Page 2 of 3 FirstFirst 123 LastLast
Results 31 to 60 of 63

Thread: Major security flaw found in Intel processors

  1. #31
    Quote Originally Posted by pcosmar View Post
    I'm getting that looking for info,,, and surprised to see old kernels in use..

    It was kernel 4 that had major changes,, and a new release schedule.
    This may indeed affect the Server side if they are all running antiques.
    They are not completely old when bug fixes and security updates are back ported. You are just missing out on improvements and compatibility with newer packages.



  2. Remove this section of ads by registering.
  3. #32
    It was revealed during the Snowden leaks, iirc, that pretty much all tech had been compromised with backdoors at the manufacturer level.

    eta:

    http://www.ronpaulforums.com/showthr...turer-s-drives

    Quote Originally Posted by me 2-17-15
    Regardless of what is claimed by the articles, I think it's naive to think it's just a few targeted systems. They didn't call it the "Total Information Awareness" program for nuthin'. This is also the sort of stuff that limited the Snowden releases to around 5% of his total haul. EVERYTHING is compromised. All of it.
    Pardon me if I don't run out to install whatever the media and Intel (agencies) blare at me to install to fix "bugs" now. The same ones that have hidden the "flaws" are now offering the solution? Eh, a bit too Hegelian for my liking.
    Last edited by devil21; 01-06-2018 at 11:52 AM.
    "Let it not be said that we did nothing." - Ron Paul

    The entire internet is the domain of paid shills and bots. If you don't know this by now....

    Israel, under control of the Crown and, ultimately, the Vatican, own the USA. If you don't know this by now....

    Talk to people about liberty. You won't find it on websites, you won't find it in politicians.

    Visiting the Outer Banks of NC?
    Outer Banks NC Fishing Boat Rentals



  4. Remove this section of ads by registering.
  5. #33
    Quote Originally Posted by devil21 View Post
    It was revealed during the Snowden leaks, iirc, that pretty have all tech had been compromised with backdoors at the manufacturer level.

    Pardon me if I don't run out to install whatever the media and Intel (agencies) blare at me to install to fix "bugs" now.
    The Open Source,, and Digital Rights communities have been working on just those issues.
    Hardware back doors are closed when found.. And this had been known about for some time,and vault7 revealed more.

    The fix for these problems is available,, and is being scrutinized by many eyes,,, some of them more paranoid than you.
    Liberty is lost through complacency and a subservient mindset. When we accept or even welcome automobile checkpoints, random searches, mandatory identification cards, and paramilitary police in our streets, we have lost a vital part of our American heritage. America was born of protest, revolution, and mistrust of government. Subservient societies neither maintain nor deserve freedom for long.
    Ron Paul 2004

    Registered Ron Paul supporter # 2202
    It's all about Freedom

  6. #34
    Quote Originally Posted by kahless View Post
    They are not completely old when bug fixes and security updates are back ported. You are just missing out on improvements and compatibility with newer packages.
    Not really..
    You are running an old (stable) but antique Kernel thet has been patch and patched for 10 or 12 years. It was developed when the internet was running "98".
    It was stable before 64bit chips were available to the public. and before multi core processors.

    I really don't understand the industry insistence on maintaining outdated kernels.
    But it does likely explain some vulnerabilities.
    Liberty is lost through complacency and a subservient mindset. When we accept or even welcome automobile checkpoints, random searches, mandatory identification cards, and paramilitary police in our streets, we have lost a vital part of our American heritage. America was born of protest, revolution, and mistrust of government. Subservient societies neither maintain nor deserve freedom for long.
    Ron Paul 2004

    Registered Ron Paul supporter # 2202
    It's all about Freedom

  7. #35
    Quote Originally Posted by pcosmar View Post
    The Open Source,, and Digital Rights communities have been working on just those issues.
    Hardware back doors are closed when found.. And this had been known about for some time,and vault7 revealed more.

    The fix for these problems is available,, and is being scrutinized by many eyes,,, some of them more paranoid than you.
    That assumes these same organizations haven't been infiltrated just like every other organization of importance has. I don't have much faith in that assumption. ymmv
    "Let it not be said that we did nothing." - Ron Paul

    The entire internet is the domain of paid shills and bots. If you don't know this by now....

