[The Register] SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability - Page 5 - Overclock.net - An Overclocking Community

Forum Jump: 

[The Register] SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability

Reply
 
Thread Tools
post #41 of 55 (permalink) Old 03-10-2019, 11:09 AM
curmudgeon
 
miklkit's Avatar
 
Join Date: Apr 2013
Posts: 5,732
Rep: 305 (Unique: 176)
That "I'm small fry so they won't attack me." is just whistling past the grave yard. I'm small fry and have been attacked for years for my political views.



The russians hacked my online rig and used it on their DDOS attack on the French elections in the summer of 2016. I know because the French contacted me and we kept in touch. They told me along with anyone else who would listen where they traced the attack to. It is a certain building in russia. My computer was also used on DDOS attacks against VoteVets.org. VoteVets.org is the only veterans group banned from mr. trump's Twitter site and I am a member.


My only credit card has been hacked so often that for a while it was getting replaced twice a year. Once a $387 bill was run up at a walmart in Arkanas within minutes of me using that card to pay for a dinner of prime rib, lobster, and fine wine at a restaurant in California.



My cell phone account was getting attacked so often that the carrier locked it down so no one could alter it. I now have a dumb phone because of the constant hacks.


I have been interviewed by the IRS regarding hackers.



Don't think for a second that you are too small for them, and never ever play world of tanks.

IOKIYAR
Junkyard Dog
(18 items)
Blackie
(17 items)
CPU
AMD Ryzen 1700
Motherboard
Biostar X370 GT7
GPU
Sapphire Nitro+ Radeon Vega 64
RAM
G. Skill Ripjaws ddr4 3200 16 GB 4x4
Hard Drive
Samsung 850 EVO 500gb SSD
Hard Drive
Western Digital 500gb
Hard Drive
Samsung 860 evo 1tb ssd
Optical Drive
Memorex Lightscribe dvd
Power Supply
Seasonic 850 watt
Cooling
Thermalright Silver Arrow IB-E Extreme
Case
Silverstone Redline RL05
Operating System
Win 10 64bit
Monitor
Pixio 27" 1440P
Keyboard
yes
Mouse
Evoluent vertical mouse
Mouse
yes
Audio
Creative X-FI
Other
Sennheiser headphones HD 599
CPU
AMD FX8370 @ 5 ghz
Motherboard
ASUS Sabertooth
GPU
Sapphire Fury
RAM
G Skill F3-14900CL9Q-16GBXL
Hard Drive
Western Digital
Hard Drive
Samsung 850 EVO
Optical Drive
Memorex Lightscribe dvd
Power Supply
Seasonic SS-850KM Active PFC F3
Cooling
Thermalright Silver Arrow IB-E Extreme
Case
Silverstone Redline RL02b
Operating System
Win X 64 bit
Monitor
Pixio 27" 1440P
Keyboard
yes
Mouse
Evoluent VM4
Mouse
yes
Audio
Creative Soundblaster Z
Audio
Sennheiser 428 headphones
▲ hide details ▲
miklkit is offline  
Sponsored Links
Advertisement
 
post #42 of 55 (permalink) Old 03-10-2019, 12:04 PM
New to Overclock.net
 
rdr09's Avatar
 
Join Date: Mar 2011
Location: From the US but lives in Africa
Posts: 18,219
Rep: 858 (Unique: 627)
Quote: Originally Posted by miklkit View Post
That "I'm small fry so they won't attack me." is just whistling past the grave yard. I'm small fry and have been attacked for years for my political views.



