Page 1 of 3 123 LastLast
Results 1 to 16 of 36

Thread: Zombieload Intel side-channel attack detailed

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    28,921
    Thanks
    0
    Thanked
    1,865 times in 638 posts

    Zombieload Intel side-channel attack detailed

    New sensitive data snooping attack relies on weaknesses in speculative execution.
    Read more.

  2. #2
    Senior Member
    Join Date
    May 2014
    Posts
    1,464
    Thanks
    89
    Thanked
    196 times in 140 posts

    Re: Zombieload Intel side-channel attack detailed

    *multi face slap groan*

    I love Intels response: Suffer a 3-9% reduction in performance dependent on load or by up to 30% by disabling SMT/HT...Nice

  3. #3
    Senior Member
    Join Date
    Apr 2004
    Location
    Geneva, Switzerland
    Posts
    290
    Thanks
    0
    Thanked
    22 times in 12 posts

    Re: Zombieload Intel side-channel attack detailed

    WTF is going on with all this exploits? And it is mostly hitting Intel.

    Karma or something else?
    The more you live, less you die. More you play, more you die. Isn't it great.

  4. #4
    Cinnamon Roll Ozaron's Avatar
    Join Date
    Jan 2017
    Location
    Norfolk
    Posts
    538
    Thanks
    61
    Thanked
    30 times in 29 posts
    • Ozaron's system
      • Motherboard:
      • MSI Z170 SLI Plus
      • CPU:
      • i5-6600K @ 4.3GHz
      • Memory:
      • 16GB HyperX DDR4 2666MHz CL14
      • Storage:
      • Toshiba X300 4TB (2), Samsung 850 Evo 500GB
      • Graphics card(s):
      • Sapphire R9 Fury Nitro
      • PSU:
      • Seasonic M12-II 620w
      • Case:
      • Corsair Obsidian 500D
      • Operating System:
      • W10 Enterprise 64bit
      • Monitor(s):
      • BenQ GW2765HT
      • Internet:
      • 2.5 MB/s ↓ 0.86 MB/s ↑ ~20ms

    Re: Zombieload Intel side-channel attack detailed

    How many is this now? I'm losing count...

  5. #5
    Senior Member
    Join Date
    Apr 2004
    Location
    Geneva, Switzerland
    Posts
    290
    Thanks
    0
    Thanked
    22 times in 12 posts

    Re: Zombieload Intel side-channel attack detailed

    Quote Originally Posted by Tabbykatze View Post
    *multi face slap groan*

    I love Intels response: Suffer a 3-9% reduction in performance dependent on load or by up to 30% by disabling SMT/HT...Nice

    So once you mitigate all possible exploits, what will be the performance? Bulldozer like?
    The more you live, less you die. More you play, more you die. Isn't it great.

  6. #6
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    10,113
    Thanks
    503
    Thanked
    1,043 times in 887 posts
    • DanceswithUnix's system
      • Motherboard:
      • Asus X470-PRO
      • CPU:
      • 3700X
      • Memory:
      • 16GB 3200MHz
      • Storage:
      • 1TB Linux, 1TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 30 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Samsung 2343BW 2048x1152
      • Internet:
      • Zen 80Mb/20Mb VDSL

    Re: Zombieload Intel side-channel attack detailed

    Interesting, it looks like AMD said their kit wasn't susceptible: https://www.guru3d.com/news-story/am...ad-attack.html

    But going to the AMD site referenced the Zombieload name has been removed so I wonder if they are having another look: https://www.amd.com/en/corporate/product-security

  7. Received thanks from:

    mtyson (15-05-2019)

  8. #7
    Senior Member
    Join Date
    May 2014
    Posts
    1,464
    Thanks
    89
    Thanked
    196 times in 140 posts

    Re: Zombieload Intel side-channel attack detailed

    Quote Originally Posted by darcotech View Post
    So once you mitigate all possible exploits, what will be the performance? Bulldozer like?
    Probably not far off...

    Quote Originally Posted by DanceswithUnix View Post
    Interesting, it looks like AMD said their kit wasn't susceptible: https://www.guru3d.com/news-story/am...ad-attack.html

    But going to the AMD site referenced the Zombieload name has been removed so I wonder if they are having another look: https://www.amd.com/en/corporate/product-security
    Looks that way, it's in their best interests to make sure they both are secure and have a one up on Intel.

  9. #8
    Not a good person scaryjim's Avatar
    Join Date
    Jan 2009
    Location
    Manchester
    Posts
    15,044
    Thanks
    1,194
    Thanked
    2,246 times in 1,847 posts
    • scaryjim's system
      • Motherboard:
      • Dell Inspiron
      • CPU:
      • Core i5 8250U
      • Memory:
      • 1x 8GB DDR4 2400
      • Storage:
      • 128GB M.2 SSD + 1TB HDD
      • Graphics card(s):
      • Radeon R5 230
      • PSU:
      • Battery/Dell brick
      • Case:
      • Dell Inspiron 5570
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 15" 1080p laptop panel

    Re: Zombieload Intel side-channel attack detailed

    Quote Originally Posted by darcotech View Post
    WTF is going on with all this exploits? And it is mostly hitting Intel.

