[arXiv] New Intel security flaw just published aka FALLOUT - Page 3 - Overclock.net - An Overclocking Community

Forum Jump: 

[arXiv] New Intel security flaw just published aka FALLOUT

Reply
 
Thread Tools
post #21 of 48 (permalink) Old 06-01-2019, 04:45 PM
Iconoclast
 
Blameless's Avatar
 
Join Date: Feb 2008
Posts: 30,080
Rep: 3134 (Unique: 1869)
Quote: Originally Posted by Shawnb99 View Post
And what are the chances I'll ever see this exploit used against me?
Impossible to predict.

Quote: Originally Posted by Shawnb99 View Post
Has any Intel exploit been used in the wild against a person and not a corporation if one has been used at all?
We don't know.

The proofs of concept are real, but most side channel attacks wouldn't be detectable, so even if they are being used in the wild today, it could be some time before there is any evidence of this.

Quote: Originally Posted by Pinnacle Fit View Post
Should I turn off SMT on my 9900k?
Probably not.

...rightful liberty is unobstructed action according to our will within limits drawn around us by the equal rights of others. I do not add 'within the limits of the law,' because law is often but the tyrant's will, and always so when it violates the right of an individual. -- Thomas Jefferson
Blameless is offline  
Sponsored Links
Advertisement
 
post #22 of 48 (permalink) Old 06-01-2019, 04:49 PM
New to Overclock.net
 
Pinnacle Fit's Avatar
 
Join Date: Mar 2015
Posts: 998
Rep: 23 (Unique: 17)
Without delving into some twisted sense of schadenfraude, maybe this could be a catalyst for us finally getting ECC memory without being forced to get server grade chips?

ECC memory would mitigate mds attacks right?


Sent from my iPhone using Tapatalk

i9-9900k OC to 5.0GHZ @ 1.285V Delidded/Direct Die Cooled
Gigabyte Z390 Aorus Master
GTX 1080Ti FE
Lian Li O11 Dynamic, white

Pinnacle Fit is offline  
post #23 of 48 (permalink) Old 06-01-2019, 07:22 PM
New to Overclock.net
 
Liranan's Avatar
 
Join Date: Nov 2010
Location: Soviet China... Oh wait..
Posts: 8,559
Rep: 606 (Unique: 291)
Quote: Originally Posted by Pinnacle Fit View Post
Without delving into some twisted sense of schadenfraude, maybe this could be a catalyst for us finally getting ECC memory without being forced to get server grade chips?

ECC memory would mitigate mds attacks right?


Sent from my iPhone using Tapatalk
ECC has nothing to do with these backdoors/flaws/bugs, ECC checks wehther a bit has been flipped and corrects it but doesn't mitigate or solve any of these problems.

Quote:
Quote:
Originally Posted by faraz1729 go_quote.gif
Haha, Liranan, you creep.

Tacitus - The more corrupt the state, the more numerous the laws

Only when the last tree has died and the last river been poisoned and the last fish been caught will we realise we cannot eat money. - Cree Indian Proverb
Liranan is offline  
Sponsored Links
Advertisement
 
post #24 of 48 (permalink) Old 06-02-2019, 01:48 AM
New to Overclock.net
 
Malinkadink's Avatar
 
Join Date: Jul 2014
Posts: 2,969
Rep: 107 (Unique: 83)
Quote: Originally Posted by SoloCamo View Post
But your ugly avatar isn't annoying? Okkkkkkk.
For real that stupid momo meme thing.

Malinkadink is offline  
post #25 of 48 (permalink) Old 06-02-2019, 06:27 AM
Not a linux lobbyist
 
rluker5's Avatar
 
Join Date: Feb 2014
Location: Wisconsin
Posts: 1,611
Rep: 43 (Unique: 34)
Quote: Originally Posted by Blameless View Post
Impossible to predict.



We don't know.

The proofs of concept are real, but most side channel attacks wouldn't be detectable, so even if they are being used in the wild today, it could be some time before there is any evidence of this.



Probably not.
You still need a malicious program running on the computer as much as with other malware, from what I am hearing from the sources. So detectable.

