Oh no.
Downfall, Inception, Meltdown, Spectre, I hate to see new vulnerabilities, but their naming choices are solid.
They should name them after their investors and board members.
Gelsinger, McKeon, and Lavender do have a nice ring to them.
Sounds like Bond movies.
Intel claims most consumer software shouldn’t see much impact, outside of image and video editing workloads…
But that’s, like the one place other than games where consumers are looking for performance. What’s left, web browsing and MS Office?
"whew* my horrible bubble sort implementation is safe from performance impacts
It’s not they aren’t impacted only you “don’t see the impact” as noticeably.
As a programmer: compile times
I just skimmed through the article and it seems like this vulnerability is only really meaningful on multi-user systems. It allows one user to access memory dedicated to other users, letting them read stuff they shouldn’t. I would expect that most consumer gaming computers are single-user machines, or only have user accounts for trusted family members and whatnot, so if this mitigation causes too much of a performance hit I expect it won’t be a big risk to turn it off for those particular computers.
this vulnerability is only really meaningful on multi-user systems
Well, that says it all. CPU manufacturers have no incentive at all to secure the computations of multiple users on a single CPU (or cores on the same die)… why would they? They make more cash if everyone has to buy their own complete unit, and they can outsource security issues to ‘the network’ or ‘the cloud’…
Years ago when I was in University this would have been a deathblow to the entire product line, as multi-user systems were the norm. Students logged into the same machines to do their assignments, employees logged into the same company servers for daily tasks.
I guess that isn’t such a thing any more. But wow, what a sh*tshow modern CPU architecture has become, if concern for performance has completely overridden proper process isolation and security. We can’t even trust that a few different users on the same machine can be separated properly due to the design of the CPU itself?
Processor manufacturers target their devices and sales towards cloud computing so they have a huge incentive to avoid having issues like these. It’s ridiculous to suggest otherwise.
Install backdoors and sell that info to governments and companies, then years later reveal the issue to justify downgrading performance of older CPUs to encourage people to upgrade.
Just feels like Prism all over again.
Anti virus companies has also been caught making viruses.
A lot of shady shit happens when there is money and power to be had.
It took them a year for a microcode fix and it still has a performance loss of 50% in some cases? Ew
50% 💀
So they created a massive vulnerability by misimplementing speculative execution which promised a, what, 10% speed gain tops and now that it was discovered you have to patch it and lose 50%? Genius.
Next gen is going to be 40% faster.
Ha-ha. My chip’s too old to be affected. I don’t see my architecture on the list.
I knew putting off upgrading for around a decade would pay off. (Windows Update tells me my PC is not “ready” for Windows 11 due to its hardware, either. Oh no, whatever shall I do.)
This inspires confidence with my 2010 ass toshiba sattelite with an i5 and 8gb DDR3. I need to look and see if mine is too old lol.
Dont the older chips suffer from a greater performance drop from spectre and meltdown vulnerabilities?
Well, maybe you can pirate Cortana and whatever other bloatware to catch up.
Every article is a copy paste of the same bullshit talking about the vulnerability and pointing to the stupid cryptic list of processors that requires you to jump through hoops to read it. You can’t just search for your processor in a database I mean fuck that would take them at least an a couple hours of their precious time to set up and they have only had a year. How do you fix it? Why with a microcode update of course!!..from where you ask? Well don’t worry just look at the cryptic list it will tell you if you need a microcode update!!
Fuck every article about this shit. Anyone wanna bust an Eli5 on how to fix this problem for people? (I was assuming it’s a BIOS update but the articles have only confused me further)
You can’t just search for your processor in a database I mean fuck that would take them at least an a couple hours of their precious time to set up and they have only had a year. How do you fix it?
This page tells you how to get your CPUID: https://www.intel.com/content/www/us/en/support/articles/000006831/processors/processor-utilities-and-programs.html
Then search for the CPUID here: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
I figured out how to do it fairly quickly but it would be a hell of a lot easier if people could just type in “11700K” in a box on a web page or something and it could just tell them. Or they could have added a little bit of code to their CPU ID utility that says “yupp your processor is effected by the flaw”. I am mostly annoyed at all this not for me but for all the people who would read those pages and the contents would seem like an insane foreign language to them all while articles are telling them it’s a major security flaw that would allow people to steal their encryption keys.
. Or they could have added a little bit of code to their CPU ID utility that says “yupp your processor is effected by the flaw”.
That is a fair point.
I just found this on the page where they list effected models:
“Note The latest software can be obtained through operating system or VMM vendors”
It’ll probably just be something that happens through ordinary OS updates tbh (though I understand you’d rather know one way or another.)
Guess it’s time for another FPS hit…
While the article says it won’t impact most applications, I suspect it’s closer to saying “won’t impact most applications as much”.
This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer.
So just continue not letting people use my computer, got it. Very simple fix.
Shared use of servers is probably the main issue
/tinfoilhat
I admittedly stopped reading halfway through but I feel like these newest vulnerabilities being discovered are probably just fucking government back doors the manufacturers have been forced to include.
/tinfoilhat
Check out the documentary Zero Days (2016) if you haven’t already. That’s not really a tinfoil hat take these days IMO.
Just means they have to intentionally create new ones to be eventually found for the next generation.
On the plus side now we can steal the info from the criminal’s computers. The cycle of internet life…
I can’t comment on the general trend, but this specific one seems a bit too circumstantial to be of use for a serious spying effort. You’d have to have the spyware running parallel to the apps usong passwords you want to steal in a specific way.
The risk exists, which is bad enough for stochastic reasons (eventually, someone will get lucky and manage to grab something sensitive, and since the potential damage from that is incalculable, the impact axis alone drives this into firm "you need to get that fix out asap), but probably irrelevant in terms of consistency, which would be what you’d need to actually monitor anyone.
If you manage to grab enough info to crack some financial access data, you can steal money. If you can take over some legit online account or obtain some email-password combo, you can sell it. But if you want to monitor what people are doing in otherwise private systems, you need some way to either check on demand or log their actions and periodically send them to your server.
It would be far more reliable to have injection backdoors to allow you access by virtue of forcing a credential check to come up valid than to hope for the lucky grab of credentials the user might change at an arbitrary moment in time.
Yikes the performance hit is scary but if you’re running a server, what option do you have?
> Downfall
Is the Intel CEO holed up in a bunker and raging at his chip designers?
If it’s anything like the industry that I work in, the CEO would have been informed of the short comings of the design numerous times and given a response along the lines of “does it make our CPUs faster and more powerful though?”.
The CEO won’t be pissed of at his chip designer, they’ll be pissed because they’ve been caught out.
Given that the AMD vulnerability was called “Inception,” maybe they just like using movie titles to name CPU vulnerabilities?
Intel’s newer 12th-gen and 13th-gen Core processors are not affected.
Oh ok
Isn’t that convenient?
Upgrade to get 3% performance gains on paper and no noticeable real performance gain!
Oh don’t worry, you’ll hear about that vulnerability in two years.
*cries in 11th gen laptop*
I’m curious if there’s a silver lining of all current DRM keys being accessible through this.
My old-ass Ivy Bridge: Oh no! Anyway…
Good thing my CPU is ancient.
