Read more.New sensitive data snooping attack relies on weaknesses in speculative execution.
Read more.New sensitive data snooping attack relies on weaknesses in speculative execution.
*multi face slap groan*
I love Intels response: Suffer a 3-9% reduction in performance dependent on load or by up to 30% by disabling SMT/HT...Nice
WTF is going on with all this exploits? And it is mostly hitting Intel.
Karma or something else?
The more you live, less you die. More you play, more you die. Isn't it great.
How many is this now? I'm losing count...
Interesting, it looks like AMD said their kit wasn't susceptible: https://www.guru3d.com/news-story/am...ad-attack.html
But going to the AMD site referenced the Zombieload name has been removed so I wonder if they are having another look: https://www.amd.com/en/corporate/product-security
mtyson (15-05-2019)
Just a new attack vector - once someone demonstrates one proof-of-concept attack through a new vector others will inevitably start exploring ways of using it, and you get a big spike in related exploits. And since Intel makes up the vast majority of the desktop CPU market it's an inevitable target for testing.
That said, Intel appear to have a couple more holes in their spec-ex implementation than AMD. Whether that was a deliberate decision to improve performance, a simple oversight, or something that would've been difficult to predict ... who can say?
Marvellous. I've just splashed out on a new 9th gen coffee lake chip and still have to put up with this rubbishrubbishrubbishrubbish
It's bad enough we never reach the BS performance figures that marketting departments promise us as it is, and then we have to take another hit for their incompetance.
I don't think AMD are susceptible but I bet they are sure gonna find out a million percent (RIP Jezza Kyles show) that they aren't...
Old puter - still good enuff till I save some pennies!
Occam's razor would suggest it is just basic sloppiness. Yes it is difficult to get right, so would be an obvious corner to cut when up against a deadline.
AMD still have a burden of having to be seen to be compatible and I think are held to a higher standard than Intel and so have to put more effort in for the fear of people pointing and shouting "incompatible" at the first hint of trouble.
Was going to upgrade my CPUs but all these exploits / performance hits if / when they get patched (still haven't got full mitigation for Spectre and Meltdown as the BIOS never got updated for my mobo), I'm wondering whether the money would be better spent changing the CPU, Mobo and RAM and going AMD based build.
Didn't the Spectre/Meltdown microcode fixes get deployed with Windows - I think this is the one: https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates
Presumably the same will happen here? (I wonder what further impact this will have on my ageing 3570k that I cannot afford to replace.)
only if you're on win10 and for a generation they want to support. Win7 could be patched too but they can't be arsed despite intel releasing the fix for it. So neither MS nor the mobo manufacturer will release the fix despite the code for it being released by intel.
At least you'll get OS level microcode support, more than users of older systems will receive. Also looking at the performance hit, if it's negligible on the 9900K, I doubt the 9700K/KF will be much different. Seems like it's a design flaw that has propagated through multiple refreshes of the architecture, until Intel come up with a newer chip design they'll probably see more exploits in a similar vein to this.
Honestly as long as you aren't doing stupid things to get malware infections, it shouldn't be an issue anyway.
blokeinkent (15-05-2019)
The problem is its not about "doing stuoid things" that get you infected wherein a surprising amount of infections can happen while using legitimate sites. The majority of hits i see in our environments caught by the anti exploit software often have happened by normal day to day activities and are hits from malvertisements.
This is why in enterprise organisations HTTPS interception has become mandatory so that the deep packet inspection can prevent attacks inside the "secure" communications with remote servers.
It's been a long time since just "doing stupid" has been the majority cause of infections.
badass (17-05-2019),DanceswithUnix (16-05-2019)
There are currently 1 users browsing this thread. (0 members and 1 guests)