'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

General discussion area and chat

Moderator: satrow

Forum rules
This General Discussions forum is an open chat area, so you can talk about almost any subject. Please keep things civil, though!

Please do try to somewhat stick to the relevance of this forum, which focuses on everything around the Pale Moon project and its user community. "Totally random" subjects don't really belong here, even in the general discussion area.
User avatar
back2themoon
Board Warrior
Board Warrior
Posts: 1184
Joined: Sun, 19 Aug 2012, 20:32

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby back2themoon » Fri, 05 Jan 2018, 20:07

Night Wing wrote:With this new vulnerability; Microsoft sent their "patch fix KB4056892" which both computer owners installed, restarted their computers and got an ugly surprise. Their computers won't boot now. This is why these two computers are down at my neighbor's shop.

Perhaps it's related to the known incompatibility of the patch with several security software. A particular registry key needs to be present. Updated compatibility list here.

Security software needs to be compatible and updated BEFORE installing the patch. Windows Update won't offer it otherwise, not sure what happens when installing the patch manually.
Last edited by back2themoon on Fri, 05 Jan 2018, 20:14, edited 3 times in total.
Safe Mode / clean profile info: Help/Restart in Safe Mode
Information to include when asking for support - How to apply user agent overrides

Windows 10 Pro - Pale Moon x64 - FossaMail x64 - Emsisoft Anti-Malware

User avatar
Tomaso
Keeps coming back
Keeps coming back
Posts: 981
Joined: Thu, 23 Jul 2015, 16:09
Location: Norway

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby Tomaso » Fri, 05 Jan 2018, 20:34

Personally, I've always disabled my AV program before installing Windows updates.
It just seems like a sensible precaution.

User avatar
Night Wing
Knows the dark side
Knows the dark side
Posts: 3565
Joined: Mon, 03 Oct 2011, 10:19
Location: Texas, USA

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby Night Wing » Fri, 05 Jan 2018, 21:26

Since I use 64 bit Windows 7 as my backup operating system, I went to the Microsoft Update Catalog and downloaded the security only KB4056897 patch to my Desktop.

http://www.catalog.update.microsoft.com ... =KB4056897

I didn't install the patch though. I'm going to wait about a week and see if this patch update causes any problems from other 64 bit Windows 7 users first. If all goes well from other users, then I'll disable my antivirus program and install the patch on my experimental Windows 7 hard drive. And then I'll cross my fingers and hope the hard drive re-starts/re-boots the computer and brings me back to my Desktop.

If things "go south", I'll re-format the hard drive and re-load Windows 7 back onto it.

BTW, if this patch works, as an insurance policy I also transferred this patch to three thumb/flash drives just in case I would have to re-install Windows 7 again, for whatever reason, on any of my four windows hard drives.
Linux Mint 19 (Tara) Xfce 64 Bit (Default OS) with 64 Bit linux Pale Moon
Windows 7 SP1, 64 Bit (Backup OS) with 32 Bit windows Pale Moon

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby John connor » Sat, 06 Jan 2018, 02:53

Last edited by John connor on Sat, 06 Jan 2018, 02:55, edited 1 time in total.

User avatar
Tomaso
Keeps coming back
Keeps coming back
Posts: 981
Joined: Thu, 23 Jul 2015, 16:09
Location: Norway

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby Tomaso » Sat, 06 Jan 2018, 11:48

Intel facing class-action lawsuits over Meltdown and Spectre bugs:
https://www.theguardian.com/technology/ ... -computer/
Three separate class-action lawsuits have been filed by plaintiffs in California, Oregon and Indiana seeking compensation, with more expected.
All three cite the security vulnerability and Intel’s delay in public disclosure from when it was first notified by researchers of the flaws in June.
Intel said in a statement it “can confirm it is aware of the class actions but as these proceedings are ongoing, it would be inappropriate to comment”.

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby John connor » Sat, 06 Jan 2018, 12:17

No wonder why the CEO pulled his stock.

