Horrific Security Flaw Affects Decade of Intel Processors

An extremely severe security flaw has been found to affect nearly every Intel processor made in the past decade or more, giving any hackers who might know how to exploit it access to protected information systemwide. The Register reports that programmers are rushing to make the sweeping changes necessary to protect against the vulnerability on Linux and Windows operating systems, with such fixes required on macOS as well. Even worse, you can expect these vital updates to noticeably slow down your computer.

---snip---

the fix requires extremely deep and wide-reaching changes at the root levels of an operating system's software—changes that could impact performance of Intel machines by as much as 30 percent.

Horrific Security Flaw Affects Decade of Intel Processors

Ugh, 30% performance loss after update, brilliant! Bitcoin miners will be pleased too I imagine...

a reply to: MindBodySpiritComplex

Here's another source if anyone has trouble with the adblocker blocker from the OP's source.

www.pcgamer.com...

I work at a major financial institution. I wonder if they know about this yet?

And just like most other security exploits, nobody probably even knew about it until the Intel Team found it, and articles started popping up about it..........

Good thing my laptop doesn't have an Intel Processor

I had a few intel powered computers leading up to the year 2005, and I was pretty much done with them after that point. Couldn't pay me to own one anymore.

So glad that all processors I use are AMD and not Intel.

With the weather we've been having it's one of the few times in my life I've wished that I was on team red.

The massive amount of power and heat produced by those processors would have been a welcome perk in these cold dark winter nights.

If your PC is not connected to the internet, then there's no security issue here.

If your PC is connected to the internet, there' no perfect security possible anyway.

So, continue as you were.

Undetected for over a decade? Who believes that?

This is actually a really big deal.

This is going to affect GDP bigly. For no other reason than the slow down will not just be your PC, but lots and lots and lots of servers that host...well...everything.

"Accidental" back doors are nothing new in computerland. I'm sure they can fix it with software...

N.S.A. No Say Anything

Pretty good write up on the issue. Don't count on ARM being in the clear.

Kernel memory issues.

As far as speed

The impact of this will vary depending on the workload. Every time a program makes a call into the kernel—to read from disk, to send data to the network, to open a file, and so on—that call will be a little more expensive, since it will force the TLB to be flushed and the real kernel page table to be loaded. Programs that don't use the kernel much might see a hit of perhaps 2-3 percent—there's still some overhead because the kernel always has to run occasionally, to handle things like multitasking.

But workloads that call into the kernel a ton will see much greater performance drop off. In a benchmark, a program that does virtually nothing other than call into the kernel saw its performance drop by about 50 percent; in other words, each call into the kernel took twice as long with the patch than it did without. Benchmarks that use Linux's loopback networking also see a big hit, such as 17 percent in this Postgres benchmark

...

While Intel systems are the ones known to have the defect, they may not be the only ones affected. Some platforms, such as SPARC and IBM's S390, are immune to the problem, as their processor memory management doesn't need the split address space and shared kernel page tables; operating systems on those platforms have always isolated their kernel page tables from user mode ones.

But others, such as ARM, may not be so lucky; comparable patches for ARM Linux are under development.

arstechnica.com...

Realistically, how many people have EVER been affected by this? And how many will be? "Horriffic"? Really?

Wait wasnt this already mentioned in the Wikileaks files and now it turned out to be true? I think it was Intel working with the NSA and CIA to get access to computers more easily.

originally posted by: intrptr
Undetected for over a decade? Who believes that?

I seem to recall an old story about how the NSA required Intel and Microsoft to put "backdoors" into computing products to enable the government to do their jobs protecting the nation.

That could be it.

Just resurfaced under a different name, because the one that just found the "backdoor" doesn't realize that it was in fact a deliberate secret tunnel to every-man's PC. He thinks Intel didn't know about this.

Intel is the worlds smartest corporation.

Their "accidental bugs" are likely "deliberate features", intended to appear as bugs when found out.

It's called the invisible backdoor.

It is what it doesn't appear to be.

originally posted by: schuyler
Realistically, how many people have EVER been affected by this? And how many will be? "Horriffic"? Really?

Affected by the flaw? A minority. Affected by the patch? Pretty much everyone via OS update!

What we don't know, yet, is just how much kernel memory information can be leaked to user programs or how easily that leaking can occur. And which Intel processors are affected?

Again it's not entirely clear, but indications are that every Intel chip with speculative execution (which is all the mainstream processors introduced since the Pentium Pro, from 1995) can leak information this way.

originally posted by: MindBodySpiritComplex

originally posted by: schuyler
Realistically, how many people have EVER been affected by this? And how many will be? "Horriffic"? Really?

Affected by the flaw? A minority. Affected by the patch? Pretty much everyone via OS update!

Also a great marketing move by Intel.

Find a way to force the "slow down" of your PC, so that you'll need to go out and buy a new computer to get back that fast computing experience you've gotten addicted to.

Didn't Apple admit to doing something similar recently with the iPhones?



They used to called this sort of marketing ploy something like "planned obsolescence" or "engineered obsolescence".

....

What if this is something more?

What if something is about to come out in regards to illegal spying...and Intel (At least now) is doing this to save face in the future?

What if this is how the DNC was hacked from the inside? By one of our own?

originally posted by: SR1TX

What if this is how the DNC was hacked from the inside? By one of our own?

What if they just found out that it was the Russians who recently discovered the bug, and used it to hack the DNC and RNC, and so now they have to admit there's a bug, and patch the thing before the Russians get more intel this way?

a reply to: MindBodySpiritComplex

I agree with those that suspect Intel and NSA knew all along. As to what might have triggered the "discovery" (read public disclosure) of the flaw now:

Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core