# Yet Another Speculative Malfunction: Intel Reveals New Side-Channel Attack, Advises Disabling Hyper-Threading Below 8th, 9th Gen CPUs



## Raevenlord (May 14, 2019)

Ouch doesn't even begin to describe how much that headline hurt. As far as speculative execution goes, it's been well covered by now, but here's a refresher. Speculative execution essentially means that your CPU tries to think ahead of time on what data may or may not be needed, and processes it before it knows it's needed. The objective is to take advantage of concurrency in the CPU design, keeping processing units that would otherwise be left idle to process and deliver results on the off-chance that they are indeed required by the system: and when they are called for, the CPU saves time by not having to process them on the fly and already having them available.

The flaws have been announced by Intel in coordination with Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany and security firms Cyberus, BitDefender, Qihoo360 and Oracle. While some of the parties involved have named the four identified flaws with names such as "ZombieLoad", "Fallout", and RIDL, or "Rogue In-Flight Data Load", Intel is using the PEGI-13 "Microarchitectural Data Sampling (MDS)" name.



 


*Update May 15th*: Intel has released benchmarks that show the performance impact of the MDS mitigations.
*Update May16th*: Apparently Intel tried to swipe the issue under the rug with a generous donation to the researchers.

The issue at hand here, defined by Intel's pretty tame MDS, is that like other side-channel attacks, exploits may allow hackers to obtain information that was otherwise deemed secure, had it not been run through the CPU's speculative execution processes. While Meltdown read sensitive information that was being stored in memory due to the speculative execution functions on Intel's CPUs, MDS attacks read the data on the CPU's various buffers - between threads, along the way to the CPU cache, and others. The researchers say that this flaw can be used to siphon data from the CPU at a rate that can approach real-time, and can be used to selectively pull what information is deemed important: whether it's passwords or what websites the user is visiting at the moment of the attack, it's all fair game.










Intel says that significant software changes will be needed to harden systems against this exploit, not only from themselves, but from operating system vendors and third party app creators. One of the proposed solutions is that every time a processor would switch from one third-party app to another, from a Windows process to a third-party app, or even from less trusted Windows processes to more trusted ones, the buffers have to be cleared or overwritten. This means a whole new cycle of data gathering and writing beings every time you call up a different process - and you bet that carries a performance penalty, which Intel is putting at a "minimal" up to 9%.

Intel detailed the vulnerability in its whitepaper and admitted that disabling HT might be warranted as a protection against MDS attacks - and you can imagine how much the company must have loathed to publish such a thing. Intel's HT has been heavily hit by repeated speculative execution flaws found on Intel processors, with mitigations usually costing some sort of performance on Intel's concurrent processing technology. Intel says its engineers discovered the MDS vulnerabilities last year, and that it has now released fixes for the flaw in both hardware and software. Although obviously, the software fixes will have to be deployed either on microcode updates or will have to be implemented by every operating system, virtualization vendor, and other software makers.

Intel also said that its 8th and 9th generation processors already include the hardware mitigations that defeat the exploitation of MDS, but previous architectures back to Nehalem are vulnerable. But why play it on expectations: you can take a test that has been published by the researchers right here.

The CVE codes for the vulnerabilities stand as such:


CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS)
CVE-2018-12130 Microarchitectural Fill Buffer Data Sampling (MFBDS)
CVE-2018-12127 Microarchitectural Load Port Data Sampling (MLPDS)
CVE-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

*View at TechPowerUp Main Site*


----------



## HwGeek (May 14, 2019)

It's not their year, The rush for new AMD Ryzen will be crazy IMO, dirty cheap and more performance for all "Old Intel " below 8th Gen.


----------



## natr0n (May 14, 2019)

You can disable cpu caching and etc.. in bios.


----------



## Vulpesveritas (May 14, 2019)

By what I've read, 9th generation processors may in fact be even more susceptible to these attacks, despite Intel's claims otherwise, due to the fix for spectre/meltdown making it easier for these new attacks to function.

Here's a detailed webpage covering things on how it works, for anyone interested:  https://mdsattacks.com/


----------



## R0H1T (May 14, 2019)

At this point Intel should just trademark their own variety of *Swiss Cheese*


----------



## Lindatje (May 14, 2019)

Heavy performance hit on Intel CPU`s incoming.

How relevant are the benchmarks after any software updates? And how secure are the software updates if it needs to be resolved by a hardware fix?

Bye Intel, hello AMD.


----------



## HD64G (May 14, 2019)

And because of another major vulnerability, i7s are becoming i5s. Imho, many servers and data centers will soon change to Zen cpus without 2nd thoughts with all those security problems.


----------



## ShurikN (May 14, 2019)

With security like this, it's no wonder they managed to achieve such high IPC.
Another performance nerf incoming.


----------



## Eskimonster (May 14, 2019)

oh my goat, i cant wait to build new AMD platform.


----------



## AltCapwn (May 14, 2019)

_"This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware. "_

Oh well


----------



## ExV6k (May 14, 2019)

natr0n said:


> You can disable cpu caching and etc.. in bios.


_And for only a mere 70% drop in CPU performance._
/s


----------



## Vayra86 (May 14, 2019)

Painful...


----------



## Assimilator (May 14, 2019)

This is really starting to get ridiculous now...


----------



## lemonadesoda (May 14, 2019)

Rävenlord, someone needs to profo raed yuor hihgspede typnig. Pellscheck?


----------



## adulaamin (May 14, 2019)

Ooohhh... I might just sell the unassembled parts I have for an Intel build...


----------



## natr0n (May 14, 2019)

ExV6k said:


> _And for only a mere 70% drop in CPU performance._
> /s




On my xeon server I disabled all caching/prefeching and gained performance. So no idea where you got that info.


----------



## krykry (May 14, 2019)




----------



## zlobby (May 14, 2019)

natr0n said:


> On my xeon server I disabled all caching/prefeching and gained performance. So no idea where you got that info.



Even if true, it's highly dependent on workloads. It's there for a reason!



Assimilator said:


> This is really starting to get ridiculous now...


It always has been. Only before people were 'Ermahgerd my intelz makes moar performancez' and naturally, intel let it go, looking at the ceiling.


----------



## biffzinker (May 14, 2019)

AMD isn't out of the fun going by Windows 10.








						Intel Reveals New Spectre-Like Attack, Advises Disabling Hyper-Threading
					

Intel unveiled yet another speculative execution side-channel flaw in its processors. The vulnerability affects most of the company’s processor SKUs, except the 8th and 9th generation chips, which Intel said includes hardware mitigations against this flaw.  Microarchitectural Data Sampling in...




					www.techpowerup.com


----------



## TheGuruStud (May 14, 2019)

They ignored the last one lol. I guess they'll comment on this one, so you can "upgrade".


----------



## N3utro (May 14, 2019)

How convenient for intel that most of their older processors are impacted so we buy their new ones.

Until we see a working proof of concept, intel can bite my ass. I'm not changing my CPU for a dark CVE number with no proof.


----------



## efikkan (May 14, 2019)

As I've mentioned before, we shouldn't be surprised about new attack vectors for these timing attacks, as long as there is an underlying weakness, there is a potential for more undiscovered attack vectors.

Still, for desktop users risks will be very low as long as the malicious software has to be run locally, and for e.g. the Spectre variants where it's more like a theoretical possibility than something that would be practical to actually steal useful information.

I would advice against participating in "schadenfreude", just because these specific attack vectors are Intel specific, doesn't mean others are not affected by similar problems. We've see in the past how vulnerabilities from Intel has led to discoveries of similar problems in other designs, not only AMD, but also the huge spectrum of ARM designs in existence. We should not assume they are "invulnerable" to this class of attacks just because we haven't found anything yet, we can't know that with a reasonable certainty until they have been carefully vetted. Hopefully the last two years of discoveries will lead to more consciousness about designing for security in hardware, something which seems to be largely "lacking" until now.

Once again we see both speculative execution and SMT as elements of vulnerabilities. It's important to emphasize that none of these are flawed in principle, but have certain security implications that people have either ignored or been unaware of. Speculative execution have certain pitfalls by itself, but have magnitudes more once SMT is put into the mix. While it's still possible to actually do this securely, the pitfalls of SMT will only increase with architectural complexity, and the cost of dealing with this does too, and since the performance gains from SMT are diminishing with increasing IPC, SMT should be abandoned sooner rather than later. One interesting side-note is that recent rumors of Zen 3 claim support for 4-thread SMT, which would if true increase the potential pitfalls even more.

Most, if not all of these require the attacker to already have access to a machine, and in many cases a whole lot of additional conditions have to apply. Another unrelated example would be the much hyped AMD vulnerability of flashing unsigned BIOSes, which still required root access and/or physical access.
We should never assume a single security measure is impenetrable by itself, and instead build security in layers, where multiple vulnerabilities are required to execute a successful attack. Doing so have been established as good practices for ages, but times are now actually changing for the worse, as companies are moving more and more of their essential infrastructure into the public cloud, where a single vulnerability in either hardware, hypervisor or the cloud management is enough to bypass any security measure. All of a sudden, we have just a single line of defense against the attackers. I'm just hoping this cloud hype dies down before some major incident occurs.
</rant>


----------



## Ferrum Master (May 14, 2019)

I have a feeling... It is like intentional.

Push to upgrade... Halo threats...


----------



## mugatopdub21 (May 14, 2019)

You sir deserve a medal! Yes yes and more yes! Finally, someone with some common sense to hopefully enlighten the masses. Listen to this person! You'll notice I didn't amend anything - it was written perfectly =) 



efikkan said:


> As I've mentioned before, we shouldn't be surprised about new attack vectors for these timing attacks, as long as there is an underlying weakness, there is a potential for more undiscovered attack vectors.
> 
> Still, for desktop users risks will be very low as long as the malicious software has to be run locally, and for e.g. the Spectre variants where it's more like a theoretical possibility than something that would be practical to actually steal useful information.
> 
> ...


----------



## R-T-B (May 14, 2019)

N3utro said:


> Until we see a working proof of concept



That test in the article is one.



altcapwn said:


> _"This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware. "_
> 
> Oh well



Citation?


----------



## Manu_PT (May 14, 2019)

Glad I jumped straight from an i5 4690 to a 9700k wich doesnt have HT.


----------



## windwhirl (May 14, 2019)

"Ah sh*t, here we go again" was my thought when I read the title...


----------



## XiGMAKiD (May 14, 2019)

Raevenlord said:


> ...significant software changes will be needed to harden systems against this exploit, not only from themselves, but from operating system designers and third party app creators


Buggy updates incoming


----------



## Steevo (May 15, 2019)

natr0n said:


> You can disable cpu caching and etc.. in bios.


you could also take a hacksaw to the chip because that'll essentially destroy your performance


----------



## Caring1 (May 15, 2019)

I disabled HT ages ago.
I doubt I am a priority target anyway.


----------



## Totally (May 15, 2019)

mugatopdub21 said:


> You sir deserve a medal! Yes yes and more yes! Finally, someone with some common sense to hopefully enlighten the masses. Listen to this person! You'll notice I didn't amend anything - it was written perfectly =)



I thought similarly last time until some uni student demonstrated a remote attack via a compromised system on the same network. So yes you can point out that there is an impassable canyon in between that possibility and reality while ignoring the guy building a bridge to the left.