    Israel, under control of the Crown and, ultimately, the Vatican, own the USA. If you don't know this by now....

    Talk to people about liberty. You won't find it on websites, you won't find it in politicians.

    Visiting the Outer Banks of NC?
    Outer Banks NC Fishing Boat Rentals

  8. #36
    Quote Originally Posted by devil21 View Post
    ymmv
    You are quite welcome to code your own OS from Source Code. That is the beauty and freedom of Open Source.
    or look into the several distributions made by some one else.. There are un-hackable (hard code,read only),, high security distros for just that purpose.

    it is ever evolving

    My distro,, my favorite. is the work of a guy in Texas and a bunch of folk in a community of users.
    https://www.pclinuxos.com/
    https://en.wikipedia.org/wiki/PCLinuxOS
    https://distrowatch.com/table.php?di...tion=pclinuxos
    Last edited by pcosmar; 01-06-2018 at 01:32 PM.
    Liberty is lost through complacency and a subservient mindset. When we accept or even welcome automobile checkpoints, random searches, mandatory identification cards, and paramilitary police in our streets, we have lost a vital part of our American heritage. America was born of protest, revolution, and mistrust of government. Subservient societies neither maintain nor deserve freedom for long.
    Ron Paul 2004

    Registered Ron Paul supporter # 2202
    It's all about Freedom

  9. #37
    Quote Originally Posted by pcosmar View Post
    Not really..
    You are running an old (stable) but antique Kernel thet has been patch and patched for 10 or 12 years. It was developed when the internet was running "98".
    It was stable before 64bit chips were available to the public. and before multi core processors.

    I really don't understand the industry insistence on maintaining outdated kernels.
    But it does likely explain some vulnerabilities.
    Not just I am running, millions of enterprise servers and data centers throughout the world. Centos/RHEL is everywhere. They are less vulnerable since they are being actively maintained for quite a long time. A business that provides 24x7 up time is more likely to use a stable kernel with security vulnerabilities and patches back ported rather than test the latest kernel on contract customers.

    You want to support servers that required 24x7 up time with unproven kernels then go right ahead and see how long you customers stay with you. No one loves giving credit due to down time.

    Again you are comparing home users to business.

    btw - most servers I am supporting have multiple core 64 bit and more than 8gb's a RAM so we are not talking about the original kernel. For something like 10 years now.

  10. #38
    Quote Originally Posted by pcosmar View Post
    You are quite welcome to code your own OS from Source Code. That is the beauty and freedom of Open Source.
    or look into the several distributions made by some one else.. There are un-hackable (hard code,read only),, high security distros for just that purpose.

    it is ever evolving

    My distro,, my favorite. is the work of a guy in Texas and a bunch of folk in a community of users.
    https://www.pclinuxos.com/
    https://en.wikipedia.org/wiki/PCLinuxOS
    https://distrowatch.com/table.php?di...tion=pclinuxos
    I don't have much desire to code anything. I just know that if the MSM (controlled by same entities that mandated the backdoors in the first place) is blaring on about some emergency and urging you to do something in response to it, it's generally not for a reason that is beneficial to you.
    "Let it not be said that we did nothing." - Ron Paul

    The entire internet is the domain of paid shills and bots. If you don't know this by now....

    Israel, under control of the Crown and, ultimately, the Vatican, own the USA. If you don't know this by now....

    Talk to people about liberty. You won't find it on websites, you won't find it in politicians.

    Visiting the Outer Banks of NC?
    Outer Banks NC Fishing Boat Rentals

  11. #39
    Quote Originally Posted by kahless View Post

    btw - most servers I am supporting have multiple core 64 bit and more than 8gb's a RAM so we are not talking about the original kernel. For something like 10 years now.
    The linux kernel 4+ is not unstable nor cutting edge,

    And yes, The 2.6 kernel was was new, 2.4 was old and known. and Win xp was new.
    People were still running Windows servers,, (some still do) despite being complete crap.