L5
(18 items)
Lea2
(11 items)
L7
(11 items)
CPU
5950hq
Motherboard
z97 Classified
GPU
Aorus 1080ti Waterforce
RAM
16 G Gskill Trident @ 2400,cas10,1.575v
RAM
16 G Team Extreme @ 2400,cas10,1.575v
Hard Drive
2xSamsung 840 EVO 250G
Hard Drive
seagate barracuda 3T
Hard Drive
Optane 900p 480G OS
Optical Drive
Asus BW-16D1HT
Power Supply
EVGA Supernova 1300 G2
Cooling
Cooler Master MasterLiquid Pro 120 (cpu)
Cooling
2 140mm case fans, 2 120mm
Case
Fractal Design R4 (no window)
Operating System
W10 64 pro
Monitor
panasonic TC-58AX800U
Audio
Focal Elear
Audio
SoundbasterX AE-5
Other
Megatron
CPU
4770k
Motherboard
Asus Z87 Deluxe
GPU
Fury Nitro
RAM
8Gb patriot 1600mhz
Hard Drive
ROG Raidr 240Gb pcie
Hard Drive
1Tb WD blue
Power Supply
Pc Power&Cooling silencer Mk2 950w
Cooling
Deepcool Lucifer V2
Case
DIYPC P48-W
Operating System
W10 64 pro
Monitor
40"tv
CPU
4980hq
Motherboard
Asus H81T/CSM
RAM
16GB 1600 generic
Hard Drive
Samsung 850 evo 120gb
Power Supply
Skyvast 90w brick for hp pavilion something
Cooling
SilverStone Tek Super Slim
Case
SilverStone Tek PT13B
Operating System
W10 64 pro
Monitor
50" samsung plasma 720p
Keyboard
Logitech K400+
Other
Intel wifi ac card and noname antennas
▲ hide details ▲
rluker5 is online now  
post #26 of 48 (permalink) Old 06-02-2019, 06:30 AM
Not a linux lobbyist
 
rluker5's Avatar
 
Join Date: Feb 2014
Location: Wisconsin
Posts: 1,611
Rep: 43 (Unique: 34)
Quote: Originally Posted by Imouto View Post
If you didn't patch it and you're using a stock browser, the moment anyone want to put it in any website since it works even from JavaScript. Disabling JavaScript breaks a lot of sites and taking all the measures against these attacks makes your Intel CPU slower.
Are you sure? I thought that java was just Meltdown.

Edit: I thought all browsers reduced their timing precision to eliminate this risk.

L5
(18 items)
Lea2
(11 items)
L7
(11 items)
CPU
5950hq
Motherboard
z97 Classified
GPU
Aorus 1080ti Waterforce
RAM
16 G Gskill Trident @ 2400,cas10,1.575v
RAM
16 G Team Extreme @ 2400,cas10,1.575v
Hard Drive
2xSamsung 840 EVO 250G
Hard Drive
seagate barracuda 3T
Hard Drive
Optane 900p 480G OS
Optical Drive
Asus BW-16D1HT
Power Supply
EVGA Supernova 1300 G2
Cooling
Cooler Master MasterLiquid Pro 120 (cpu)
Cooling
2 140mm case fans, 2 120mm
Case
Fractal Design R4 (no window)
Operating System
W10 64 pro
Monitor
panasonic TC-58AX800U
Audio
Focal Elear
Audio
SoundbasterX AE-5
Other
Megatron
CPU
4770k
Motherboard
Asus Z87 Deluxe
GPU
Fury Nitro
RAM
8Gb patriot 1600mhz
Hard Drive
ROG Raidr 240Gb pcie
Hard Drive
1Tb WD blue
Power Supply
Pc Power&Cooling silencer Mk2 950w
Cooling
Deepcool Lucifer V2
Case
DIYPC P48-W
Operating System
W10 64 pro
Monitor
40"tv
CPU
4980hq
Motherboard
Asus H81T/CSM
RAM
16GB 1600 generic
Hard Drive
Samsung 850 evo 120gb
Power Supply
Skyvast 90w brick for hp pavilion something
Cooling
SilverStone Tek Super Slim
Case
SilverStone Tek PT13B
Operating System
W10 64 pro
Monitor
50" samsung plasma 720p
Keyboard
Logitech K400+
Other
Intel wifi ac card and noname antennas
▲ hide details ▲

Last edited by rluker5; 06-02-2019 at 06:38 AM.
rluker5 is online now  
post #27 of 48 (permalink) Old 06-02-2019, 06:33 AM
New to Overclock.net
 
prjindigo's Avatar
 
Join Date: Mar 2011
Posts: 1,690
Rep: 152 (Unique: 89)
Quote: Originally Posted by Hwgeek View Post
We can't keep up with this, I lost count already ;-).

Here, this will help: intel = sloppy
prjindigo is offline  
post #28 of 48 (permalink) Old 06-02-2019, 07:57 AM
Iconoclast
 
Blameless's Avatar
 
Join Date: Feb 2008
Posts: 30,080
Rep: 3134 (Unique: 1869)
Quote: Originally Posted by rluker5 View Post
You still need a malicious program running on the computer as much as with other malware, from what I am hearing from the sources. So detectable.
The program doesn't need to remain resident and without detailed tracing/debugging, that almost no end-user is going to be running, is likely to remain invisible.

Being detectable in a laboratory setting is a far cry from being easily discoverable in the wild. There could be quite a significant period of time, at least in tech terms, between real-world malicious use, and having any public proof of it.

