Intel has revealed 77 new chip vulnerabilities, one of which has a notable impact

WYP · Nov 12, 2019

Intel's JCC erratum bug is said to have a performance impact of 0-4% excluding outliers.

Read more about Intel's reveal of 77 new vulnerabilities.

Dark NighT · Nov 12, 2019

So glad i ditched my intel right now.

Dicehunter · Nov 12, 2019

Holy crap XD

I'm hoping updates that hurt performance are optional, Not too worried about a world class hacker targeting me.

FTLN · Nov 12, 2019

Dicehunter said:
Holy crap XD

I'm hoping updates that hurt performance are optional, Not too worried about a world class hacker targeting me.

Spectre & Meltdown can be disabled via registry very easily : https://support.microsoft.com/en-us...ive-execution-side-channel-vulnerabilities-in and also with 3rd part app here https://www.grc.com/inspectre.htm

m2geek · Nov 13, 2019

Dark NighT said:
So glad i ditched my intel right now.

Haha same!

Don't fail me now Ryzen 3600x

Bagpuss · Nov 13, 2019

Dark NighT said:
So glad i ditched my intel right now.

Ridiculous.

The chances of the average home user EVER being affected by any of these 'vulnerabilities' is between zero & never.

You'd better to worry about being struck by lightning every time you left your house.

Dark NighT · Nov 13, 2019

Bagpuss said:
Ridiculous.

The chances of the average home user EVER being affected by any of these 'vulnerabilities' is between zero & never.

You'd better to worry about being struck by lightning every time you left your house.

I know this, i know it is a very very small chance to get hit, but you cannot deny that this sort of thing is bad, and what is worse about it, Intel keeps delivering "new" processors still on the same node, still without mitigations and this security nonsense has been going on for a while, yet they still sit on their 14nm security fail processors.

These mitigation patches cost performance, not everyone will know how to disable them, but for those that do notice performance drops after an update and not know anything about it, made their pc less good, and yet Intel still keeps selling their cpu's like it's nothing, that is why im glad that i moved over so i don't have to deal with Intel's nonsense myself.

WYP · Nov 13, 2019

Bagpuss said:
Ridiculous.

The chances of the average home user EVER being affected by any of these 'vulnerabilities' is between zero & never.

You'd better to worry about being struck by lightning every time you left your house.

But the reason why this will never happen is because PCs are having mitigations applied to them. As such, a herd immunity is being created and exploits that use these security holes will have little chance of taking hold across a large number of PCs.

Think of it like vaccination. Sure, it's fine for individuals to not get vaccinated, but if enough people don't do it society is basically waiting for a disease to take hold and spead to the vulnerable.

Leaving vulnerabilities on the table is begging for somebody to exploit them eventually. Wannacry comes to mind.

Avet · Nov 13, 2019

So... We are seeing patches now. But these flaws exist for 5-6 years. The assumption that someone hasn't been using them all this time...

Edit: Everyone is talking now. But... Let's say some hacker, or group found these exploits, or the worst one a year after the release of CPUs. They could have hacked The World without anyone even knowing. That would be quite literally The Skeleton Key.

demonking · Nov 13, 2019

Companies should be fined heavily when these exploits are exposed on hardware that has been in the wild for years. Every other industry would, Imagine your work had not been complying with HS regulations for the last 5 years and then they were exposed or a car manufacturer had been selling a product that was not safe (at the end of the day this is all under the safety arm). They would drowning in fines and poor press. Perhaps then Intel ect will act on these sooner and spend more time on developing secure products before they release. with all these security updates going back as far as spectre, I wonder how much performance users of previous generations have lost. The feeling that they could have been mis-sold a product due to these is very real and some may be forced to upgrade due to this.

Kleptobot · Nov 14, 2019

demonking said:
Companies should be fined heavily when these exploits are exposed on hardware that has been in the wild for years. Every other industry would, Imagine your work had not been complying with HS regulations for the last 5 years and then they were exposed or a car manufacturer had been selling a product that was not safe (at the end of the day this is all under the safety arm). They would drowning in fines and poor press. Perhaps then Intel ect will act on these sooner and spend more time on developing secure products before they release. with all these security updates going back as far as spectre, I wonder how much performance users of previous generations have lost. The feeling that they could have been mis-sold a product due to these is very real and some may be forced to upgrade due to this.

They are not valid comparisons. There are no regulations on how resistant to side channel exploitation a processor must be, nor would it be reasonable to create any.

Warchild · Nov 14, 2019

demonking said:
Companies should be fined heavily when these exploits are exposed on hardware that has been in the wild for years. Every other industry would, Imagine your work had not been complying with HS regulations for the last 5 years and then they were exposed or a car manufacturer had been selling a product that was not safe (at the end of the day this is all under the safety arm). They would drowning in fines and poor press. Perhaps then Intel ect will act on these sooner and spend more time on developing secure products before they release. with all these security updates going back as far as spectre, I wonder how much performance users of previous generations have lost. The feeling that they could have been mis-sold a product due to these is very real and some may be forced to upgrade due to this.

Incredibly illogical to put 100% of blame on the Company. Companies can have the best security experts in the world at any given time, but then if that one genius hacker came along and was able to hack anything they wanted, that would bankrupt the world by your methods.
You have to give them the benefit of the doubt that they were not aware of these exploits.

grec · Nov 14, 2019

What demonking says makes a lot of sense from an abstract societal perspective but I think massively underestimates the complexity of a CPU. It takes over 30,000 people and half a decade to design a modern x86 CPU, and the end result is a network beyond the complexity of the whole Earths road systems. This means security vulnerabilities are essentially mathematically inevitable in any modern CPU, and no matter how much money you throw at attempting to fix, find or avoid them, you'll never be able to find them all. It's abit like trying to design a whole city from scratch, with no sharp edges that someone could crack their head on anywhere within it, under a strict deadline.

The saving grace is that this level of complexity means that hopefully, no one else will either, or at least when they do it becomes public very quickly, or that it's a friendly government or a respected security company who finds them.

Intel has revealed 77 new chip vulnerabilities, one of which has a notable impact

WYP

News Guru

Dark NighT

New member

Dicehunter

Resident Newb

FTLN

Active member

m2geek

Member

Bagpuss

New member

Dark NighT

New member

WYP

News Guru

Avet

Active member

demonking

New member

Kleptobot

Member

Warchild

Active member

grec

New member

Similar threads