The russians hacked my online rig and used it on their DDOS attack on the French elections in the summer of 2016. I know because the French contacted me and we kept in touch. They told me along with anyone else who would listen where they traced the attack to. It is a certain building in russia. My computer was also used on DDOS attacks against VoteVets.org. VoteVets.org is the only veterans group banned from mr. trump's Twitter site and I am a member.
My only credit card has been hacked so often that for a while it was getting replaced twice a year. Once a $387 bill was run up at a walmart in Arkanas within minutes of me using that card to pay for a dinner of prime rib, lobster, and fine wine at a restaurant in California.
My cell phone account was getting attacked so often that the carrier locked it down so no one could alter it. I now have a dumb phone because of the constant hacks.
I have been interviewed by the IRS regarding hackers.
Don't think for a second that you are too small for them, and never ever play world of tanks.
I have one intel rig that's still running but offline. Not because of gaming online but systems use for work. Got to protect the client data at all cost. Like Facebook. Ha!-

[email protected] 6 http://valid.canardpc.com/show_oc.php?id=2211392 4.6 @ 4 http://valid.canardpc.com/show_oc.php?id=2216580
5.0 @ 8 http://valid.canardpc.com/show_oc.php?id=2511322
2nd AMD Build
(10 items)
CPU
2700
Motherboard
X470
GPU
290
RAM
3200 CL14
Hard Drive
1000
Power Supply
700
Case
212
Operating System
10/64
Monitor
40 1080
Keyboard
M100
▲ hide details ▲
rdr09 is offline  
post #43 of 55 (permalink) Old 03-10-2019, 01:03 PM
New to Overclock.net
 
deepor's Avatar
 
Join Date: Feb 2013
Posts: 4,678
Rep: 470 (Unique: 317)
Quote: Originally Posted by Majin SSJ Eric View Post
Seems to me like all this stuff is still pretty "Much Ado About Nothing", at least for the average individual PC owner. Obviously data centers, businesses, etc will have a LOT to worry about when it comes to any sort of security vulnerabilities, but the reality of it is that the average user here on OCN is not bloody likely to be targeted by any hackers in the first place simply because we are just not that important to anyone. While its obvious that any security vulnerability like this is not good news, you have to remember that there are hundreds of millions of people in the world using Intel machines so the odds of anyone individually targeting YOU remains statistically insignificant, from a big-picture point of view.

[...]
Yeah, that's kind of my thinking as well about the danger at home, but I actually think there is basically no new risk from these exploits on a home PC that you just use privately. It's a very different situation for data center stuff like Amazon EC or Microsoft Azure where they rent virtual machines to random people, they have to worry a lot about someone attacking other people's VMs that are running in parallel on the same real machine.

But there is something big you are overlooking. There is a performance loss for your PC at home because of bug fixes about these exploits getting built into Windows and other software. I only saw good benchmarks about this for the Linux kernel, but the same should be happening with the Windows kernel. Here's those Linux benchmarks:

https://www.phoronix.com/scan.php?pa...meltdown&num=2

(that article has several pages)

The red bars in the graphs are the default setup of the latest version of the Linux kernel, and the blue bars are the same kernel but with the mitigations disabled. As you can see the performance hit is massive for anything that deals with transfers of data between drivers. On that page 2 I linked to, there's the disk transfer benchmark looking bad. On page three the network benchmark at the end is super ridiculous.

These performance losses shouldn't matter much for normal PC use and gaming. Maybe you'd lose a handful percent in fps at most? Those network and disk benchmarks earlier are doing one, ten or hundreds of thousands of accesses to the driver and hardware, but gaming is just about painting a hundred fps per second or so. Maybe for the graphics much of a frame's work can be collected into large batches of a single transfer instead of many small calls to the driver and hardware?

In any case, the problem is that you at home on your PC are sharing the same underlying kernel as what Amazon EC needs or Microsoft Azure needs.

In the Linux example, when using the stock setup of the kernel it seems your Intel CPU gets basically punted back by several generations of CPU improvements. That idea is annoying to think about. I don't need this at home.

The same should be happening on Windows, but how do you disable this on Windows? I don't think Microsoft would expose any options for this anywhere? They are probably thinking exposing this kind of stuff is a dumb idea because they would multiply what needs to be tested for quality assurance. I have a Linux installation where I have tried finding all parameters that can tweak this and disabled all of it. I could find four different options and two of them can be more than just on or off so it would be a lot of combinations if you'd have to do QA (Linux has no QA).