    I am wondering why,, especially in critical environments,, people insist on running outdated and substandard hardware and software..

    it makes little sense to me. and I suspect it bites ass.
    Liberty is lost through complacency and a subservient mindset. When we accept or even welcome automobile checkpoints, random searches, mandatory identification cards, and paramilitary police in our streets, we have lost a vital part of our American heritage. America was born of protest, revolution, and mistrust of government. Subservient societies neither maintain nor deserve freedom for long.
    Ron Paul 2004

    Registered Ron Paul supporter # 2202
    It's all about Freedom

  12. #40
    Quote Originally Posted by devil21 View Post
    I don't have much desire to code anything. I just know that if the MSM (controlled by same entities that mandated the backdoors in the first place) is blaring on about some emergency and urging you to do something in response to it, it's generally not for a reason that is beneficial to you.
    Ah,,
    Well I found linux by my own research long ago. Not the MSM or marketing,,, just other users online.
    I got tired of mainstream crap.

    I don't have to agree to any dumb EULA
    I don't have malware, or viruses,,
    I fear no E-mail attachment,
    I am invisible, and hard to hack. (nothing being impossible)

    I like the system they built. and it gives me TOTAL control of my system.
    ymmv
    Liberty is lost through complacency and a subservient mindset. When we accept or even welcome automobile checkpoints, random searches, mandatory identification cards, and paramilitary police in our streets, we have lost a vital part of our American heritage. America was born of protest, revolution, and mistrust of government. Subservient societies neither maintain nor deserve freedom for long.
    Ron Paul 2004

    Registered Ron Paul supporter # 2202
    It's all about Freedom



  13. Remove this section of ads by registering.
  14. #41
    Quote Originally Posted by pcosmar View Post
    The linux kernel 4+ is not unstable nor cutting edge,

    And yes, The 2.6 kernel was was new, 2.4 was old and known. and Win xp was new.
    People were still running Windows servers,, (some still do) despite being complete crap.

    I am wondering why,, especially in critical environments,, people insist on running outdated and substandard hardware and software..

    it makes little sense to me. and I suspect it bites ass.
    Cost and stability. A bit of sweat spot with the bugs mostly ironed out and security fixes and patches back ported. Why risk that with an unproven kernel.

    It does in a sense bites ass with workstations sometimes if you buy new hardware. On the other hand trying to install newer kernels on older hardware sucks to due to performance issues.

    2.6.x is still maintained with migrations and newer installations to 3.1.x kernel. But not so much 4.x since no one wants to test the latest and greatest in a production environment but it is not far away.

    For home with newer equipment no problem with newer kernel which more likely I would need if my hardware is bleeding edge and I need drivers to support it. I am not going to render older hardware useless with a newer kernel due to performance issues. The longer they support the older kernel's which make old systems fly the better. In many cases there really is no reason to upgrade your hardware or UI if the system is serving your needs and the OS is providing security patches.

  15. #42
    Intel CEO In Jeopardy For Selling Stock After Learning Of "Staggering" Flaw

    https://www.zerohedge.com/news/2018-01-08/it-doesnt-look-good-intel-ceo-jeopardy-selling-stock-after-learning-staggering-flaw
    Never attempt to teach a pig to sing; it wastes your time and annoys the pig.

    Robert Heinlein

    Give a man an inch and right away he thinks he's a ruler

    Groucho Marx

    I love mankindÖitís people I canít stand.

    Linus, from the Peanuts comic

    You cannot have liberty without morality and morality without faith

    Alexis de Torqueville

    Those who fail to learn from the past are condemned to repeat it.
    Those who learn from the past are condemned to watch everybody else repeat it

    A Zero Hedge comment

  16. #43
    It gets worse: Microsoft’s Spectre-fixer wrecks some AMD PCs

    https://www.theregister.co.uk/2018/01/08/microsofts_spectre_fixer_bricks_some_amd_powered_p cs/
    Never attempt to teach a pig to sing; it wastes your time and annoys the pig.

    Robert Heinlein

    Give a man an inch and right away he thinks he's a ruler

    Groucho Marx

    I love mankindÖitís people I canít stand.

