Overclock.net - An Overclocking Community

Overclock.net - An Overclocking Community (https://www.overclock.net/forum/)
-   Hardware News (https://www.overclock.net/forum/225-hardware-news/)
-   -   [TH] New AMD Side Channel Attacks Discovered, Impacts Zen Architecture (https://www.overclock.net/forum/225-hardware-news/1743498-th-new-amd-side-channel-attacks-discovered-impacts-zen-architecture.html)

WannaBeOCer 03-09-2020 09:10 AM

Quote:

Originally Posted by miklkit (Post 28360700)
Quote:

Originally Posted by Cidious (Post 28360500)
Intel microcode updates with Intel smooth? don't make me laugh... nerfing the **** out the performance with those updates is smooth today? ok. New standards...


Ya, those intel fixes nerfed my all AMD rig too.Frame rates in the same games went from 60 to 20 to 40 to 15 to 90 while all that was going on.It was about as smooth as the Himalayas.

Performance has gone up with later microcode updates. To address the large performance hit with the meltdown patches. I update my own using UBU since motherboard manufacturers are slow. Currently DA is the latest for CoffeeLake.

All CPUs affected by Spectre v1 were hit with some sort of performance penalty.

Liranan 03-09-2020 10:30 AM

Quote:

Originally Posted by KyadCK (Post 28360504)
Because Intel doesn't want AMD to feel left out of the news.



Depends I suppose.

Do you;
  • Run VMs that others can access on your server?
  • Allow others on the network that have local admin on their PCs access to your server?
  • Disable your firewall on the server?
  • Go to a significant number of websites on your server?

Code has to run on the box, somehow. For most people that means injecting the code into a website or ad provider, the #1 way to get a PC to run foreign code, which is why the example is JavaScript. If you do not go to websites and your firewall is set up properly, then they will need a different attack vector, such as through whatever applications you are hosting.

I would expect if this is just a Linux file server or something, that it would be quite hard to get it to run code for this, even more so if you are not an active target and your external firewall does not allow access to the server (aka, no port forwarding).



JavaScript is not Java, but yes, JavaScript has also always been a vulnerability point.

I am not worried about my own file server as it runs Linux (fully updated Mint 18.3) and Plex in a VM (the VM is several years old).

I am worried about this exploit being used to hack mainframes and critical servers through an infected client. My home server is everything but critical and not what I'm talking about.

Bossie 03-09-2020 11:41 AM

If you dig hard enough,you will just get more dirt..

That's just how the world works.What's your backs...someone might stab you one day.Why? Because somewhere along the line you hurt him.
Yes ...to be a fanboy is kind of stupid.Yes we all have our favorite brands..
But if a product of company A is better than company B...just give A the credit it deserve.A place in the sun,even if it's only for a day...

Greetings
N.S. Be anti-fanboy...

umeng2002 03-09-2020 11:56 AM

So this is an exploit that requires another exploit to work?

Schmuckley 03-09-2020 11:58 AM

Quote:

Originally Posted by umeng2002 (Post 28360896)
So this is an exploit that requires another exploit to work?

If they can get Admin access to your machine...

Seriously, at that point, what can't be done?


They have to get you to go to a loaded website and run the javascript...

A lot of people don't use NoScript, so theoretically it could happen...

WannaBeOCer 03-09-2020 12:49 PM

Interesting, the article was updated and AMD believes they've already mitigated it.

Quote:

AMD responded for our request for more information and says there are no new mitigations required, as this issue is covered by the existing side channel attack mitigations.

The researchers do not agree, stating that this vulnerability is still active. Until the two sides agree it isn't possible to ascertain which viewpoint is more accurate. We'll update as necessary and keep an eye out for a CVE.

KyadCK 03-09-2020 01:46 PM

Quote:

Originally Posted by Liranan (Post 28360780)
I am not worried about my own file server as it runs Linux (fully updated Mint 18.3) and Plex in a VM (the VM is several years old).

I am worried about this exploit being used to hack mainframes and critical servers through an infected client. My home server is everything but critical and not what I'm talking about.

Well, again, for this to happen the computer needs to run the infected code, which means the code needs to get on the box somehow. The same principles apply whether its your file server of a mainframe.

If your desktop is infected and they managed to get access to an account that can connect to, copy to, and run whatever they copy on the server, then in theory yes. Like Spectre, this can "break out" of user limits. This is no different from any other security issue that can bypass admin requirements on a box.

Run updates when available and figure out the actual risk; in this case it would be pretty small, as the main target for this is VM hosting datacenters.

Quote:

Originally Posted by Schmuckley (Post 28360898)
If they can get Admin access to your machine...

Seriously, at that point, what can't be done?


They have to get you to go to a loaded website and run the javascript...

A lot of people don't use NoScript, so theoretically it could happen...

If you 24/7 an account with admin access, then whatever code that runs in a browser and is not caught by AV is in admin mode by default.

Yes NoScript would help prevent it by closing the main avenue of attack, yes the average user is not likely to be a target in the first place.

That said, they do not need admin for this attack to work. If you are not going to even read what the risk is or how it works, you should probably not spread propaganda.

Schmuckley 03-09-2020 05:04 PM

Quote:

Originally Posted by WannaBeOCer (Post 28360948)
Interesting, the article was updated and AMD believes they've already mitigated it.


Sounds like the "researchers" are fulla bull.

Schmuckley 03-09-2020 05:06 PM

Quote:

Originally Posted by KyadCK (Post 28360990)
Well, again, for this to happen the computer needs to run the infected code, which means the code needs to get on the box somehow. The same principles apply whether its your file server of a mainframe.

If your desktop is infected and they managed to get access to an account that can connect to, copy to, and run whatever they copy on the server, then in theory yes. Like Spectre, this can "break out" of user limits. This is no different from any other security issue that can bypass admin requirements on a box.

Run updates when available and figure out the actual risk; in this case it would be pretty small, as the main target for this is VM hosting datacenters.



If you 24/7 an account with admin access, then whatever code that runs in a browser and is not caught by AV is in admin mode by default.

Yes NoScript would help prevent it by closing the main avenue of attack, yes the average user is not likely to be a target in the first place.

That said, they do not need admin for this attack to work. If you are not going to even read what the risk is or how it works, you should probably not spread propaganda.

They do need one to let the javascript run though. The only propaganda being spread is by those alleged "researchers".

WannaBeOCer 03-09-2020 05:10 PM

Quote:

Originally Posted by Schmuckley (Post 28361234)
Sounds like the "researchers" are fulla bull.

I doubt it, these are the same researchers who identified Spectre, Meltdown, and Zombieload.

They already stated it's not severe:
https://mobile.twitter.com/lavados/s...ks%2F153516%2F


All times are GMT -7. The time now is 02:15 AM.

Powered by vBulletin® Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
vBulletin Security provided by vBSecurity (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.

vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.