So, that's the thing I'm annoyed about whenever there's a new exploit. Each new exploit means an additional hit to your CPU's performance because some sort of work-around will get added to software.
deepor is offline  
Sponsored Links
Advertisement
 
post #44 of 55 (permalink) Old 03-10-2019, 01:53 PM
 
The Robot's Avatar
 
Join Date: Mar 2013
Posts: 2,235
Rep: 127 (Unique: 80)
Quote: Originally Posted by deepor View Post
The same should be happening on Windows, but how do you disable this on Windows?
There's an app which toggles a registry setting.
https://www.grc.com/inspectre.htm

I agree with Majin, for majority of home users there's nothing to fear, Windows updates, auto-updating browser and Defender already cover their bases even if there's no updated BIOS for their machine. For advanced users you can just disable the mitigations and use a non-mainstream browser such as Vivaldi so you won't get hit by zero-day stuff meant for Chrome or Firefox. Instead of a heavy and slow antivirus you can use a simple monitoring tool such as WinPatrol and run a scan with CureIt from time to time.
If you run a home server or doing political activism that's a whole different matter, of course.

Main
(17 items)
Nintendo DS
(8 items)
CPU
6700K
Motherboard
Gigabyte Z170X-Gaming 3
GPU
MSI GTX 1080 Gaming X
RAM
G.Skill Ripjaws V 16GB 3000
Hard Drive
Samsung 850 Evo 500GB
Hard Drive
WD Blue 3TB
Power Supply
EVGA 650 G2
Cooling
Noctua NH-D15S
Cooling
Nanoxia Deep Silence 140mm
Cooling
Nanoxia Deep Silence 120mm
Case
Corsair 400Q
Operating System
Windows 10 Enterprise
Monitor
ViewSonic XG2703-GS 1440p
Keyboard
Leopold FC750 (MX Brown)
Mouse
Logitech Performance Mouse MX
Audio
Mayflower Objective2 + ODAC Rev. B Combo
Audio
Audio-Technica ATH-A990Z
CPU
ARM946E-S 67.028 MHz
CPU
ARM7TDMI 33.514 MHz
RAM
4 MB
Hard Drive
256 kB
Power Supply
850 mAh
Operating System
DS OS
Monitor
3" 256×192 18-bit
Monitor
3" 256×192 18-bit
▲ hide details ▲

Last edited by The Robot; 03-10-2019 at 01:58 PM.
The Robot is offline  
post #45 of 55 (permalink) Old 03-10-2019, 01:56 PM
New to Overclock.net
 
deepor's Avatar
 
Join Date: Feb 2013
Posts: 4,678
Rep: 470 (Unique: 317)
Quote: Originally Posted by The Robot View Post
There's an app which toggles a registry setting.
https://www.grc.com/inspectre.htm
Thank you!
deepor is offline  
post #46 of 55 (permalink) Old 03-10-2019, 05:28 PM
MegaTechPC
 
Majin SSJ Eric's Avatar
 
Join Date: Apr 2011
Location: Saint Simons Island, GA
Posts: 19,208
Rep: 1092 (Unique: 517)
Quote: Originally Posted by miklkit View Post
That "I'm small fry so they won't attack me." is just whistling past the grave yard. I'm small fry and have been attacked for years for my political views.



The russians hacked my online rig and used it on their DDOS attack on the French elections in the summer of 2016. I know because the French contacted me and we kept in touch. They told me along with anyone else who would listen where they traced the attack to. It is a certain building in russia. My computer was also used on DDOS attacks against VoteVets.org. VoteVets.org is the only veterans group banned from mr. trump's Twitter site and I am a member.


My only credit card has been hacked so often that for a while it was getting replaced twice a year. Once a $387 bill was run up at a walmart in Arkanas within minutes of me using that card to pay for a dinner of prime rib, lobster, and fine wine at a restaurant in California.



My cell phone account was getting attacked so often that the carrier locked it down so no one could alter it. I now have a dumb phone because of the constant hacks.


I have been interviewed by the IRS regarding hackers.



Don't think for a second that you are too small for them, and never ever play world of tanks.
Hmmm, well that's all pretty interesting stuff, however, I would note that I was talking about the vast majority of PC users in my previous comment and it seems to me that you are quite a long ways off from the "Average" PC user. Clearly, had I been affected by attacks and shenanigans in the way you say you have been then my own personal view on these kinds of vulnerabilities may well be totally different, but I personally have never been targeted by anyone and I honestly don't do anything remotely interesting enough on my PC (or in my daily life) to really have much concern over the whole thing.

Identity theft was mentioned earlier as well and, while that is obviously a legitimate concern for anyone, the "Safety in numbers" argument I made in my post really does cover most people like me who do not stand out on any significant way (and besides, its not like you have to be a PC user, or in fact even OWN a PC to have your identity stolen since there are plenty of other ways people get their identities stolen such as mail theft, stolen credit card info at PoS locations, etc). All I am trying to say is that there are other, far more plausible ways in which I personally could have my identity stolen besides this SPOILER vulnerability baked into Intel CPU's.

What's more interesting to me is the PR aspect this news will undoubtedly have on Intel itself (especially in combination with the Meltdown and Spectre stuff from last year) as they are already in a tenuous position as it is in their never-ending battle with AMD, and it certainly doesn't help matters any that this seems to be a vulnerability that doesn't affect their biggest rival at all.


3DMark11 - P25138
3DMark Firestrike - P20998

Intel Core i7 4930K @ 4.7GHz | Asus Rampage IV Extreme | 2 x EVGA GTX Titan SC (1254MHz) | 16GB Patriot Viper Extreme DDR3 2133MHz (4 x 4GB) | Corsair AX1200 | Silverstone Temjin TJ11 | Corsair Force 3 240GB (System) | 2 x Intel 320 160GB SSD (Dedicated Gaming Drives) | Hitachi Deskstar 1TB (Data) | MS Windows 10 Pro | EK Supreme HF/FC-Titan/Rampage IV Extreme blocks | Hardware Labs GTX 560/240 rads | Alphacool VPP-655 D5 pump | Bitspower mod kit/pump top/fittings/120mm res


Majin SSJ Eric is offline  
post #47 of 55 (permalink) Old 03-12-2019, 10:09 AM
New to Overclock.net
 
Lee Patekar's Avatar
 
Join Date: Jul 2013
Location: Montreal
Posts: 382
Rep: 45 (Unique: 27)
Other than imaginary Russians is this news relevant to the average Joe? We already know the intel / windows platform is like Swiss cheese...
Lee Patekar is offline  
post #48 of 55 (permalink) Old 03-13-2019, 07:23 AM
 
The Robot's Avatar
 
Join Date: Mar 2013
Posts: 2,235
Rep: 127 (Unique: 80)
Meanwhile, Microsoft broke Windows again with it's half-arsed mitigations.
https://www.bleepingcomputer.com/new...ring-in-games/