User avatar
back2themoon
Board Warrior
Board Warrior
Posts: 1184
Joined: Sun, 19 Aug 2012, 20:32

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby back2themoon » Sat, 06 Jan 2018, 13:32

Guess we can also add game consoles to the mix. What are 'evil hackers' going to steal though, high-score tables?
Safe Mode / clean profile info: Help/Restart in Safe Mode
Information to include when asking for support - How to apply user agent overrides

Windows 10 Pro - Pale Moon x64 - FossaMail x64 - Emsisoft Anti-Malware

User avatar
Night Wing
Knows the dark side
Knows the dark side
Posts: 3565
Joined: Mon, 03 Oct 2011, 10:19
Location: Texas, USA

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby Night Wing » Sat, 06 Jan 2018, 13:35

Another reason I'm not in any hurry to install this update in any of my four Windows 7 hard drives is because of what I do with my computers and I'll explain below.

I have three browser but only use two of them mostly. They are in order of preference: Pale Moon, SeaMonkey, Firefox ESR.

1) I do not not store user names or passwords within any browser. I login manually via the keyboard to everything.
2) I do not sync any of my devices either (I have four computers).
3) I do not have any Cloud accounts.
4) I do not do any financial business over the internet (no banking, no brokerage, no credit card transactions, etc). I use a land line telephone to conduct this type of business.
5) I do not do any medical business over the internet (no physicians appointments, no medical portals, etc). I use the same land line telephone.
6) I do not do any governmental business over the internet (no Social Security, no IRS, no county or city jury duty, etc). Again, the same land line telephone.
7) I do not own a smartphone, just an old fashioned 7 year old flip style cell phone which is never connected to the internet.
8) I do not own a tablet so this vulnerability can't affect me.

This is why I am in no hurry to install the patch in any of my four Windows 7 hard drives.

In linux Mint 18.3 (Sylvia) Xfce, I would have to install a different kernel. I'm using in Mint, kernel (4.10.0-38). I have been advised to change to a 4.13.0 kernel. However, in the 4.13 series, there are four different kernels. Basically, 4.13.0-16, 4.13.0-17, 4.13.0-19 and (4.13.0-21). If I choose the wrong kernel, my linux hard drive may not boot. So I've decided to leave well enough alone because of what I do with my browsers in linux which are the same things I (would) do in Windows since I mostly use Linux.

When Linux Mint 19.0 (Tara) in Xfce is publicly released in June of 2018, Mint 19 (which reaches end of life (EOL in April of 2023) will automatically choose the correct 4.13.0 kernel for me for all of my 5 linux hard drives so I won't have to guess. And this is why I am in no rush to fix this vulnerability via any patches since "the sky is not falling in on me".
Linux Mint 19 (Tara) Xfce 64 Bit (Default OS) with 64 Bit linux Pale Moon
Windows 7 SP1, 64 Bit (Backup OS) with 32 Bit windows Pale Moon

yereverluvinuncleber
Fanatic
Fanatic
Posts: 119
Joined: Wed, 06 Dec 2017, 21:25

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby yereverluvinuncleber » Sun, 07 Jan 2018, 01:35

John connor wrote:Why I don't use updates. Haven't used them since 98se. :lol: Not been hacked, no malware, none of that fear mongering BS. I just knew that the update would mess up people's computers. Because I know quality control at M$ is out the Window.


John Connor - My systems have been hacked just the once, properly hacked. I'm still unsure as to how. So, don't assume that because it hasn't happened to you (it may have done and you may not know) that it won't happen. For a long while I supported PCs and many that came in had been infected/hacked. The possibility exists and the reality is that it happens.

My own personal infection almost certainly came through an exploit that allowed read access to files. I have always tried to avoid using all Microsoft products except the o/s to prevent higher privilege access to system resources but somehow a script/program accessed my system was able to do some file access. It looked for Filezilla passwords which it knew were stored in plaintext in a set location. It infected 40 of my Joomla sites with penis enlargement links...

All sites had to be rebuilt from backups.

Filezilla at that time took any password you entered to access a site and stored it, even if you hadn't told it to - it stored the passwords and did so in plain text in an XML file. It didn't bother to obfuscate/hash or provide you with an option to prevent this. The developer refused to change this default behaviour even when he was informed that his program was acting as a trojan horse for malware devs to exploit. It had been used as a well-known hack exploit for thousands of malware injections for years. His response was "you should use a secure o/s instead of Windows".

I have tried to damage filezilla's reputation ever since as I was so unimpressed by that devs appalling attitude, ignoring suggestions to tighten his ship even though he knew it was a point of failure and exploit. The point is that despite even the best intentions any software can give your system vulnerabilities, you can be infected and if you take no precaution you may not know you have already been hacked.

PS. On a separate instance at a different time, someone tried to transfer thousands from my wife's account and they were able to use her password on online banking with a major UK bank. It was only stopped as the transaction was so strange the bank closed her account. We still don't know how they took her password as she only entered it ever through supposedly secure school computers... An example of an unknown exploit.

IT happens!
Last edited by yereverluvinuncleber on Sun, 07 Jan 2018, 11:23, edited 2 times in total.

yereverluvinuncleber
Fanatic
Fanatic
Posts: 119
Joined: Wed, 06 Dec 2017, 21:25

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby yereverluvinuncleber » Sun, 07 Jan 2018, 15:40

Still the question remains: Are the Palemoon developers implementing the same timer blurring that the Firefox devs are doing? I've only seen an response to one of the potential changes that being that the shared array component hasn't been implemented on PM so it is already, in effect, disabled.

IS PM safe to use and can the second change help mitigate a drive-by exploit?

IS the change coming?

User avatar
Isengrim
Lunatic
Lunatic
Posts: 451
Joined: Tue, 08 Sep 2015, 22:54
Location: 127.0.0.1
Contact:

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby Isengrim » Sun, 07 Jan 2018, 16:04

yereverluvinuncleber wrote:Still the question remains: Are the Palemoon developers implementing the same timer blurring that the Firefox devs are doing? I've only seen an response to one of the potential changes that being that the shared array component hasn't been implemented on PM so it is already, in effect, disabled.

IS PM safe to use and can the second change help mitigate a drive-by exploit?

IS the change coming?

viewtopic.php?f=1&p=131437
Moonchild wrote:Pale Moon already set the granularity for the performance timers sufficiently coarse in Oct 2016 when it became clear that this could be used to perform hardware-timing based attacks and fingerprinting.
Linux Mint 18.3 Cinnamon (64-bit)
Windows 7 (64-bit) (Sometimes)
Windows 10 (64-bit) (Sometimes)
We are our choices.

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby John connor » Sun, 07 Jan 2018, 16:55

yereverluvinuncleber wrote:
John connor wrote:Why I don't use updates. Haven't used them since 98se. :lol: Not been hacked, no malware, none of that fear mongering BS. I just knew that the update would mess up people's computers. Because I know quality control at M$ is out the Window.


John Connor - My systems have been hacked just the once, properly hacked. I'm still unsure as to how. So, don't assume that because it hasn't happened to you (it may have done and you may not know) that it won't happen. For a long while I supported PCs and many that came in had been infected/hacked. The possibility exists and the reality is that it happens.

My own personal infection almost certainly came through an exploit that allowed read access to files. I have always tried to avoid using all Microsoft products except the o/s to prevent higher privilege access to system resources but somehow a script/program accessed my system was able to do some file access. It looked for Filezilla passwords which it knew were stored in plaintext in a set location. It infected 40 of my Joomla sites with penis enlargement links...

All sites had to be rebuilt from backups.

Filezilla at that time took any password you entered to access a site and stored it, even if you hadn't told it to - it stored the passwords and did so in plain text in an XML file. It didn't bother to obfuscate/hash or provide you with an option to prevent this. The developer refused to change this default behaviour even when he was informed that his program was acting as a trojan horse for malware devs to exploit. It had been used as a well-known hack exploit for thousands of malware injections for years. His response was "you should use a secure o/s instead of Windows".

I have tried to damage filezilla's reputation ever since as I was so unimpressed by that devs appalling attitude, ignoring suggestions to tighten his ship even though he knew it was a point of failure and exploit. The point is that despite even the best intentions any software can give your system vulnerabilities, you can be infected and if you take no precaution you may not know you have already been hacked.

PS. On a separate instance at a different time, someone tried to transfer thousands from my wife's account and they were able to use her password on online banking with a major UK bank. It was only stopped as the transaction was so strange the bank closed her account. We still don't know how they took her password as she only entered it ever through supposedly secure school computers... An example of an unknown exploit.

IT happens!



I don't know what you have there or how you run things, but I run a pretty tight ship.

I don't understand why you mention Joomla. That' isn't an OS. And if you use Joomla, that is a hackers paradise. Stay far, far away from it. It's no better than Wordpress which seems to have a far amount of holes, unless you use certain security plugins, proper server configuration and a WAF. mod_security included.

