for Patch Tuesday. Some AMD owners running Windows 10 1709 get some attention: KB4093112

    April 10, 2018—KB4093112 (OS Build 16299.371)

    Edit: This really isn't a concern for normal users.
     
    Last edited: Apr 10, 2018
  19. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    Fudzilla: Intel faces another CPU bug

    Code:
    8th generation Intel Core Processors
    7th generation Intel Core Processors
    6th generation Intel Core Processors
    5th generation Intel Core Processors
    Intel Pentium and Celeron Processor N3520, N2920, and N28XX
    Intel Atom Processor x7-Z8XXX, x5-8XXX Processor Family
    Intel Pentium Processor J3710 and N37XX
    Intel Celeron Processor J3XXX
    Intel Atom x5-E8000 Processor
    Intel Pentium Processor J4205 and N4200
    Intel Celeron Processor J3455, J3355, N3350, and N3450
    Intel Atom Processor x7-E39XX Processor
    Intel Xeon Scalable Processors
    Intel Xeon Processor E3 v6 Family
    Intel Xeon Processor E3 v5 Family
    Intel Xeon Processor E7 v4 Family
    Intel Xeon Processor E7 v3 Family
    Intel Xeon Processor E7 v2 Family
    Intel Xeon Phi Processor x200
    Intel Xeon Processor D Family
    Intel Atom Processor C Series
     
    whatever_gong82 likes this.
  20. DrinkLyeAndDie

    DrinkLyeAndDie Retired Moderator

    ASUS is beginning to roll out new BIOS updates: 3801. Among other changes the microcode has been updated.

    The Maximus VIII Extreme has received it.
     
    Last edited: Apr 23, 2018