Main
(17 items)
Nintendo DS
(8 items)
CPU
6700K
Motherboard
Gigabyte Z170X-Gaming 3
GPU
MSI GTX 1080 Gaming X
RAM
G.Skill Ripjaws V 16GB 3000
Hard Drive
Samsung 850 Evo 500GB
Hard Drive
WD Blue 3TB
Power Supply
EVGA 650 G2
Cooling
Noctua NH-D15S
Cooling
Nanoxia Deep Silence 140mm
Cooling
Nanoxia Deep Silence 120mm
Case
Corsair 400Q
Operating System
Windows 10 Enterprise
Monitor
ViewSonic XG2703-GS 1440p
Keyboard
Leopold FC750 (MX Brown)
Mouse
Logitech Performance Mouse MX
Audio
Mayflower Objective2 + ODAC Rev. B Combo
Audio
Audio-Technica ATH-A990Z
CPU
ARM946E-S 67.028 MHz
CPU
ARM7TDMI 33.514 MHz
RAM
4 MB
Hard Drive
256 kB
Power Supply
850 mAh
Operating System
DS OS
Monitor
3" 256×192 18-bit
Monitor
3" 256×192 18-bit
▲ hide details ▲
The Robot is offline  
post #49 of 55 (permalink) Old 03-13-2019, 08:03 AM
Not a linux lobbyist
 
rluker5's Avatar
 
Join Date: Feb 2014
Location: Wisconsin
Posts: 1,641
Rep: 43 (Unique: 34)
Quote: Originally Posted by The Robot View Post
Meanwhile, Microsoft broke Windows again with it's half-arsed mitigations.
https://www.bleepingcomputer.com/new...ring-in-games/
I thought that the retpoline mitigation was the efficient one. Maybe it doesn't work well with the inefficient one (microcode) they already have installed. And I get additional stuttering and loss of performance in some games with the microcode update as well (per msi AB), but maybe my cpus, or me, are sensitive to that. It would be nice if you could test the two mitigations seperately. Maybe there is a registry setting. I thought it was on or off, but that might have changed.

L5
(18 items)
Lea2
(11 items)
L7
(11 items)
CPU
5950hq
Motherboard
z97 Classified
GPU
Aorus 1080ti Waterforce
RAM
16 G Gskill Trident @ 2400,cas10,1.575v
RAM
16 G Team Extreme @ 2400,cas10,1.575v
Hard Drive
2xSamsung 840 EVO 250G
Hard Drive
seagate barracuda 3T
Hard Drive
Optane 900p 480G OS
Optical Drive
Asus BW-16D1HT
Power Supply
EVGA Supernova 1300 G2
Cooling
Cooler Master MasterLiquid Pro 120 (cpu)
Cooling
2 140mm case fans, 2 120mm
Case
Fractal Design R4 (no window)
Operating System
W10 64 pro
Monitor
panasonic TC-58AX800U
Audio
Focal Elear
Audio
SoundbasterX AE-5
Other
Megatron
CPU
4770k
Motherboard
Asus Z87 Deluxe
GPU
Fury Nitro
RAM
8Gb patriot 1600mhz
Hard Drive
ROG Raidr 240Gb pcie
Hard Drive
1Tb WD blue
Power Supply
Pc Power&Cooling silencer Mk2 950w
Cooling
Deepcool Lucifer V2
Case
DIYPC P48-W
Operating System
W10 64 pro
Monitor
40"tv
CPU
4980hq
Motherboard
Asus H81T/CSM
RAM
16GB 1600 generic
Hard Drive
Samsung 850 evo 120gb
Power Supply
Skyvast 90w brick for hp pavilion something
Cooling
SilverStone Tek Super Slim
Case
SilverStone Tek PT13B
Operating System
W10 64 pro
Monitor
50" samsung plasma 720p
Keyboard
Logitech K400+
Other
Intel wifi ac card and noname antennas
▲ hide details ▲
rluker5 is offline  
post #50 of 55 (permalink) Old 03-15-2019, 10:38 AM
New to Overclock.net
 
Vagrant Storm's Avatar
 
Join Date: Nov 2005
Location: Rochester, MN
Posts: 11,178
Rep: 415 (Unique: 371)
Do keep in mind that this requires a fairly substantial amount of code to be running on the target system. Once that is happening...rowhammer is probably the least of your worries.

MINNESOTA OVERCLOCKERS | The Climate Phenomenon
If it ain't broke...MAKE IT GO FASTER!!!devil.gif
Vagrant Storm is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off