----------



## Emu (May 15, 2019)

efikkan said:


> While it's still possible to actually do this securely, the pitfalls of SMT will only increase with architectural complexity, and the cost of dealing with this does too, and since the performance gains from SMT are diminishing with increasing IPC, SMT should be abandoned sooner rather than later.



Cinebench would like to disagree with your "performance gains from SMT are dimishing with increasing IPC".  My Ryzen 7 2700x scores 3582 in Cinebench Release 20 with SMT enabled and 2074 with SMT disabled.  I actually had to run the 8 core / 16 thread benchmark twice because I was only expecting a 30% difference.  IPC increases between generations of architectures is usually in the single digit range and increased width in the instruction pipeline benefits SMT performance.


----------



## xkm1948 (May 15, 2019)

At this rate i may have to switch to Zen 2 TR sooner than I would like...


----------



## Vulpesveritas (May 15, 2019)

R-T-B said:


> That test in the article is one.
> 
> 
> 
> Citation?


The official webpage by the guys who discovered the exploit to begin with, which I linked earlier in the thread.   https://mdsattacks.com/


----------



## LAN_deRf_HA (May 15, 2019)

I've been confused by the "newest gen is ok" vs "newest gen is more vulnerable" comments. Is it that the newer chips are more vulnerable just specifically not to the hyper thread exploit?


----------



## Vulpesveritas (May 15, 2019)

LAN_deRf_HA said:


> I've been confused by the "newest gen is ok" vs "newest gen is more vulnerable" comments. Is it that the newer chips are more vulnerable just specifically not to the hyper thread exploit?


The report from the lab testers say the newest chips are more vulnerable, while Intel is claiming they're not, is what it appears.


----------



## Mistral (May 15, 2019)

Yes, I'm sure all those people that bought i7s are simply delighted that someone is advising them to disable HT... And the "minimal" performance penalty of up to 9% sounds real nice compared to the huge 5% gaming performance advantage Intel enjoys over AMD.


----------



## trparky (May 15, 2019)

I am really starting to regret buying my 8700K right about now. These Intel chips are turning out to have more security holes than Internet Explorer.


----------



## R-T-B (May 15, 2019)

Vulpesveritas said:


> The official webpage by the guys who discovered the exploit to begin with, which I linked earlier in the thread.   https://mdsattacks.com/



Must've missed it, thanks.

Now that I can reference the page and tool, it seems interesting to me the tools claims 9th gen is "not affected" by meltdown at all.  Considering that was the biggest performance impacting fix from the previous batch of vulnerabilities, it's almost looking like 9th gen may have taken 2 steps forwards, only to fall 2 steps backwards.


----------



## Nihilus (May 15, 2019)

So the once mighty 7700k is basically an 8350k now meaning my $170 at launch 2400g will beat it now in many games.


----------



## Cybrnook2002 (May 15, 2019)

And they keep on selling them anyways......... waiting for the next nda to expire so even the next vulnerability goes public. Something to be said about selling knowingly faulty chips under the clock of waiting for nda to lift.


----------



## Caring1 (May 15, 2019)

Is Intel going to use this as an excuse to delay the launch of Gen 10?  
My bet is on a revision of 9 first.


----------



## SIGSEGV (May 15, 2019)

Ryzen 5 3500U here i come..


----------



## Prima.Vera (May 15, 2019)

At least those are public and not kept secret anymore. I doubt those affect the average Joe user using the PC for mundane tasks...


----------



## trparky (May 15, 2019)

Prima.Vera said:


> At least those are public and not kept secret anymore. I doubt those affect the average Joe user using the PC for mundane tasks...


But the question that I have is... How many more skeletons does Intel have in their closets? How many more exploits are there that are just waiting to be found?

In some ways, I don't want to know.


----------



## TheLostSwede (May 15, 2019)

AMD seems to at least be partially affected. No patches applied yet on Windows 10.
*Edit:* Updating Windows today made no difference the list of vulnerabilities...


----------



## randomUser (May 15, 2019)

They are releasing these news now, because they want people with gen 7 and below to go and buy gen8/9 because these gens can work with HT enabled and be safe.

So it the upgare of the cpu not for better performance, but for better protection.

$$$


----------



## adulaamin (May 15, 2019)

randomUser said:


> They are releasing these news now, because they want people with gen 7 and below to go and buy gen8/9 because these gens can work with HT enabled and be safe.
> 
> So it the upgare of the cpu not for better performance, but for better protection.
> 
> $$$



With Ryzen 2 coming, most, I think, would upgrade to AMD rather than Intel's 8th oe 9th gen cpus.


----------



## craigo (May 15, 2019)

CONSUMERPOWERUP!

OMG! an security flaw has been published. FETCH MY WALLET, REPLACE ALL THE THINGS!


----------



## Assimilator (May 15, 2019)

New speculative execution bug leaks data from Intel chips’ internal buffers
					

Intel-specific vulnerability was found by researchers both inside and outside the company.




					arstechnica.com
				






			
				Ars Technica said:
			
		

> Today a microcode update for Sandy Bridge through first-generation Coffee Lake and Whiskey Lake chips will ship.
> 
> ...
> 
> For systems dependent on microcode fixes, Intel says that the performance overhead will typically be under three percent but, under certain unfavorable workloads, could be somewhat higher.



This isn't sounding nearly as bad as Spectre/Meltdown, either in the ability to exploit or in the performance impact of mitigations.



lemonadesoda said:


> Rävenlord, someone needs to profo raed yuor hihgspede typnig. Pellscheck?
> 
> 
> View attachment 122988



I've long given up on expecting basic editorial standards from TPU.


----------



## londiste (May 15, 2019)

TheLostSwede said:


> AMD seems to at least be partially affected. No patches applied yet on Windows 10.
> *Edit:* Updating Windows today made no difference the list of vulnerabilities...
> 
> View attachment 123011


MDS Issues are in the last section - Micro-architectural Data Sampling. Ryzen is not affected according to the tool.
The others are older Spectre-class problems which do affect Ryzen as well.


----------



## Ibotibo01 (May 15, 2019)

I will change to AMD Zen2. I don't rely on Intel anymore.


----------



## Xuper (May 15, 2019)

FAQ:

1) *How did you test it on all this hardware? *






2) *How did you find out the sources of the leaks initially? *


----------



## Jism (May 15, 2019)

Ibotibo01 said:


> View attachment 123016
> View attachment 123017
> 
> I will change to AMD Zen2. I don't rely on Intel anymore.



Zen 2 is no holy grail. Here's my 2700X. I have to say that i have'nt updated W10 in months since install.


----------



## Caring1 (May 15, 2019)

I'm still wondering why it's called a Speculative Malfunction, that implies something broke and it no longer works as it previously did, instead of admitting the flaw was already there.


----------



## Xuper (May 15, 2019)

Jism said:


> Zen 2 is no holy grail. Here's my 2700X. I have to say that i have'nt updated W10 in months since install.


I checked mine and similar to yours.


----------



## TheDeeGee (May 15, 2019)

AMD released an official statement, and their CPUs arn't affected.


----------



## remixedcat (May 15, 2019)

HD64G said:


> And because of another major vulnerability, i7s are becoming i5s. Imho, many servers and data centers will soon change to Zen cpus without 2nd thoughts with all those security problems.


A buncha datacenters announced Epyc systems. Interested in that myself. Wating for a decently priced server with that.


----------



## P4-630 (May 15, 2019)

*May 14, 2019—KB4494441 (OS Build 17763.503)*
_*Improvements and fixes*

This update includes quality improvements.  Key changes include:_

_Enables “Retpoline” by default if Spectre Variant 2 (CVE-2017-5715) is enabled. Make sure previous OS protections against the Spectre Variant 2 vulnerability are enabled using the registry settings described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions). For more information about “Retpoline”, see Mitigating Spectre variant 2 with Retpoline on Windows._
_*Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions).*_
_Adds "uk.gov" into the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge._
_Addresses an issue that may cause “Error 1309” while installing or uninstalling certain types of .msi and .msp files on a virtual drive._
_Addresses an issue that prevents the Microsoft Visual Studio Simulator from starting._
_Addresses an issue that may cause zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) to fail._
_Addresses an issue that causes Simple Network Management Protocol (SNMP) Management Information Base registration to fail when the Windows Management Instrumentation (WMI) provider uses the Windows tool *SMI2SMIR.exe.*_
_Addresses an issue that may cause the text, layout, or cell size to become narrower or wider than expected in Microsoft Excel when using the *MS UI Gothic *or *MS PGothic *fonts. _
_Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Graphics, Windows Storage and Filesystems, Windows Cryptography, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server ._
_If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.
For more information about the resolved security vulnerabilities, please refer to the Security Update Guide._




			https://support.microsoft.com/en-us/help/4494441/windows-10-update-kb4494441


----------



## Ferrum Master (May 15, 2019)

Still pretty OK...


----------



## BorgOvermind (May 15, 2019)

natr0n said:


> You can disable cpu caching and etc.. in bios.


That will make your i9 a 333MHz celeron updated equivalent.


----------



## Mescalamba (May 15, 2019)

natr0n said:


> On my xeon server I disabled all caching/prefeching and gained performance. So no idea where you got that info.



For gaming it was true that HT disabled (and caching) actually gained performance. I think it no longer applies to Win 10, but never actually measured it (might test on FC5 ).



Caring1 said:


> I'm still wondering why it's called a Speculative Malfunction, that implies something broke and it no longer works as it previously did, instead of admitting the flaw was already there.



Cause its based on prediction mechanism, which gave Intel CPU that "edge" over AMD. Prediction is sorta speculative, isnt it?  Its just a guess (naming, not how it works).


----------



## Frick (May 15, 2019)

Assimilator said:


> I've long given up on expecting basic editorial standards from TPU.



To be fair no one has editors or proofreaders these days. Or know how to spell "hippothetical".


----------



## Captain_Tom (May 15, 2019)

Manu_PT said:


> Glad I jumped straight from an i5 4690 to a 9700k wich doesnt have HT.



Yeah after all of the constant Security Vulnerabilities... you decided to buy Intel again.   What a "smart" decision...


----------



## cdawall (May 15, 2019)

Captain_Tom said:


> Yeah after all of the constant Security Vulnerabilities... you decided to buy Intel again.   What a "smart" decision...



AMD isn't going to be immune to everything at this point they are just having massive issues with Intel for this. Unfortunately bad press builds more bad press and more reasons for people to hunt for more failures. It is interesting how many of these are being addressed by M$ and as mere software fixes. This begs curiosity that yet the CPU has a vulnerability, but so does the OS. Each and every one of the issues thus far has been a hole in the OS and a hole in the CPU security. Relying on hardware level security for every single threat is an ignorant view of the world, if that was the case software level things like antivirus's shouldn't even exist.


----------



## trparky (May 15, 2019)

cdawall said:


> AMD isn't going to be immune to everything at this point they are just having massive issues with Intel for this.


