Intel CPUs impacted by new Zombieload side-channel attack

General discussion area and chat

Moderator: satrow

Forum rules
This General Discussions forum is an open chat area, so you can talk about almost any subject. Please keep things civil, though!

Please do try to somewhat stick to the relevance of this forum, which focuses on everything around the Pale Moon project and its user community. "Totally random" subjects don't really belong here, even in the general discussion area.
User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1784
Joined: 2015-05-19, 02:26
Location: Arizona U.S.

Intel CPUs impacted by new Zombieload side-channel attack

Unread post by Thehandyman1957 » 2019-05-15, 20:35

Sure glad I don't use anything Intel anymore. Suck thing is, they knew about this for some time
but kept it hidden until they could do some patching. And again, it's gonna slow down your Intel
machine even more. :thumbdown:
Here's the link to zdnet about it.
https://www.zdnet.com/article/intel-cpu ... el-attack/

And of course, Intel says that you don't need to turn off Hyper threading.
Of course not, that would be a huge hit to them and their stock.
But they were not very honest about the hit their chips would take if
you did indeed turn off Hyper Threading.

Intel’s testing of desktop and laptops with Hyper-Threading turned off show a pretty rosy view of the performance hit. We disagree. Strongly.
https://www.pcworld.com/article/3395439 ... ploit.html

And even Apple shows that the only way to fully mitigate this issue
is to disable Hyper Threading which they admit will cut the speed down 40%
How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities
https://support.apple.com/en-us/HT210108

And then, we finally find out that in the end, Intel tried to downplay this and only
relented after being threatened by a paper release.
But, according to the researchers, Intel originally attempted to downplay the severity of the leak, and failed to notify Google and Mozilla. The VU would eventually convince Intel to disclose the flaw in May after threatening to publish its own paper.

“If it were up to Intel, they would have wanted to wait another six months,” Herbert Bos, professor of system and network security at the VU, says.
New Intel Zombieload vulnerability fix turns some Core i7s into Core i5s
https://www.pcgamesn.com/intel/zombielo ... erformance
Last edited by Thehandyman1957 on 2019-05-16, 04:46, edited 2 times in total.
Light travels faster than sound.
This is why some people appear bright until you hear them speak. ;)

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 23434
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by Moonchild » 2019-05-15, 21:14

Or, make sure you only run software you trust.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

User avatar
hujan86
Moon lover
Moon lover
Posts: 93
Joined: 2017-09-27, 06:50

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by hujan86 » 2019-05-16, 01:11

How many vulnerabilities are there now?
Avatar's Source: yereverluvinuncleber
SierraChart_100 wrote:Firefox started off good and gradually descended into absurdity.
Moonraker wrote:Palemoon is still the only fully customised browser available.
Image

User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 5243
Joined: 2012-10-09, 19:37
Location: Sector 001

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by New Tobin Paradigm » 2019-05-16, 01:13

At this point.. I think it is time to get your selves an AMD CPU me thinks.
Image

- Ask not what XUL can do for you. Ask what you can do with XUL! -
http://binaryoutcast.com/ | http://thereisonlyxul.org/

User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1784
Joined: 2015-05-19, 02:26
Location: Arizona U.S.

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by Thehandyman1957 » 2019-05-16, 04:53

Moonchild wrote:
2019-05-15, 21:14
Or, make sure you only run software you trust.
That is probably the toughest thing. You really have to know the
folks who create the software, and hope that they don't sell out
while your using it. Or like Whatsapp, find out there was a baked in
vulnerability.

Trust used to be a given, now it's hard to find.
I will say this though, you guys have earned my trust, and that
is a rarity these days. Hats off to the PM team. :thumbup:
Light travels faster than sound.
This is why some people appear bright until you hear them speak. ;)

User avatar
F22 Simpilot
Moon lover
Moon lover
Posts: 87
Joined: 2019-01-06, 07:59
Location: From RLG fly heading 053 intercept 315 DVV look for the SAM

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by F22 Simpilot » 2019-05-16, 07:55

If anyone bothered to read the first article, it mentions that newer CPUs aren't affected and that exploiting this flaw is not easily done. If I was Iran or China, I'd be worried. Joe Shmoe don't have to worry much. Same with Spectre and Meltdown. Those two primarily affected cloud computing.

Since I'm a Sim flyer, and that FSX is a CPU-orientated game, and single threaded to boot, there's no fracking way I'd go AMD all because of a highly complex attack where microcode and patches are now coming out for this.

Anyone that even cares about security and privacy will throw their smartphone out. Whether Apple or Android. A smartphone is a waaaaay bigger threat to you than a CPU vulnerability.

So with that, no one has to get their panties in a bunch.
Last edited by F22 Simpilot on 2019-05-16, 08:02, edited 2 times in total.
E pur si muove.
All problems in the universe have a solution no matter how complicated.

User avatar
F22 Simpilot
Moon lover
Moon lover
Posts: 87
Joined: 2019-01-06, 07:59
Location: From RLG fly heading 053 intercept 315 DVV look for the SAM

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by F22 Simpilot » 2019-05-16, 07:59

Thehandyman1957 wrote:
2019-05-16, 04:53
Moonchild wrote:
2019-05-15, 21:14
Or, make sure you only run software you trust.
That is probably the toughest thing. You really have to know the
folks who create the software, and hope that they don't sell out
while your using it. Or like Whatsapp, find out there was a baked in
vulnerability.

Trust used to be a given, now it's hard to find.
I will say this though, you guys have earned my trust, and that
is a rarity these days. Hats off to the PM team. :thumbup:

There are all kinds of other flaws in C++ that don't even require this CPU vulnerability. Code that can pass your "anti-virus." I recently read about this at a hacker's website via a tweet from a hacker orientated Twitter account.

In a nut shell, trust but verify. If the software you're going to install isn't necessary known mainstream, and it has at least one positive at Virus Total, I wouldn't install it. On the other hand, process injectors, hacks and cheats for games are by definition malware-like in of themselves.

Great Sig, BTW. :D :lol:
E pur si muove.
All problems in the universe have a solution no matter how complicated.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 23434
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by Moonchild » 2019-05-16, 11:15

TL;DR: If you switch off HT for this on your desktop, you're being dumb.

===
Honestly, it's something you cannot really exploit in the wild for anything useful.

Please read the entirety of the article which highlights some important points.

It only deals with very small amounts of data to begin with (just some really small buffers, Much smaller than the L1 cache even), and it's a side-channel attack on the hyperthreading mechanism, meaning you can only access something on the other thread of the same core. Unless you have affinities set, this is already very difficult to achieve because the normal mechanism of distributing load is to constantly switch threads in a round-robin fashion.

If you already have malicious software running on your system, then you have bigger problems than potentially having small amounts of data stolen through a side-channel attack. "As with other speculative execution side channels, exploiting these vulnerabilities outside of a laboratory environment is extremely complex relative to other methods that attackers have at their disposal."

Also: "Only recently accessed data can be leaked with one of these MDS attacks.". We're talking "recently accessed" at CPU clock speeds here, meaning microseconds. That's either going to take collecting a ton of data to have a "hit" on "secret information", or should be considered impractical in the wild. Combine that with my point about cpu affinity and you see it's only going to be a concern for people in high-sec environments where strict segregation of processes is required (who won't be running unvetted software anyway) or for people who like their tinfoil suits.

As for the biggest attack surface where this kind of data leak could be a problem, meaning foreign content in web browsers: I'm confident in saying that this kind of attack is not possible from a browser. It simply does not have the kind of component access at required speeds to do this.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1784
Joined: 2015-05-19, 02:26
Location: Arizona U.S.

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by Thehandyman1957 » 2019-05-16, 16:32

Moonchild wrote:
2019-05-16, 11:15
TL;DR: If you switch off HT for this on your desktop, you're being dumb.
It is interesting that this is exactly what Google did.
Intel: You don't need to disable Hyper-Threading to protect against the ZombieLoad CPU exploit
https://www.pcworld.com/article/3395439 ... ploit.html
So far, the reactions from operating system vendors have split.
Google released patches for Chrome OS that basically shut off Hyper-Threading by default on affected Chromebooks. People who want to turn it back on can do so themselves, Google said.
Do you think this was simply a quick fix for them and that is why they took this
extreme measure for their desktops? :think: This is "Google" were talking about. :eh:
Light travels faster than sound.
This is why some people appear bright until you hear them speak. ;)