I wouldn't use Filezilla. I use Winscp.
Last edited by John connor on Sun, 07 Jan 2018, 16:56, edited 1 time in total.

yereverluvinuncleber
Fanatic
Fanatic
Posts: 119
Joined: Wed, 06 Dec 2017, 21:25

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby yereverluvinuncleber » Sun, 07 Jan 2018, 17:05

Joomla has nothing to do with it. That was the result, please read again, insert Drupal if it makes it more valid for you. If not then just forget that bit...

Of course you may or may not be using filezilla, I use WINSCP - but that's not the point!

If you don't get what I was trying to say there won't be much point in explaining... I'm sure you DO get it. You are a native English speaker so I am sure you do really.
Last edited by yereverluvinuncleber on Sun, 07 Jan 2018, 17:08, edited 1 time in total.

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby John connor » Sun, 07 Jan 2018, 17:23

yereverluvinuncleber wrote:I'm sure you DO get it.



No, I don't actually. I was talking and responding about Winblows constant update madness and how they seem to cause more problems than they are worth, and you are talking about website software. This isn't a language barrier.


As far as I'm concerned, the only updates worth installing are criticals. But with 10, you're SOL on that endeavor. 10 made the consumer Redmond's little cash cow, and that's a big understatement. If I could only play my games in Linux...
Last edited by John connor on Sun, 07 Jan 2018, 17:28, edited 3 times in total.

yereverluvinuncleber
Fanatic
Fanatic
Posts: 119
Joined: Wed, 06 Dec 2017, 21:25

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby yereverluvinuncleber » Sun, 07 Jan 2018, 17:25

Possible trolling? That might explain it. Read again and if it makes no sense discard and forget I posted.

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby John connor » Sun, 07 Jan 2018, 17:27

yereverluvinuncleber wrote:Possible trolling? That might explain it. Read again and if it makes no sense discard and forget I posted.



What the... I am responding to you and you accuse me of being a troll? Good grief. Trolls don't engage in conversation. They deflect and.. troll. I'm done here.

Now because you called me a troll, some mod is gonna come around and hand me a yet another unwarranted Warning.
Last edited by John connor on Sun, 07 Jan 2018, 17:29, edited 2 times in total.

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby John connor » Sun, 07 Jan 2018, 17:31

Here's a good read if anyone is interested. https://www.schneier.com/blog/archives/ ... mel_1.html

User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1633
Joined: Tue, 19 May 2015, 02:26
Location: Arizona U.S.

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby Thehandyman1957 » Sun, 07 Jan 2018, 17:35

John connor wrote:If I could only play my games in Linux...


Off-topic:
Now there is the understatement of the year. Truly, one of the biggest hurdles for me and Linux.
I can do a lot of things in Linux but I hate the idea of having to shut down my machine just to go
play a game. Sadly, VM just don't do it. :thumbdown:


Post by "yereverluvinuncleber"
Possible trolling?


Could you please explain? I don't see any trolling activity here. :think:
"A common mistake people make when trying to design something
completely FOOLPROOF, is underestimating the ingenuity of complete FOOLS! ;) "

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby John connor » Sun, 07 Jan 2018, 17:48

Thehandyman1957 wrote:I can do a lot of things in Linux but I hate the idea of having to shut down my machine just to go
play a game.



Off-topic:
Yeah, unfortunately I don't think there is enough incentive for Linux users who can port the game or the game developers to make the game work in Linux. Not only that, but Origin and Steam are big Windows players (no pun intended). So there's that.

I mostly play older games though. My main game is FSX and BF2 with the AIX mod. I do have BF3, but I got pissed off that I was spraying a couple players and they didn't go down. I was told they had some "perks" or something. I promptly uninstalled.
Last edited by John connor on Sun, 07 Jan 2018, 17:49, edited 1 time in total.

User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1633
Joined: Tue, 19 May 2015, 02:26
Location: Arizona U.S.

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread postby Thehandyman1957 » Sun, 07 Jan 2018, 18:38

John connor wrote:Here's a good read if anyone is interested. https://www.schneier.com/blog/archives/ ... mel_1.html


Thanks. :thumbup: Some of the best of it was the comments. Makes me realize that this is way bigger than most realize and
truly over my head in magnitudes. :wtf:
"A common mistake people make when trying to design something
completely FOOLPROOF, is underestimating the ingenuity of complete FOOLS! ;) "


Return to “General discussion”

Who is online

Users browsing this forum: niteshade and 5 guests