    Linus, from the Peanuts comic

    You cannot have liberty without morality and morality without faith

    Alexis de Torqueville

    Those who fail to learn from the past are condemned to repeat it.
    Those who learn from the past are condemned to watch everybody else repeat it

    A Zero Hedge comment

  17. #44
    Quote Originally Posted by Swordsmyth View Post
    Intel CEO In Jeopardy For Selling Stock After Learning Of "Staggering" Flaw

    https://www.zerohedge.com/news/2018-01-08/it-doesnt-look-good-intel-ceo-jeopardy-selling-stock-after-learning-staggering-flaw
    How dumb is this dude?

  18. #45
    Quote Originally Posted by timosman View Post
    How dumb is this dude?
    I think arrogance is more to the point.
    Never attempt to teach a pig to sing; it wastes your time and annoys the pig.

    Robert Heinlein

    Give a man an inch and right away he thinks he's a ruler

    Groucho Marx

    I love mankindÖitís people I canít stand.

    Linus, from the Peanuts comic

    You cannot have liberty without morality and morality without faith

    Alexis de Torqueville

    Those who fail to learn from the past are condemned to repeat it.
    Those who learn from the past are condemned to watch everybody else repeat it

    A Zero Hedge comment

  19. #46
    Quote Originally Posted by Swordsmyth View Post
    I think arrogance is more to the point.
    You are right. He might know SEC is really toothless.

  20. #47
    Quote Originally Posted by Swordsmyth View Post
    It gets worse: Microsoft’s Spectre-fixer wrecks some AMD PCs

    https://www.theregister.co.uk/2018/01/08/microsofts_spectre_fixer_bricks_some_amd_powered_p cs/
    Well, there's a quick example of why I don't jump all over whatever "fix" is being blared by the media. Forcing people to buy new hardware (likely Intel, funny that) that they wouldn't otherwise have needed. I recall reading how a recent Windows update bricked people's old dot matrix printers, forcing new printer purchases. Eventually, hopefully, people will realize that the MEDIA IS NOT THEIR FRIEND and these tech companies are most definitely not either. To the heads of these companies we are nothing but consuming cattle to be herded in whatever direction is best for their bottom line and the completion of their full control agenda. That is IT.

    Quote Originally Posted by timosman View Post
    How dumb is this dude?
    You know damn well nothing will happen to him. Nothing happened to the MGM execs and Board that dumped most of their stock before the LV shooting either. Even the charade of a rule of law has been dropped. It's wild west, everyone for themselves, before the run for the exit doors.
    Last edited by devil21; 01-09-2018 at 09:30 AM.
    "Let it not be said that we did nothing." - Ron Paul

    The entire internet is the domain of paid shills and bots. If you don't know this by now....

    Israel, under control of the Crown and, ultimately, the Vatican, own the USA. If you don't know this by now....

    Talk to people about liberty. You won't find it on websites, you won't find it in politicians.

    Visiting the Outer Banks of NC?
    Outer Banks NC Fishing Boat Rentals

  21. #48
    Quote Originally Posted by devil21 View Post
    You know damn well nothing will happen to him. Nothing happened to the MGM execs and Board that dumped most of their stock before the LV shooting either. Even the charade of a rule of law has been dropped. It's wild west, everyone for themselves, before the run for the exit doors.
    This is depressing.



  22. Remove this section of ads by registering.
  23. #49
    Quote Originally Posted by devil21 View Post
    Well, there's a quick example of why I don't jump all over whatever "fix" is being blared by the media. .
    Actually,, That is exactly why I don't use windoze.
    Liberty is lost through complacency and a subservient mindset. When we accept or even welcome automobile checkpoints, random searches, mandatory identification cards, and paramilitary police in our streets, we have lost a vital part of our American heritage. America was born of protest, revolution, and mistrust of government. Subservient societies neither maintain nor deserve freedom for long.
    Ron Paul 2004

    Registered Ron Paul supporter # 2202
    It's all about Freedom

  24. #50
    As expected.