Intel's architecture is what? Ten years old? Ten years worth of possible mistakes. Meanwhile AMD has one thing on its side, the Zen architecture is new; they've not had the time to make the same mistakes Intel made.

I've been reading up on this as of late and all of the public relations news that's been released about this all has one thing in common... They're all too afraid to mention the I-word aka Intel. They all say "we will work with effected hardware manufacturers" but they don't say Intel.

If I were a marketing person at AMD I would be putting out ads that read like this... "Buy AMD today. We don't have those vulnerabilities that those _other_ guys have. You know who they are."


----------



## londiste (May 15, 2019)

trparky said:


> Intel's architecture is what? Ten years old? Ten years worth of possible mistakes. Meanwhile AMD has one thing on its side, the Zen architecture is new; they've not had the time to make the same mistakes Intel made.


It is worth reading the Spectre/Meltdown documents and references to earlier research that led to this. Research into speculative execution issues has been going on for decade or more. This was not a sudden discovery but a series of small discoveries over many years. Processor parts involved have largely stayed the same throughout the entire Core lifetime. Intel generally has pretty decent detailed documentation of the functionality of most things as well.

It is possible and not that unlikely that AMD while avoiding mistakes currently plaguing Intel has made different mistakes. Finding stuff like this takes years worth of research even in a well-known architecture.


----------



## trparky (May 15, 2019)

londiste said:


> Processor parts involved have largely stayed the same throughout the entire Core lifetime.


Yeah, and because the architecture is that old all of the skeletons are coming out of the closet. Ten years of the same stuff, ten years of mistakes, ten years of cutting corners all in the name of profit.


londiste said:


> It is possible and not that unlikely that AMD while avoiding mistakes currently plaguing Intel has made different mistakes.


Oh, I'm sure that AMD has issues as well but considering that the Zen architecture is newer and based upon more modern ways of thinking fixes might not erode quite so badly into the performance of said chips.


----------



## Konceptz (May 15, 2019)

damn...was getting ready to come back to the blue side after 8 years....oh well


----------



## MyTechAddiction (May 15, 2019)

You know at some point ( like today) it s getting really difficult to believe these vulnerabilities were true errors and not a intentional design feature.


----------



## trparky (May 15, 2019)

MyTechAddiction said:


> You know at some point ( like today) it s getting really difficult to believe these vulnerabilities were true errors and not a intentional design feature.


I'm leaning more towards the latter in the sense that Intel knew that it could blow up in their faces but they did it anyways.


----------



## RichF (May 15, 2019)

trparky said:


> Yeah, and because the architecture is that old all of the skeletons are coming out of the closet. Ten years of the same stuff, ten years of mistakes, ten years of cutting corners all in the name of profit.
> 
> Oh, I'm sure that AMD has issues as well but considering that the Zen architecture is newer and based upon more modern ways of thinking fixes might not erode quite so badly into the performance of said chips.


What we actually know is what vulnerabilities Intel and AMD CPUs have right now that have been made public and there are more on the Intel side.

Meltdown, Spoiler, and now these — all Intel exclusives.

Bulldozer is everyone's favorite whipping post so I don't know if we're going to start seeing AMD credited for "more modern ways of thinking" when it designed that CPU, versus the heaps of praise for things like Sandy. Perhaps along with the boneheaded design choices that cost performance AMD made more right choices when it came to security? I am definitely not a fan of the _black box inside_ Zen approach, though.


----------



## phanbuey (May 15, 2019)

efikkan said:


> As I've mentioned before, we shouldn't be surprised about new attack vectors for these timing attacks, as long as there is an underlying weakness, there is a potential for more undiscovered attack vectors.
> 
> Still, for desktop users risks will be very low as long as the malicious software has to be run locally, and for e.g. the Spectre variants where it's more like a theoretical possibility than something that would be practical to actually steal useful information.
> 
> ...



This should be added to the article lol.


----------



## lemonadesoda (May 15, 2019)

trparky said:


> Oh, I'm sure that AMD has issues as well but considering that the Zen architecture is newer and based upon more modern ways of thinking fixes might not erode quite so badly into the performance of said chips.


Speculative!


----------



## mcraygsx (May 16, 2019)

trparky said:


> I'm leaning more towards the latter in the sense that Intel knew that it could blow up in their faces but they did it anyways.



When you are making a good profit by selling Quad cores to consumers for over a decade, who wouldn't right?


----------



## R-T-B (May 16, 2019)

Mescalamba said:


> Cause its based on prediction mechanism, which gave Intel CPU that "edge" over AMD. Prediction is sorta speculative, isnt it?  Its just a guess (naming, not how it works).



Speculative execution is utilized in all modern CPUs.  This is not Intel's secret "edge" sauce.



RichF said:


> I am definitely not a fan of the _black box inside_ Zen approach, though.



Me neither.  The only thing I like about Intel ME over AMD pse is that one beast has been decently reverse engineered, AMDs is more or less a complete black box.



Frick said:


> To be fair no one has editors or proofreaders these days. Or know how to spell "hippothetical".



You...  are sadly correct.  Please let me hate you for it, if only out of principle...


----------



## Mescalamba (May 16, 2019)

R-T-B said:


> Speculative execution is utilized in all modern CPUs.  This is not Intel's secret "edge" sauce.
> 
> 
> 
> ...



It is Intel secret sauce. Difference is that AMD has just one simple layer of prediction, while Intel has quite deep prediction and that deep (long) prediction is source of both performance and majority of these low level hacks.


----------



## InVasMani (May 17, 2019)

natr0n said:


> You can disable cpu caching and etc.. in bios.


 You can also take a hammer to your Intel CPU to disable it.


