Author

Topic: [2018-01-04] The password theft bugs at the heart of Intel CPUs. AMD, ARM also. (Read 131 times)

legendary
Activity: 1918
Merit: 1012
★Nitrogensports.eu★
It would be interesting to see if there are any live exploits which could be documented. Right now, Intel's defence seems to be that it is very difficult to exploit this loophole and they will eventually fix it. If it results in old machines getting slowed down, Intel really doesn't care.
If this is exploited at an enterprise level (say at an exchange), the results could be disastrous.
legendary
Activity: 1232
Merit: 1091
I have seen it today on TV. Funny thing is that they point out that we all could potentially be a victim here, but it may very well be that we have been a victim of this for years already. People try their best to keep everything software related up to date, etc, but this basically shows that it isn't even enough for regular internet users. Also, these security holes are likely left there for authorities to be able to gain access to each and every device containing these chips, which meand billions and billions of devices. After this I am sure that we'll see something else pop up, like for example that RAM memory of a certain brand contains a similar security hole....
full member
Activity: 308
Merit: 110
God save our private keys and passwords...

On Tuesday, we warned that a blueprint blunder in Intel's CPUs could allow applications, malware, and JavaScript running in web browsers, to obtain information they should not be allowed to access: the contents of the operating system kernel's private memory areas. These zones often contain files cached from disk, a view onto the machine's entire physical memory, and other secrets. This should be invisible to normal programs.

Thanks to Intel's cockup – now codenamed Meltdown – that data is potentially accessible, meaning bad websites and malware can attempt to rifle through the computer's memory looking for credentials, RNG seeds, personal information, and more.

On a shared system, such as a public cloud server, it is possible, depending on the configuration, for software in a guest virtual machine to drill down into the host machine's physical memory and steal data from other customers' virtual machines. See below for details on Xen and VMware hypervisor updates.

Intel is not the only one affected. Arm and AMD processors are as well – to varying degrees. AMD insisted there is a "near-zero" risk its chips can be attacked in some scenarios, but its CPUs are vulnerable in others. The chip designer has put up a basic page that attempts to play down the impact of the bugs on its hardware.

Arm has produced a list of its affected cores, which are typically found in smartphones, tablets and similar handheld gadgets. That list also links to workaround patches for Linux-based systems. Nothing useful from Intel so far.

http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
Jump to: