Current Events > So AMD chips are even more screwed than Intel by these new exploits

(+) Yeah! (+)

https://techcrunch.com/2018/01/03/kernel-panic-what-are-meltdown-and-spectre-the-bugs-affecting-nearly-every-computer-and-device/

Security researchers released official documentation complete with nicknames and logos of two major flaws found in nearly all modern central processing units, or CPUs.

Its not a physical problem with the CPUs themselves, or a plain software bug you might find in an application like Word or Chrome. Its in between, at the level of the processors architectures, the way all the millions of transistors and logic units work together to carry out instructions.

In modern architectures, there are inviolable spaces where data passes through in raw, unencrypted form, such as inside the kernel, the most central software unit in the architecture, or in system memory carefully set aside from other applications. This data has powerful protections to prevent it from being interfered with or even observed by other processes and applications.

Meltdown and Spectre are two techniques researchers have discovered that circumvent those protections, exposing nearly any data the computer processes, such as passwords, proprietary information, or encrypted communications.

Meltdown affects Intel processors, and works by breaking through the barrier that prevents applications from accessing arbitrary locations in kernel memory. Segregating and protecting memory spaces prevents applications from accidentally interfering with one anothers data, or malicious software from being able to see and modify it at will. Meltdown makes this fundamental process fundamentally unreliable.

Spectre affects Intel, AMD, and ARM processors, broadening its reach to include mobile phones, embedded devices, and pretty much anything with a chip in it. Which, of course, is everything from thermostats to baby monitors now.

It works differently from Meltdown; Spectre essentially tricks applications into accidentally disclosing information that would normally be inaccessible, safe inside their protected memory area. This is a trickier one to pull off, but because its based on an established practice in multiple chip architectures, its going to be even trickier to fix.
...
Meltdown can be fixed essentially by building a stronger wall around the kernel; the technical term is kernel page table isolation. This solves the issue, but theres a cost. Modern CPU architectures assume certain things about the way the kernel works and is accessed, and changing those things means that they wont be able to operate at full capacity.

The Meltdown fix may reduce the performance of Intel chips by as little as 5 percent or as much as 30 but there will be some hit. Whatever it is, its better than the alternative.

Spectre, on the other hand, is not likely to be fully fixed any time soon. The fact is that the practice that leads to this attack being possible is so hard-wired into processors that the researchers couldnt find any way to totally avoid it. They list a few suggestions, but conclude:

While the stop-gap countermeasures described in the previous section may help limit practical exploits in the short term, there is currently no way to know whether a particular code construction is, or is not, safe across todays processors much less future designs.

tl;dr: every computer (Windows/Apple) and smartphone made in the last decade is vulnerable. Intel chips have a fix that will reduce performance; AMD currently does not
---

lol shit we fucked boys
---

SGT_Conti posted...

lol shit we fucked boys

I don't quite understand how this isn't a bigger deal with the mainstream media.
---

The Admiral posted...

I don't quite understand how this isn't a bigger deal with the mainstream media.

Because it's hard to explain to your average, non-techie, citizen.

they're not more screwed

just equally screwed
---

IdiotMachine posted...

The Admiral posted...

I don't quite understand how this isn't a bigger deal with the mainstream media.

Because it's hard to explain to your average, non-techie, citizen.

probably this.

do these exploits have to be installed on your pc, like malware? i still dont understand where the intrusion point will be.
---

amd always lose, baby
---

IdiotMachine posted...

The Admiral posted...

I don't quite understand how this isn't a bigger deal with the mainstream media.

Because it's hard to explain to your average, non-techie, citizen.

Which I'm hoping someone will do because I don't understand.. What am I vulnerable too
---

The Admiral posted...

Intel chips have a fix that will reduce performance; AMD currently does not

I think you read that wrong... Intel has a fix for the exploit that does not affect AMD. The exploit that currently does not have a fix affects AMD and Intel.
---

glitteringfairy posted...

What am I vulnerable too

Also, what is the Intel fix that costs 5-30% processing power?
---

FightingGames posted...

amd always lose, baby

---

27_Sandman_40 posted...

this is a boogeyman

Please elaborate
---

iamintents posted...

do these exploits have to be installed on your pc, like malware? i still dont understand where the intrusion point will be.

glitteringfairy posted...

Which I'm hoping someone will do because I don't understand.. What am I vulnerable too

In a nutshell:
*CPUs are traditionally sequential. If you give it a command, it'll do it in the order it received it.
*Modern day CPUs started using statistics to run commands in parallel. If you give it a command, CPUs will now guess what your next command will be, and starts to calculate it.
*This thing that the CPU guessed that will be your next move is stored in an unprotected place.
*Malware can access this unprotected place and take all this data.

nice going guys

we're gonna invent network exploits like this and then invent AI that's smarter than humans

there will be no internet on my battlestar
---

iamintents posted...

IdiotMachine posted...

The Admiral posted...

I don't quite understand how this isn't a bigger deal with the mainstream media.

Because it's hard to explain to your average, non-techie, citizen.

probably this.

do these exploits have to be installed on your pc, like malware? i still dont understand where the intrusion point will be.

Even something like bad Javascript on a webpage can exploit it
---

Mizznox posted...

The Admiral posted...

Intel chips have a fix that will reduce performance; AMD currently does not

I think you read that wrong... Intel has a fix for the exploit that does not affect AMD. The exploit that currently does not have a fix affects AMD and Intel.