    Microsoft admits that the Meltdown/Spectre patches will hit Windows Server performance
    https://www.geekwire.com/2018/micros...r-performance/
    Microsoft acknowledged Tuesday morning that Windows Server is now slower for certain types of applications thanks to the patches.
    ...
    Myerson also noted that Windows PC users with recently purchased systems probably won’t notice much of a performance impact from the patches pushed out to Windows users last week, but people with older Windows 10 hardware, and people with Windows 8 or Windows 7 machines, will likely see a performance hit.
    Microsoft says older Windows versions will face greatest performance hits after Meltdown, Spectre patches.
    http://www.zdnet.com/article/microso...rmance-issues/

  25. #51
    Same for Linux

    IBM melts down fixing Meltdown as processes and patches stutter - RHEL servers croaking
    http://www.theregister.co.uk/2018/01/09/ibm_melts_down/
    The documents also say some Red Hat Enterprise Linux servers aren’t rebooting after patching, which is of more concern given that Red Hat developed its own Meltdown/Spectre patches.
    Red Hat Warned Partners Of Computing, Cloud Performance Loss Stemming From Protecting Against Chip Vulnerabilities
    http://www.crn.com/news/security/300...rabilities.htm
    Solution providers are expecting some systems to be degraded by up to 30 percent
    Some with the latest kernel having boot problems
    http://www.zdnet.com/article/the-lin...tle-continues/
    Work is continuing, but the latest update of the stable Linux kernel, 4.14.2, has the current patches. Some people may experience boot problems with this release, but 4.14.13 will be out in a few days.

  26. #52
    Quote Originally Posted by kahless View Post
    As expected.

    Microsoft admits that the Meltdown/Spectre patches will hit Windows Server performance
    https://www.geekwire.com/2018/micros...r-performance/


    Microsoft says older Windows versions will face greatest performance hits after Meltdown, Spectre patches.
    http://www.zdnet.com/article/microso...rmance-issues/
    And I was just reading that RedHat published their bench tests,,
    19% reduction in performance,, worst case. but most a 2 to 8% hit.

    I suspect they are still massaging it.

    windoze likes to throw out nasty patches. it's like a history or a habit.
    Liberty is lost through complacency and a subservient mindset. When we accept or even welcome automobile checkpoints, random searches, mandatory identification cards, and paramilitary police in our streets, we have lost a vital part of our American heritage. America was born of protest, revolution, and mistrust of government. Subservient societies neither maintain nor deserve freedom for long.
    Ron Paul 2004

    Registered Ron Paul supporter # 2202
    It's all about Freedom

  27. #53
    ^^^^
    What Intel, MS, etc is actually saying is go buy new crap that most DEFINITELY has all of the backdoors in it.
    "Let it not be said that we did nothing." - Ron Paul

    The entire internet is the domain of paid shills and bots. If you don't know this by now....

    Israel, under control of the Crown and, ultimately, the Vatican, own the USA. If you don't know this by now....

    Talk to people about liberty. You won't find it on websites, you won't find it in politicians.

    Visiting the Outer Banks of NC?
    Outer Banks NC Fishing Boat Rentals

  28. #54
    Work is continuing, but the latest update of the stable Linux kernel, 4.14.2, has the current patches. Some people may experience boot problems with this release, but 4.14.13 will be out in a few days.
    I'm running 4.14.8,, and have no issues. It had some patches.. 4 15rc is being tested,, and it should have patches,, it is being tested.

    Looking forward to it's release as stable later this month.
    Liberty is lost through complacency and a subservient mindset. When we accept or even welcome automobile checkpoints, random searches, mandatory identification cards, and paramilitary police in our streets, we have lost a vital part of our American heritage. America was born of protest, revolution, and mistrust of government. Subservient societies neither maintain nor deserve freedom for long.
    Ron Paul 2004

    Registered Ron Paul supporter # 2202
    It's all about Freedom

  29. #55
    Intel is having reboot issues with its Spectre-Meltdown patches

    “We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center,” Shenoy wrote.
    He added, “If this requires a revised firmware update from Intel, we will distribute that update through the normal channels.”

    More at: https://finance.yahoo.com/news/intel...221114762.html
    Never attempt to teach a pig to sing; it wastes your time and annoys the pig.

    Robert Heinlein

    Give a man an inch and right away he thinks he's a ruler

    Groucho Marx

    I love mankindÖitís people I canít stand.