...rightful liberty is unobstructed action according to our will within limits drawn around us by the equal rights of others. I do not add 'within the limits of the law,' because law is often but the tyrant's will, and always so when it violates the right of an individual. -- Thomas Jefferson
Blameless is offline  
post #29 of 48 (permalink) Old 06-02-2019, 08:07 AM
New to Overclock.net
 
rdr09's Avatar
 
Join Date: Mar 2011
Location: From the US but lives in Africa
Posts: 18,047
Rep: 853 (Unique: 625)
Quote: Originally Posted by bfromcolo View Post
I keep asking myself the same question, I'm running a 5820K for my "main" system but have a couple 1700x systems and I could move to instead if I felt like this was a real issue. I really don't want to waste a weekend moving parts around assuming I will be safer, and my wife's business systems are all Intel. Everything I have read seems to indicate that something has to be running locally, which could be as simple a JAVA script from a web page. Which I assume means if you are going to have to allow something access and there are plenty of threats easier than this one if that happens. From what I have read there is no exploit in the wild, but how would you really know.

The total lack of responsibility on the part of First American Financial Corp, revealed this week is a bigger concern to me and for whatever reason getting a lot less press.
Well, now you are informed. If something happens and you chose not to heed their advise or take necessary action, then they can say . . . we told you so.

2nd AMD Build
(10 items)
CPU
2700
Motherboard
X470
GPU
290
RAM
3200 CL14
Hard Drive
1000
Power Supply
700
Case
212
Operating System
10/64
Monitor
40 1080
Keyboard
M100
▲ hide details ▲
rdr09 is offline  
post #30 of 48 (permalink) Old 06-02-2019, 09:10 AM
Not a linux lobbyist
 
rluker5's Avatar
 
Join Date: Feb 2014
Location: Wisconsin
Posts: 1,611
Rep: 43 (Unique: 34)
So, I'm going to go out on a limb and mention the existence of an option that isn't completely responsible. Removing spectre microcode mitigations via windows update.
I don't know if you can get them back without a clean reinstall, or a clean install of the next version. It works better than using inspectre for me.
Here is a quick comparison from this computer I'm typing on (L7 on my list) It has an 850 evo with rapid enabled, and is running 1809 with mitigations inherent to that version afaik.
My laptop running 1803 with the microcode update installed and a 970 evo without any rapid mode had a slightly higher performance gain in random with Crystal Diskmark by installing the optional update.

I'm not saying anyone should install this update: https://support.microsoft.com/en-us/...ctre-variant-2 your computer would be less secure by some unclear amount.
Just that you could.
Doing that in conjunction with getting the newest version of windows is more secure than sticking with an outdated version like I have been. I may fix that when I get time.

Edit: Here's from my 7700hq/970 evo laptop: the laptop one says so on the bottom.
Attached Thumbnails
Click image for larger version

Name:	cdm.jpg
Views:	12
Size:	270.7 KB
ID:	272732  

Click image for larger version

Name:	cdmm.jpg
Views:	10
Size:	148.6 KB
ID:	272734  


L5
(18 items)
Lea2
(11 items)
L7
(11 items)
CPU
5950hq
Motherboard
z97 Classified
GPU
Aorus 1080ti Waterforce
RAM
16 G Gskill Trident @ 2400,cas10,1.575v
RAM
16 G Team Extreme @ 2400,cas10,1.575v
Hard Drive
2xSamsung 840 EVO 250G
Hard Drive
seagate barracuda 3T
Hard Drive
Optane 900p 480G OS
Optical Drive
Asus BW-16D1HT
Power Supply
EVGA Supernova 1300 G2
Cooling
Cooler Master MasterLiquid Pro 120 (cpu)
Cooling
2 140mm case fans, 2 120mm
Case
Fractal Design R4 (no window)
Operating System
W10 64 pro
Monitor
panasonic TC-58AX800U
Audio
Focal Elear
Audio
SoundbasterX AE-5
Other
Megatron
CPU
4770k
Motherboard
Asus Z87 Deluxe
GPU
Fury Nitro
RAM
8Gb patriot 1600mhz
Hard Drive
ROG Raidr 240Gb pcie
Hard Drive
1Tb WD blue
Power Supply
Pc Power&Cooling silencer Mk2 950w
Cooling
Deepcool Lucifer V2
Case
DIYPC P48-W
Operating System
W10 64 pro
Monitor
40"tv
CPU
4980hq
Motherboard
Asus H81T/CSM
RAM
16GB 1600 generic
Hard Drive
Samsung 850 evo 120gb
Power Supply
Skyvast 90w brick for hp pavilion something
Cooling
SilverStone Tek Super Slim
Case
SilverStone Tek PT13B
Operating System
W10 64 pro
Monitor
50" samsung plasma 720p
Keyboard
Logitech K400+
Other
Intel wifi ac card and noname antennas
▲ hide details ▲

Last edited by rluker5; 06-02-2019 at 09:26 AM.
rluker5 is online now  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off