Intel will outsource some 14nm chip production to TSMC

[philehidiot]

Which motherboard was it?

</sarcasticly copying> (what prompted you to doing these weird code injections to your posts? )

Z-97.

I don't know why the code made it in... it's a vaguely odd way of making sure people know I'm bitter about things.

#mockinghashtags.

[badass]

By your logic, Heartbleed was a null and void security risk as well.

Using information disclosure vulnerabilities you can extract information piecemeal until eventually you will get something valuable which means running the information disclosure multiple times you could get passwords, PID and other information from processes as they are running. Using the extracted information will allow an easier attack on other subsystems within the computer to continue the malicious operation of a system. Meltdown is a bit worse because you can read the entire memory, that is serious beyond the extremes and will allow far more than Spectre.

You're right, Spectre and Meltdown on their own are like a Condom machine in a Nunnery but just because they're useless on their own doesn't mean they don't make malicious lives easier in other areas. Another example would be that a diamond tipped drill makes a bank robbery dramatically easier if used in the right place at the right time but it's not always useful unless all the other conditions contribute to the ability to use it.

Even the wikipedia entries detail some elements of what they can be used for. You have distilled the issue into its individual components and aren't considering that hacks/viruses actually use broad swathes and combinations of attacks, vulnerabilities and exploits.

Aaaaaaand going back to what my post was in answer to, what does this have to do with turning your machine into a zombie?

[badass]

The worry for Spectre was that one tab in a browser could read banking details in another tab. Fairly easy to see how money can be made by that.

Vast resources? It didn't look that hard to exploit, and given an exploit could be written in Javascript and served via an advert server you don't even have to infect websites to grab those details.

Why no exploit code out there other then proof of concept code then after 9 months. Typically, exploits are out in the public within 4 hours of patch Tuesday.

Remember, my comments were about using spectre/meltdown to turn home user machines into zombies.

Which is why microcode updates are also applied on operating system startup by Windows and Linux distributions.

Going back to my original point, just don't worry! (if you are a home user. Businesses have a different risk profile)

Just to reiterate then entire point of what I have been posting about. Home users simply don't need to worry about these vulnerabilities. Mitigations are already in place on their machines. Particularly if they have an up to date security suite installed.

[DanceswithUnix]

Remember, my comments were about using spectre/meltdown to turn home user machines into zombies.

...

Mitigations are already in place on their machines. Particularly if they have an up to date security suite installed.

Well it could be used to map the address randomisation so stripping that level of protection from a PC making remote exploits easier. These things are seldom used in isolation.
If you can discover someone's router password via Spectre and they have public admin turned on (sadly commonplace) they could botnet that.

But otherwise I do agree, don't stress over the performance impact just stay patched and generally up to date. Making any other choice will likely hurt.

[badass]

Well it could be used to map the address randomisation so stripping that level of protection from a PC making remote exploits easier. These things are seldom used in isolation.
If you can discover someone's router password via Spectre and they have public admin turned on (sadly commonplace) they could botnet that.

But otherwise I do agree, don't stress over the performance impact just stay patched and generally up to date. Making any other choice will likely hurt.

I think we agree on the "don't stress" side of things.
Your scenario is indeed possible, however I also originally said "Can you then please explain how it is economically viable to use said process to make lots of money. Or explain how someone with the vast resources required to create said process will use it in such a way that it ends up indiscriminately attacking members of the public."
I appreciate that is not what you were responding to directly.

The context of my comments was that the botnet/zombie scenario where spectre/meltdown is used as a part of the attack that indiscriminately attacks the general public. The cyber risks to the general public are these days entirely about criminals making money. For a making money scenario, the criminals will not go for an incredibly difficult and complex exploit chain that's unreliable at best. They will target the easiest ways of making money, such as ransomware, cryptomining malware etc.

I hasten to add that things are different with businesses. Some don't need to care. Others really do!

[CAT-THE-FIFTH]

Not sure if true:

https://mobile.twitter.com/witeken/s...43796660387840

10nm desktop parts in 2020??

[CAT-THE-FIFTH]

Intel is moving back some of it's chip production back to 22nm:

https://www.tomshardware.com/news/in...10c,37819.html

[Corky34]

What's the betting they're using 22FFL.

[CAT-THE-FIFTH]

What's the betting they're using 22FFL.

Probably as Atom won't be made on that still to any large degree I suspect.

[badass]

Not sure if true:

https://mobile.twitter.com/witeken/s...43796660387840

10nm desktop parts in 2020??

Whilst not great in the short term overall, I hope so. I want to see AMD overtake Intel performance wise both for desktops and server and make enough money to really up their R&D again. Hopefully enough to get their market share high enough to keep Intel on its toes. That will keep costs down for us in the years to come.