    Linus, from the Peanuts comic

    You cannot have liberty without morality and morality without faith

    Alexis de Torqueville

    Those who fail to learn from the past are condemned to repeat it.
    Those who learn from the past are condemned to watch everybody else repeat it

    A Zero Hedge comment

  30. #56
    I did a more detailed write-up on the Meltdown/Spectre attacks here.

    tl;dr: This entire class of attacks can be mooted by restricting user-space software from having access to high-precision timers (timestamp-counters) or slowing the timers (obscuring microarchitectural timing) or fuzzing the timers (same thing, different method). If you are running user software in a virtual container, you can defend against all these attacks by changing one setting (timestamp-counter scaling) without any kernel update or CPU patch. You won't find this fact mentioned anywhere. Fixes that require "re-architecting CPUs" are nonsense-on-stilts.



  31. Remove this section of ads by registering.
  32. #57
    Also, a quick note about "backdoors". If you are an ordinary PC user, you should never operate under the assumption that "my computer is secure" because... it isn't. These latest attacks have nothing to do with that. If the NSA or somebody at that scale wants inside your PC, they're in, just like that and they don't have to use academic timing attacks to do it. The best overall description is "push-button access". We know this is the case thanks to the Snowden disclosures, among other whistleblowers.

  33. #58
    Intel admits Spectre patch problems also affect newer Core chips

    Intel has revealed that even its newer CPUs are affected by the frequent reboot problems brought about by the Spectre/Meltdown patches. The chipmaker previously said that the reboot issue affects systems running Broadwell and Haswell. Now that it has managed to reproduce the problem internally in an effort to fix it, the company found that a similar behavior can occur in platforms powered by Skylake and Kaby Lake, which are newer than Haswell and Broadwell. Ivy Bridge- and Sandy Bridge-based systems, both older cores, are also susceptible to the bug. Thankfully, Intel VP Navin Shenoy said that they're close to identifying the problem's root issue. "In parallel," he added, "we will be providing beta microcode to vendors for validation by next week."

    More at: https://finance.yahoo.com/news/intel...075000640.html
    Never attempt to teach a pig to sing; it wastes your time and annoys the pig.

    Robert Heinlein

    Give a man an inch and right away he thinks he's a ruler

    Groucho Marx

    I love mankindÖitís people I canít stand.

    Linus, from the Peanuts comic

    You cannot have liberty without morality and morality without faith

    Alexis de Torqueville

    Those who fail to learn from the past are condemned to repeat it.
    Those who learn from the past are condemned to watch everybody else repeat it

    A Zero Hedge comment

  34. #59
    @Swordsmyth

    The reboot issues are not Intel. The Chip Flaw is Intel,, but the reboot problem is Windize. and the windoze patches.

    No issue here,,, nor with linux in general. so that issue is unique to that OS.
    Liberty is lost through complacency and a subservient mindset. When we accept or even welcome automobile checkpoints, random searches, mandatory identification cards, and paramilitary police in our streets, we have lost a vital part of our American heritage. America was born of protest, revolution, and mistrust of government. Subservient societies neither maintain nor deserve freedom for long.
    Ron Paul 2004

    Registered Ron Paul supporter # 2202
    It's all about Freedom

  35. #60
    Red Hat Will Revert Spectre Patches After Receiving Reports of Boot Issues
    https://www.bleepingcomputer.com/new...f-boot-issues/
    Red Hat is releasing updates that are reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot.

    "Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot," the company said yesterday.

Page 2 of 3 FirstFirst 123 LastLast


Similar Threads

  1. Major flaw in Presidential polling samples
    By Joeinmo in forum Rand Paul Forum
    Replies: 7
    Last Post: 12-10-2015, 10:31 PM
  2. A major flaw in Gold ?
    By Rylick in forum Economy & Markets
    Replies: 7
    Last Post: 05-14-2010, 06:34 PM
  3. Major flaw in US constitution
    By Kraig in forum U.S. Constitution
    Replies: 101
    Last Post: 08-30-2009, 11:08 PM
  4. GAO: Major security flaws found at federal buildings
    By tsopranos in forum U.S. Political News
    Replies: 1
    Last Post: 07-08-2009, 07:49 AM
  5. A possible major flaw with the gold standard?
    By jon_perez in forum Economy & Markets
    Replies: 53
    Last Post: 12-05-2007, 10:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •