Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Asustor Lockerstor 4 (AS6604T) NAS Review
Hitman III: PC graphics perf benchmark review
TeamGroup CX2 1TB SATA3 SSD review
EVGA GeForce RTX 3070 FTW3 Ultra review
Corsair 5000D PC Chassis Review
NZXT Kraken X63 RGB Review
ASUS Radeon RX 6900 XT STRIX OC LC Review
TerraMaster F5-221 NAS Review
MSI Radeon RX 6800 XT Gaming X TRIO Review
Sapphire Radeon RX 6800 NITRO+ review

New Downloads
GeForce 461.40 WHQL driver download
HWiNFO Download v6.42
Prime95 download version 30.4 build 8
CrystalDiskInfo 8.10.0 Download
SiSoft Sandra 20/20 download v30.92
AMD Radeon Adrenalin Edition 21.1.1 driver download
CPU-Z download v1.95
Intel HD graphics Driver Download Version: DCH 27.20.100.9168
GeForce 461.33 hotfix driver download
AIDA64 Download Version 6.32.5620 beta


New Forum Topics
GeForce 461.40 WHQL drivers: download & discussion Intel Teams up with ASUS and Colorful for first dedicated Iris Xe (DG1) Graphics cards Intel Shows Xe HPC Multi-Chip Module Die ROG Strix SCAR 17 with the latest AMD Ryzen processors and NVIDIA GeForce RTX 30 graphics RTSS 6.7.0 beta 1 New Ryzen system very weird problems with RAM and XMP New Gigabyte Z390 BAR bios added My experience with 4-way Sli thus far Radeon Software Adrenalin 2020 Edition 21.1.1 Download & Discussion Kozary's Triple SLI Thread




Guru3D.com » News » RIDL vulnerability hits Intel - new Side Channel Attack potentially is worse than Spectre and Meltdown

RIDL vulnerability hits Intel - new Side Channel Attack potentially is worse than Spectre and Meltdown

by Hilbert Hagedoorn on: 05/14/2019 07:38 PM | source: volkskrant.nl | 170 comment(s)
RIDL vulnerability hits Intel  - new Side Channel Attack potentially is worse than Spectre and Meltdown

Dutch researchers discover a major leak in Intel processors that is present in 75% of all computers with an Intel processor. A new threefold of attacks are different from and more dangerous than Meltdown, Spectre and their variations because they can leak data from CPU buffers, which is not necessarily present in caches.

Researchers at the VU University Amsterdam have discovered a leak in Intel processors that are found in practically every modern computer. This makes it possible to retrieve sensitive data from the memory - such as passwords and bank details.An attacker running unprivileged code on a vulnerable machine could use MDS security flaws to extract information from the operating system kernel, processes, the Software Guard eXtensions (SGX) enclave, and CPU-internal operations.  Researchers have named a Microarchitectural Data Sampling (MDS) attack and targets a CPU's microarchitectural data structures, such as the load, store, and line fill buffers, which the CPU uses for fast reads/writes of data being processed inside the CPU. To be able to exploit the vulnerability, no more is needed than hiding a few lines of malicious code on for example a website. A visitor that opens this site open, it will leak information.

According to Herbert Bos, professor of Systems and Network Security at the VU and co-discoverer of the leak, the find shows that contemporary processors have become so complex that chip makers are unable to control security. Last year two major leaks in processors were discovered: called Spectre and Meltdown. Both leaks were closed, but that happened provisionally. Since the vulnerability is in the hardware, it is difficult to fix. In fact, this is only possible with a detour via software updates.

 

 

What is described as Zombieload, RIDL and Fallout can used to attacks victims. Computers with Intel processors are vulnerable. It is estimated that roughly three-quarters of all desktops and laptops are stored in consumers' homes and offices. In the case of the new vulnerability, called RIDL by the researchers, it is a problem with chips specifically from Intel often used in computers and servers. Phones and tablets are virtually unaffected by this, neither are laptops and desktop based on an AMD processor.

  • Website dedicated to all MDS attacks 
  • Bitdefender technical paper
  • Intel on MDS attacks
  • Intel security updates
  • Windows, Mac, Linux, Red Hat, and Google products security updates

A quick fix, "If you disable hyperthreading and at the same time you use Intel’s proposed mitigation (that is, using the very instruction) the MDS vulnerabilities are mitigated on old Intel processors," says VUSec's Pietro Frigo. That would be procs below 8th, 9th Gen Intel CPUs. However, in several research papers published today, academics say that all Intel CPUs released since 2011 are most likely vulnerable. The researchers reported the vulnerability to Intel in September 2018. 

Update: As we just learned, Intel actually is not recommending disabling hyperthreading. See the following from Intel’s “mitigation” section on the MDS page:

Once these updates are applied, it may be appropriate for some customers to consider additional steps. This includes customers who cannot guarantee that trusted software is running on their system(s) and are using Simultaneous Multi-Threading (SMT). In these cases, customers should consider how they utilize SMT for their particular workload(s), guidance from their OS and VMM software providers, and the security threat model for their particular environment. Because these factors will vary considerably by customer, Intel is not recommending that Intel HT be disabled, and it’s important to understand that doing so does not alone provide protection against MDS.







« ASUSTOR Launches Nimbustor 2 and 4 consumer NAS Servers (w/ 2.5 Gigabit Ethernet) · RIDL vulnerability hits Intel - new Side Channel Attack potentially is worse than Spectre and Meltdown · HP introduces OMEN X 2S gaming laptop which has an extra 6in second screen »

34 pages 1 2 3 4 > »


anticupidon



Posts: 5524
Joined: 2008-03-06

#5669145 Posted on: 05/14/2019 07:48 PM
What.the.actual.Fxxx Intel??

Will sell my Intel as soon as someone will offer some money, will not bargain, just have it sold.
Out, out out with it.

Evildead666
Senior Member



Posts: 1302
Joined: 2003-09-14

#5669151 Posted on: 05/14/2019 08:02 PM
Thats a pretty big problem there.

tsunami231
Senior Member



Posts: 11220
Joined: 2003-05-24

#5669152 Posted on: 05/14/2019 08:07 PM
well, it has been to long since the last vulnerablity has be outted. Intel is in the news yet again. more performance hits incoming.

Evildead666
Senior Member



Posts: 1302
Joined: 2003-09-14

#5669153 Posted on: 05/14/2019 08:10 PM
So, all those people with i7's are just to make them i5's, without the HT ?
I'm not sure if this is a temporary measure,or as well as the microcode updates.
edit : as well as, apparently.

anticupidon
Senior Member



Posts: 5524
Joined: 2008-03-06

#5669154 Posted on: 05/14/2019 08:12 PM
Well, for gamers Hyper threading was never a selling point, but for data centers, content creators and people who render/fold/archive data is a big hit in performance.
The more I think, the more an OpenSource CPU seems more and more needed.

34 pages 1 2 3 4 > »


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021