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 23434
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by Moonchild » 2019-05-16, 17:50

Chrome OS? :lol:
Sorry, I guess I should have been more specific: my statements only apply to real operating systems.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

User avatar
plushkava
Hobby Astronomer
Hobby Astronomer
Posts: 17
Joined: 2015-07-31, 04:53
Location: United Kingdom

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by plushkava » 2019-05-17, 03:06

New Tobin Paradigm wrote:
2019-05-16, 01:13
At this point.. I think it is time to get your selves an AMD CPU me thinks.
To put it in perspective …

1557941494323.png

van p
Lunatic
Lunatic
Posts: 277
Joined: 2015-11-19, 07:15
Location: Cincinnati, OH, U.S.A.

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by van p » 2019-05-17, 03:26

Off-topic:
F22 Simpilot wrote:
2019-05-16, 07:55
So with that, no one has to get their panties in a bunch.
I like my panties in a bunch. What the hell . . . .
Windows 10 Pro x64 v1809 8GB i5-4570 | Pale Moon v28.5.0 x64

User avatar
plushkava
Hobby Astronomer
Hobby Astronomer
Posts: 17
Joined: 2015-07-31, 04:53
Location: United Kingdom

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by plushkava » 2019-05-17, 03:31

F22 Simpilot wrote:
2019-05-16, 07:55
If anyone bothered to read the first article, it mentions that newer CPUs aren't affected […]
Unfortunately, this appears to be fake news. Intel have published a list of affected processors, by way of a Microcode Update Guidance document. In the first section, various 8th and 9th gen Intel processors are listed, along with their revised MCU (microcode update) revision codes. The purpose of these updates is to ensure that the CPU clears any affected buffers upon the VERW instruction being issued. At the time of writing, these revisions are incorporated into the most recent Intel microcode collection, dated 20190514.

Further, there is an entry in the FAQ produced by the researchers at Vrije Universiteit Amsterdam, in which they state:
Our attacks affect all modern Intel CPUs in servers, desktops and laptops. This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.
By the way, the VuA page also has a cool interactive diagram - based on Skylake - for anyone interested in the relationship between these vulnerabilities and the CPU microarchitecture.

User avatar
back2themoon
Board Warrior
Board Warrior
Posts: 1368
Joined: 2012-08-19, 20:32

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by back2themoon » 2019-05-17, 09:58

This is getting ridiculous. I'm considering building a new system and keep hearing "Intel is always better performance-wise" but looks like AMD is the way to go, even if these threats probably pose no actual threat for the average -and sensible- user.
Safe Mode / clean profile info: Help/Restart in Safe Mode
Information to include when asking for support - How to apply user agent overrides

Windows 10 Pro 1809 • Pale Moon • Interlink • Emsisoft Anti-Malware

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 23434
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by Moonchild » 2019-05-17, 10:00

back2themoon wrote:
2019-05-17, 09:58
This is getting ridiculous. I'm considering building a new system and keep hearing "Intel is always better performance-wise" but looks like AMD is the way to go, even if these threats probably pose no actual threat for the average -and sensible- user.
Intel's performance has been thanks to cutting several corners in their CPU architecture design and this is now biting them. The mitigations through software make them perform worse as a result.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

User avatar
plushkava
Hobby Astronomer
Hobby Astronomer
Posts: 17
Joined: 2015-07-31, 04:53
Location: United Kingdom

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by plushkava » 2019-05-17, 13:12

Moonchild wrote:
2019-05-17, 10:00
Intel's performance has been thanks to cutting several corners in their CPU architecture design and this is now biting them. The mitigations through software make them perform worse as a result.
Indeed. It's too bad that even Intel, itself, failed to slay the monster that they created. Had Itanium been a success, the situation would now be quite different.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 23434
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Intel CPUs impacted by new Zombieload side-channel attack

Unread post by Moonchild » 2019-05-17, 14:15

Unfortunately Itanium is notoriously hard to efficiently program for. So although the architecture would be naturally resistant to these kinds of attacks, its security and design also limited its own use.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

Post Reply