----------



## trparky (May 17, 2019)

A few percentage points of performance loss here, a few percentage points of performance loss there, sprinkle in a few more percentage points of performance loss and then what? Will we be back in the performance days of the old Sandy Bridge days? If suddenly we're looking at some real loss in performance, someone's head is going to roll inside the halls of Intel.

Granted, the performance loss won't be as noticeable for us average users but if you're operating a data center or cloud computing infrastructure the likes of Microsoft Azure, Amazon AWS, etc. then Intel is going to be in for a world of hurt. Big companies tend to not take "oh well, you lost some performance" as nicely as you or I. If a cloud computing infrastructure suddenly needs to install 25% more computing hardware due to performance loss that's going to result in them having to use more power and get more/bigger air conditioners which of course is going to require more power which of course means more cost and more expensive services for the end user. Not good at all.


----------



## Mescalamba (May 17, 2019)

trparky said:


> A few percentage points of performance loss here, a few percentage points of performance loss there, sprinkle in a few more percentage points of performance loss and then what? Will we be back in the performance days of the old Sandy Bridge days? If suddenly we're looking at some real loss in performance, someone's head is going to roll inside the halls of Intel.
> 
> Granted, the performance loss won't be as noticeable for us average users but if you're operating a data center or cloud computing infrastructure the likes of Microsoft Azure, Amazon AWS, etc. then Intel is going to be in for a world of hurt. Big companies tend to not take "oh well, you lost some performance" as nicely as you or I. If a cloud computing infrastructure suddenly needs to install 25% more computing hardware due to performance loss that's going to result in them having to use more power and get more/bigger air conditioners which of course is going to require more power which of course means more cost and more expensive services for the end user. Not good at all.



With everything enabled and HT disabled, I think even regular user will notice performance drop.

That said, if someone is gamer and doesnt expose themselves to any threat, there is no reason to actually care about these attacks more than any kind of malware, virus, trojan and so on.. Its just not really important for normal user or player.


----------



## R-T-B (May 17, 2019)

Mescalamba said:


> It is Intel secret sauce. Difference is that AMD has just one simple layer of prediction, while Intel has quite deep prediction and that deep (long) prediction is source of both performance and majority of these low level hacks.



Citation?  Everything I know about CPUs including Ryzen has indicated quite the opposite.  Ryzen uses a friggin neural net for prediction if we believe AMD marketing, which would be arguably more conplex.


----------



## RichF (May 17, 2019)

Mescalamba said:


> if someone is gamer and doesnt expose themselves to any threat


Going onto the Internet with a computer that can be remotely hacked is exposure.

I am not moved by all the comments that downplay these various vulnerabilities. We can debate these specific ones but should also assume that there are more. There is a lack of oversight to prevent bad security design. It's ridiculous to have to rely on random third parties like Google and CTS to find out what the vulnerabilities are. We have serious vulnerabilities going back to Nehalem and are just now being informed about them?

There is a lot wrong with the situation. We need to have a government agency devoted to providing security to the public, one that is completely walled off from spycraft and policing — with the exception of the spy agencies being required to provide all data on vulnerabilities to said security research/publicity agency. Given the massive breaches of things that the public is supposed to trust, like credit raters, things are not working with the laissez-faire approach. Congress needs to change its mindset, where it's a scandal for "private" e-mails to be handled "insecurely" and, simultaneously, the public is patronizingly lectured by Wired writers that they should never expect to have the slightest shred of privacy for e-mail nor anything else. This kind of monarchic mentality is failing in our globalized networked world.


----------



## HTC (May 17, 2019)

Mescalamba said:


> It is Intel secret sauce. Difference is that AMD has just one simple layer of prediction, while Intel has quite deep prediction and that deep (long) prediction is source of both performance and majority of these low level hacks.



The way i understood it was that AMD has some sort of security checks while doing this prediction thing but Intel defers the security checks to *after* the prediction thing. Did i understand correctly? Dunno: perhaps someone more knowledgeable can clarify.

AMD's approach isn't perfect or it wouldn't be affected by Spectre-like attacks but it's certainly better then Intel's because there's quite a few of these speculation based attacks Intel's susceptible to while AMD's not.


----------



## trparky (May 17, 2019)

It doesn't hurt that since AMD's Zen architecture is new when compared to Intel's Core architecture. AMD has the benefit of new thinking, designing in an era where security is taken more seriously.


----------



## RichF (May 17, 2019)

trparky said:


> It doesn't hurt that since AMD's Zen architecture is new when compared to Intel's Core architecture. AMD has the benefit of new thinking, designing in an era where security is taken more seriously.


Security wasn't taken seriously when Nehalem was designed? I assure you that it was by some important entities/people. People weren't born yesterday. Security has _always_ been recognized as serious by anyone with a decent IQ — back to the origins of human society.

In fact, for all we know, baked-in vulnerabilities were seen as seriously useful — perhaps a bit like AMD's modern black box inside Zen. It wouldn't surprise me one bit if the US has custom vulnerabilities added to products. We find out about the old ones and are encouraged to buy the latest ones. Everyone wins except ordinary people. Perhaps in a world without obvious spycraft this would be paranoid thinking.

Since we don't have the kind of agency/agenda that I outlined above, we are treated to the "who knows?" laissez-faire lifestyle, where people like Snowden give us occasional glimpses of what's behind the mirror. If we were to gain said agency and it were to remain uncompromised then we would be in a far better position to know what the state of security is.


----------



## HTC (May 17, 2019)

trparky said:


> It doesn't hurt that since AMD's Zen architecture is new when compared to Intel's Core architecture. AMD has the benefit of new thinking, designing in an era where security is taken more seriously.



Correct me if i'm wrong but Bulldozer isn't affected either, or is it? And what about Athlon / Phenom CPUs?


----------



## R-T-B (May 17, 2019)

RichF said:


> I am not moved by all the comments that downplay these various vulnerabilities. We can debate these specific ones but should also assume that there are more. There is a lack of oversight to prevent bad security design. It's ridiculous to have to rely on random third parties like Google and CTS to find out what the vulnerabilities are. We have serious vulnerabilities going back to Nehalem and are just now being informed about them


It is more these aren't really "flaws" per say, but using the design as intended in incredibly clever ways to execute timing based inference attacks.

Of course it took a while, this whole category of attacks is fricking bizzarely genius.  It took a long time just for someone to think to try it.



HTC said:


> Correct me if i'm wrong but Bulldozer isn't affected either, or is it? And what about Athlon / Phenom CPUs?



Spectre class attacks affect both.  I am unsure about Meltdown beyond ARM and Intel.  MDS is Intel-only.



RichF said:


> There is a lot wrong with the situation. We need to have a government agency devoted to providing security to the public, one that is completely walled off from spycraft and policing — with the exception of the spy agencies being required to provide all data on vulnerabilities to said security research/publicity agency. Given the massive breaches of things that the public is supposed to trust, like credit raters, things are not working with the laissez-faire approach. Congress needs to change its mindset, where it's a scandal for "private" e-mails to be handled "insecurely" and, simultaneously, the public is patronizingly lectured by Wired writers that they should never expect to have the slightest shred of privacy for e-mail nor anything else. This kind of monarchic mentality is failing in our globalized networked world.




I really do not see this helping at all.


----------



## trparky (May 17, 2019)

RichF said:


> Security has _always_ been recognized as serious by anyone with a decent IQ


Um... there you go, you mentioned "with a decent IQ". The problem that I see with Intel is the performance at all costs thinking brought about by marketing drones and C-Level idiots. The designers may have wanted more security and they may have well been able to do so if not for the marketing and stuffed suits in the board room.


----------



## RichF (May 17, 2019)

R-T-B said:


> It is more these aren't really "flaws" per say, but using the design as intended in incredibly clever ways to execute timing based inference attacks.
> 
> Of course it took a while, this whole category of attacks is fricking bizzarely genius.  It took a long time just for someone to think to try it.


Perhaps. Or, it could be that they're seen as having outlived their usefulness and/or there are better vulnerabilities, like the Zen black box, out there. Remember how Microsoft so aggressively pushed Windows 10 on people? It is in the interest of spycraft to get people onto the better vacuum cleaners. It "makes" money. Chip sellers sell new chips. Motherboard makers sell new boards. Stores get sales. States get taxes. Et cetera. That's just _one_ angle that provides the incentive.

The fact that we're in this shabby laissez-faire state suggests that it's in the interest of those in power.

trparky, the importance of security isn't something people just discovered.


----------



## trparky (May 17, 2019)

I don't fault the designers of Nehalem, I put the fault on the marketing departments along with the C-Level people at the top. They wanted more performance at all costs so as to make more profit. Unfortunately the thinking process of people in marketing doesn't mesh with the thinking processes of the people doing the real hard science.

Now that we've seen that that kind of marketing thinking is not a good idea and that performance at all costs is a really bad way of doing things, perhaps we won't be seeing the same kinds of exploits in future architectures.


----------



## R-T-B (May 17, 2019)

RichF said:


> Perhaps.



There's no perhaps about it.  These aren't backdoors and they'd function horribly as such due to the minimal bandwidth provided by their nonnetworked, timing based inference nature.  All the attacks share that as a trait, except this latest one improves it into the realm of usability vs near uselessness (you cam use privelege escalation to install something more useful).

The AMD blackbox psp is not new.  We've had Intel ME for like, forever.  If the NSA wants toys it'd use these and there isn't even evidence to support that.



trparky said:


> I don't fault the designers of Nehalem, I put the fault on the marketing departments along with the C-Level people at the top. They wanted more performance at all costs so as to make more profit. Unfortunately the thinking process of people in marketing more often than not does not often mesh with the thinking processes of the people doing the real hard science.



I don't blame anyone.  This is literally a way of attacking that is incredibly bizzare, and the world has never seen it before.  You simply could not have seen it coming and the only reason Intel is the first casualty is size.


----------



## trparky (May 17, 2019)

R-T-B said:


> I don't blame anyone.


I do, then again my bias against marketing and C-level drones could be showing in my posts here. I generally have no use for the people at the top, they tend to get in the way of people who really do want to make the world a better place.


----------



## R-T-B (May 17, 2019)

trparky said:


> I do, then again my bias against marketing and C-level drones could be showing in my posts here.



I think it may.


----------



## RichF (May 17, 2019)

R-T-B said:


> The AMD blackbox psp is not new.  We've had Intel ME for like, forever.


Bulldozer, Piledriver, Phenom? As for evidence, we are just now finding out about vulnerabilities that go back to Nehalem.

It's hardly the case, particularly in our very laissez-faire state, that we have all data/knowledge about the state of security, the kind of knowledge that our representatives have.



			
				R-T-B said:
			
		

> You simply could not have seen it coming


Citation needed. This is simply speculation.

And, if you don't think the agency I described, that would be devoted to providing security for the public instead of merely spycraft and policing, will do anything significant to enhance the situation what do you propose? Continuing to rely on random third parties with their own agendas like Google and CTS? Hoping that no one but saints have the knowledge of vulnerabilities that have been around so long.

The black box AMD Zen thing is something you said you don't like. Well, without my agency to publicize the state of security for the public and have oversight mechanisms to ensure better practices, how are you going to do anything about it? Complaining isn't going to accomplish anything.


----------



## R-T-B (May 17, 2019)

RichF said:


> Bulldozer, Piledriver, Phenom?



Piledriver I believe uses the PSP for memory init, and it started there.  Bulldozer I am unsure of, and Phenom had nothing but the fact remains I have found no evidence to support the existence of a backdoor in Intel ME via wireshark and reverse engineering the binaries.  You'd think if it was anywhere it'd be there, were the NSA a factor at all.

More here for my thoughts and background:









						ASRock Z370/Z390 Taichi (and some others, actively modding!) Firmware with Intel Management Engine Disabled
					

THIS PROJECT IS PRESENTLY ON HOLD.  This is simply 1.80 "Instant Flash" firmware for the Z370 Taichi (and now with help from @Mork_vom_Ork, the Z270 SuperCarrier v2.40) straight from ASRock stock unmodifed (minus some sig checks disabled) other than the Intel Management Engine firmware being...




					www.techpowerup.com
				




This project is on hold, yes, but I stay sharp.  Clients pay me for commercial "firmware nuetering."  I daresay paranoia works to my advantage but that is no reason to encourage it.


----------



## RichF (May 17, 2019)

R-T-B said:


> Piledriver I believe uses the PSP for memory init, and it started there.  Bulldozer I am unsure of anf Phenom had nothing but the fact remains I have found no evidence to support the existence of a backdoor in Intel ME via wireshark and reverse engineering the binaries.  You'd think if it was anywhere it'd be there, were the NSA a factor at all.
> 
> More here for my thoughts and background:
> 
> ...


We had no evidence of these vulnerabilities that existed since Nehalem until now. Didn't Snowden leak stuff about hardware being added surreptitiously to routers and other equipment? Wasn't there something about an encryption standard being intentionally broken during the design process? Also, I wasn't just talking about Intel ME. I was talking about AMD's Zen black box, the very same one you just said you are unhappy about. What are you going to do about it other than hope?

The bottom line is that we can be satisfied with _hoping_ that our interests are being represented or we can demand security that we are able to fully trust, because the knowledge and oversight are mandated and delivered. The establishment of the EPA massively reduced pollution. We could have, though, been content with the promises made by the polluters.


----------



## R-T-B (May 17, 2019)

RichF said:


> We had no evidence of these vulnerabilities that existed since Nehalem until now.



Because as I stated, they use an incredibly ingenious way to attack the processor.  I'm still flabberghasted anyone ever thought to try this, ever.



RichF said:


> Didn't Snowden leak stuff about hardware being added surreptitiously to routers and other equipment?



Routers yes and I HAVE seen evidence for that.  Some has even been in the news.  Use one of the open firmwares, is my advice.  Also, encrypted dns over 1.1.1.1 or similar.  You need this if you want to even pretend the government isn't logging you.



RichF said:


> Wasn't there something about an encryption standard being intentionally broken during the design process?



AES may have a backdoor, I assume you mean...  and yes.  I'd try others where possible.  It also could be a reference to the long broken DES standard though.



RichF said:


> What are you going to do about it other than hope?



What I've been doing:  Educating, providing knowledge tools and where needed, services.



RichF said:


> The bottom line is that we can be satisfied with _hoping_ that our interests are being represented or we can demand security that we are able to fully trust, because the knowledge and oversight are mandated and delivered. The establishment of the EPA massively reduced pollution. We could have, though, been content with the promises made by the polluters.



Yes, and I'd be happy with a simple  "citizens privacy" government watchdog.  What you were describing sounded much, much bigger and either way would never have foreseen Spectre.  I guess I agree with the sentiment but not the conclusion.


----------



## HTC (May 17, 2019)

Some preliminary tests @ Phoronix, without HT disabled.

They'll be releasing benches since Spectre / Meltdown in the coming days.


----------



## matar (May 20, 2019)

Been buy intel CPUs since my first build 1998 but my next build will be AMD sorry intel you lost you intel.


----------



## R0H1T (May 20, 2019)

HTC said:


> Some preliminary tests @ Phoronix, without HT disabled.
> 
> They'll be releasing benches since Spectre / Meltdown in the coming days.


Actually they've done a bunch of tests & they all look bad for Intel, *albeit on Linux* ~ https://www.phoronix.com/scan.php?page=article&item=mds-zombieload-mit&num=10

Let's see how some defending Intel respond to this


----------



## Mescalamba (May 22, 2019)

R0H1T said:


> Actually they've done a bunch of tests & they all look bad for Intel, *albeit on Linux* ~ https://www.phoronix.com/scan.php?page=article&item=mds-zombieload-mit&num=10
> 
> Let's see how some defending Intel respond to this



I would say Intel kinda doesnt care about Linux, or at least it seems that way. Not that any HW manufacturer actually does much. Drivers always ages old or not really in great shape. :/

HT disabled will hurt on any platform. Unless you game, then its kinda non-issue.


----------



## E-Bear (May 27, 2019)

So I guess my G620 needs to be also disabled on HT ?


----------



## HwGeek (May 31, 2019)

New One:


> Fallout: Reading Kernel Writes From User Space
> 
> Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Frank Piessens, Berk Sunar, Yuval Yarom
> 
> ...







__





						[1905.12701] Fallout: Reading Kernel Writes From User Space
					





					arxiv.org


----------



## trparky (Jun 1, 2019)

Here we go again.


----------



## HTC (Jun 1, 2019)

HwGeek said:


> New One:
> 
> 
> 
> ...



Ironic that changes made in order to have more security VS some exploits actually makes it more vulnerable to this latest exploit.

Some clarification required:



> Fallout affects all processor generations we have tested.



Does that include non-Intel CPUs?


----------