Oh shit, so looks like even I don't get this. So Meltdown affects Intel and has a fix that reduces performance; Spectre affects AMD and Intel and does not currently have a fix.
---

Mizznox posted...

The Admiral posted...

Intel chips have a fix that will reduce performance; AMD currently does not

I think you read that wrong... Intel has a fix for the exploit that does not affect AMD. The exploit that currently does not have a fix affects AMD and Intel.

---

another nail in PC gaming's coffin
---

FL81 posted...

iamintents posted...

IdiotMachine posted...

The Admiral posted...

I don't quite understand how this isn't a bigger deal with the mainstream media.

Because it's hard to explain to your average, non-techie, citizen.

probably this.

do these exploits have to be installed on your pc, like malware? i still dont understand where the intrusion point will be.

Even something like bad Javascript on a webpage can exploit it

oh well thats not fucking good. java is a vulnerable mess as it is.

welp....
---

IdiotMachine posted...

iamintents posted...

do these exploits have to be installed on your pc, like malware? i still dont understand where the intrusion point will be.

glitteringfairy posted...

Which I'm hoping someone will do because I don't understand.. What am I vulnerable too

In a nutshell:
*CPUs are traditionally sequential. If you give it a command, it'll do it in the order it received it.
*Modern day CPUs started using statistics to run commands in parallel. If you give it a command, CPUs will now guess what your next command will be, and starts to calculate it.
*This thing that the CPU guessed that will be your next move is stored in an unprotected place.
*Malware can access this unprotected place and take all this data.

OK so thats getting warmer. So the pc predicts which game I'm gonna play next or what porn video I'm gonna watch or what website I'm gonna go to?
---

The Admiral posted...

Mizznox posted...

The Admiral posted...

Intel chips have a fix that will reduce performance; AMD currently does not

I think you read that wrong... Intel has a fix for the exploit that does not affect AMD. The exploit that currently does not have a fix affects AMD and Intel.

Oh shit, so looks like even I don't get this. So Meltdown affects Intel and has a fix that reduces performance; Spectre affects AMD and Intel and does not currently have a fix.

yeah. its a big ol mess.
---

Meltdown gets fixed with a firmware patch which is based on the maker of your computer system
Most computers are fine if patched
But outside of that like anything from finger print scanners to anything isn't because it's very rare firmware is ever updated in those machines

i'm not too freaked from a personal use perspective, but my god, all the servers out there, company servers with countless amounts of private data will all be vulnerable.

military servers....drones n shit.
---

IdiotMachine posted...

The Admiral posted...

I don't quite understand how this isn't a bigger deal with the mainstream media.

Because it's hard to explain to your average, non-techie, citizen.

not really its just...SGT_Conti posted...

lol shit we fucked boys

AMD isn't as screwed as Intel, AMD is only vulnerable on the software side which they can fix easily with an update. Intel on the other hand is vulnerable on the hardware side because speculative processing is handled through hardware instead of through software like AMD.

So no, they aren't even more screwed, that's just the articles trying to save Intel's ass after their stock dropped due to it ruining their performance.
---

We in Skynet now boys
---

https://xkcd.com/1938/
---

Chicken posted...

We in Skynet now boys

fuck

AMD hasn't released an update because a proof of concept on their chipsets has not be successful due to arch differences. You can read their notes here:

https://www.amd.com/en/corporate/speculative-execution

An engineer goes into more detail here:
https://lkml.org/lkml/2017/12/27/2
---

Settle down and have some damn reading comprehension skills before making a topic. Holy shit lol
---

Clickbait is clickbait because they don't do their research.
---

eggcorn posted...

Chicken posted...

We in Skynet now boys

fuck

Im watching a stream where an ai uses brute force to complete Mario levels.
---

Krojen posted...

Settle down and have some damn reading comprehension skills before making a topic. Holy shit lol

The unfortunate thing is this is far from the first time Admiral has proudly displayed his lack of reading comprehension on here.
---

Didn't AMD originally brag about how this doesn't effect them? And reading the article I don't see how it says AMD is 'more screwed than Intel".
---

Error1355 posted...

Didn't AMD originally brag about how this doesn't effect them? And reading the article I don't see how it says AMD is 'more screwed than Intel".

They aren't affected by the Meltdown bug, which is what everyone was originally talking about. Both AMD and Intel are affected by the Spectre bug, which is similar to Meltdown.
---

trump's america...
---

Tropicalwood posted...

AMD isn't as screwed as Intel, AMD is only vulnerable on the software side which they can fix easily with an update. Intel on the other hand is vulnerable on the hardware side because speculative processing is handled through hardware instead of through software like AMD.

Every modern CPU handles it via hardware(including AMD). The issue(for Meltdown) is not handling it in hardware, its how it's handled in certain hardware(Intel and some ARM chips) is fundamentally insecure and exploitable to a greater degree than other more "standard" implementations of speculative execution.
---

Error1355 posted...

Didn't AMD originally brag about how this doesn't effect them? And reading the article I don't see how it says AMD is 'more screwed than Intel".

Clickbait to save Intel's stock. The head of Intel basically sold all of his stock that he could while still keeping his job.

Turning off predictive services like autocorrect and password stuff would likely solve most of the problem. However, this would mean disabling Siri and Alexa type services... which ain't happening. Greed is actually the root cause of this dilemma. They can't sell your personal information across platforms as easily without these predictive services. There's an old adage that roughly says you can't con a person unless they are greedy. This is kinda like that.
---