    Karma or something else?
    Just a new attack vector - once someone demonstrates one proof-of-concept attack through a new vector others will inevitably start exploring ways of using it, and you get a big spike in related exploits. And since Intel makes up the vast majority of the desktop CPU market it's an inevitable target for testing.

    That said, Intel appear to have a couple more holes in their spec-ex implementation than AMD. Whether that was a deliberate decision to improve performance, a simple oversight, or something that would've been difficult to predict ... who can say?

  10. #9
    Member
    Join Date
    May 2009
    Posts
    189
    Thanks
    60
    Thanked
    18 times in 15 posts
    • blokeinkent's system
      • Motherboard:
      • MSI MPG Z390 Gaming Pro Carbon AC
      • CPU:
      • Core i7 9700KF s1151 3.6/4.9GHz
      • Memory:
      • 16GB (2x8GB) Corsair DDR4 Vengeance LPX Black PC4-25600 (3200)
      • Storage:
      • Samsung 2TB 860 Evo SSD + 250GB 750 Evo SSD + 3x WD 6TB
      • Graphics card(s):
      • EVGA GTX 1070 FTW Gaming ACX 3.0
      • PSU:
      • Corsair AX 760
      • Case:
      • Fractal Design Define S2 (White)
      • Operating System:
      • Windows 10 Pro 64bit
      • Monitor(s):
      • Acer Predator XB281HK 4K
      • Internet:
      • TalkTalk Faster Fibre +Boost

    Re: Zombieload Intel side-channel attack detailed

    Marvellous. I've just splashed out on a new 9th gen coffee lake chip and still have to put up with this rubbishrubbishrubbishrubbish

    It's bad enough we never reach the BS performance figures that marketting departments promise us as it is, and then we have to take another hit for their incompetance.

  11. #10
    Senior Member
    Join Date
    Aug 2003
    Location
    Wonderful Warwick!
    Posts
    2,674
    Thanks
    0
    Thanked
    102 times in 85 posts

    Re: Zombieload Intel side-channel attack detailed

    I don't think AMD are susceptible but I bet they are sure gonna find out a million percent (RIP Jezza Kyles show) that they aren't...
    Old puter - still good enuff till I save some pennies!

  12. #11
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    10,113
    Thanks
    503
    Thanked
    1,043 times in 887 posts
    • DanceswithUnix's system
      • Motherboard:
      • Asus X470-PRO
      • CPU:
      • 3700X
      • Memory:
      • 16GB 3200MHz
      • Storage:
      • 1TB Linux, 1TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 30 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Samsung 2343BW 2048x1152
      • Internet:
      • Zen 80Mb/20Mb VDSL

    Re: Zombieload Intel side-channel attack detailed

    Quote Originally Posted by scaryjim View Post
    That said, Intel appear to have a couple more holes in their spec-ex implementation than AMD. Whether that was a deliberate decision to improve performance, a simple oversight, or something that would've been difficult to predict ... who can say?
    Occam's razor would suggest it is just basic sloppiness. Yes it is difficult to get right, so would be an obvious corner to cut when up against a deadline.

    AMD still have a burden of having to be seen to be compatible and I think are held to a higher standard than Intel and so have to put more effort in for the fear of people pointing and shouting "incompatible" at the first hint of trouble.

  13. #12
    <Insert witty one liner> Kanoe's Avatar
    Join Date
    Dec 2005
    Posts
    759
    Thanks
    64
    Thanked
    74 times in 51 posts
    • Kanoe's system
      • Motherboard:
      • Asus Z9PE-D8 WS
      • CPU:
      • 2x Intel Xeon E5-2667v2 @ Stock
      • Memory:
      • Samsung ECC RDIMM DDR3 PC-14900 128GB (8 x 16GB) @ Stock
      • Storage:
      • 240GB SanDisk Extreme II SSD, 960GB ADATA 8200 M.2, 960GB SanDisk Ultra II SSD, 1TB Samsung F3 HDD
      • Graphics card(s):
      • MSI Sea Hawk X 1080Ti (@2050/1501)
      • PSU:
      • Superflower 1200W
      • Case:
      • Phanteks Enthoo Primo v2
      • Operating System:
      • Win 10 Pro 64bit
      • Monitor(s):
      • 28" ASUS PB287Q 4k + 24" Dell U2412M
      • Internet:
      • VM @ 500/30

    Re: Zombieload Intel side-channel attack detailed

    Was going to upgrade my CPUs but all these exploits / performance hits if / when they get patched (still haven't got full mitigation for Spectre and Meltdown as the BIOS never got updated for my mobo), I'm wondering whether the money would be better spent changing the CPU, Mobo and RAM and going AMD based build.

  14. #13
    Now 100% Apple free cheesemp's Avatar
    Join Date
    Apr 2007
    Location
    Near the New forest
    Posts
    2,283
    Thanks
    158
    Thanked
    148 times in 103 posts
    • cheesemp's system
      • Motherboard:
      • Gigabyte Z77-D3H
      • CPU:
      • Intel i5 3570k @ 4.2
      • Memory:
      • 16gb Crucial Ballastix Elite DDR3 @1866
      • Storage:
      • 64Gb M4 + 240Gb arc100 + 2x500Gb HDD
      • Graphics card(s):
      • RX 480 8Gb Nitro+ OC
      • PSU:
      • Antec 650W Semi modular
      • Case:
      • NZXT Source S340 Mid Tower
      • Operating System:
      • Win 10
      • Monitor(s):
      • 32" QHD AOC Q3279VWF
      • Internet:
      • FTTC ~30Mb

    Re: Zombieload Intel side-channel attack detailed

    Quote Originally Posted by Kanoe View Post
    Was going to upgrade my CPUs but all these exploits / performance hits if / when they get patched (still haven't got full mitigation for Spectre and Meltdown as the BIOS never got updated for my mobo), I'm wondering whether the money would be better spent changing the CPU, Mobo and RAM and going AMD based build.
    Didn't the Spectre/Meltdown microcode fixes get deployed with Windows - I think this is the one: https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates

    Presumably the same will happen here? (I wonder what further impact this will have on my ageing 3570k that I cannot afford to replace.)
    Trust

    Laptop : Lenovo G505s A8-5550m 8Gb 240Gb SSD Radeon HD 8550G + Radeon HD 8570M dual graphics

  15. #14
    Member
    Join Date
    Jun 2018
    Posts
    139
    Thanks
    11
    Thanked
    30 times in 24 posts
    • atemporal's system
      • Motherboard:
      • Dell ownbrand
      • CPU:
      • i5-2500
      • Memory:
      • 4GB DDR3
      • Storage:
      • 160GB HDD
      • Graphics card(s):
      • you're kidding right?
      • PSU:
      • 300W OEM Dell
      • Case:
      • Dell Optiplex 990
      • Operating System:
      • windows 7
      • Monitor(s):
      • Some small 17" dell thing
      • Internet:
      • yes I has the internet

    Re: Zombieload Intel side-channel attack detailed

    only if you're on win10 and for a generation they want to support. Win7 could be patched too but they can't be arsed despite intel releasing the fix for it. So neither MS nor the mobo manufacturer will release the fix despite the code for it being released by intel.

  16. #15
    Senior Member
    Join Date
    May 2009
    Location
    Where you are not
    Posts
    656
    Thanks
    258
    Thanked
    53 times in 42 posts
    • Iota's system
      • Motherboard:
      • Asus Maximus Hero XI
      • CPU:
      • Intel Core i7 9700K
      • Memory:
      • CMD32GX4M2C3200C16
      • Storage:
      • 1 x 250GB / 1 x 1TB Samsung 970 Evo Plus NVMe
      • Graphics card(s):
      • Nvidia RTX 2080 FE
      • PSU:
      • Corsair HXi 850
      • Case:
      • Lian Li PC-X500B
      • Operating System:
      • Windows 10 Pro 64-bit
      • Monitor(s):
      • Dell S2716DG
      • Internet:
      • 40Mbps SKY Fibre

    Re: Zombieload Intel side-channel attack detailed

    Quote Originally Posted by blokeinkent View Post
    Marvellous. I've just splashed out on a new 9th gen coffee lake chip and still have to put up with this rubbishrubbishrubbishrubbish

    It's bad enough we never reach the BS performance figures that marketting departments promise us as it is, and then we have to take another hit for their incompetance.
    At least you'll get OS level microcode support, more than users of older systems will receive. Also looking at the performance hit, if it's negligible on the 9900K, I doubt the 9700K/KF will be much different. Seems like it's a design flaw that has propagated through multiple refreshes of the architecture, until Intel come up with a newer chip design they'll probably see more exploits in a similar vein to this.

    Honestly as long as you aren't doing stupid things to get malware infections, it shouldn't be an issue anyway.

  17. Received thanks from:

    blokeinkent (15-05-2019)

  18. #16
    Senior Member
    Join Date
    May 2014
    Posts
    1,464
    Thanks
    89
    Thanked
    196 times in 140 posts

    Re: Zombieload Intel side-channel attack detailed

    The problem is its not about "doing stuoid things" that get you infected wherein a surprising amount of infections can happen while using legitimate sites. The majority of hits i see in our environments caught by the anti exploit software often have happened by normal day to day activities and are hits from malvertisements.

    This is why in enterprise organisations HTTPS interception has become mandatory so that the deep packet inspection can prevent attacks inside the "secure" communications with remote servers.

    It's been a long time since just "doing stupid" has been the majority cause of infections.

  19. Received thanks from:

    badass (17-05-2019),DanceswithUnix (16-05-2019)

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •