Slashdot Mirror


User: 110010001000

110010001000's activity in the archive.

Stories
0
Comments
10,610
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,610

  1. Re:Three independent teams found bug at same time on How a Researcher Hacked His Own Computer and Found One of the Worst CPU Bugs Ever Found (reuters.com) · · Score: 1

    It isn't possible all these people independently "discovered" a 20 year old flaw at the same time. Think about it. Google supposedly discovered it six months ago. I don't believe it.

  2. Re:First to market with a fixed CPU gets big rewar on How a Researcher Hacked His Own Computer and Found One of the Worst CPU Bugs Ever Found (reuters.com) · · Score: 1

    I don't think you understand: Meltdown can only be fixed by replacing your Intel processor. There are mitigation steps in software, but it is not possible to fix.

  3. I think people still don't understand: there is no "fix" for Meltdown other than to replace your Intel chip with another one that doesn't have this flaw. The software patches are just mitigation, but they won't fix this issue.

  4. Re:If only I know who to short ... on How a Researcher Hacked His Own Computer and Found One of the Worst CPU Bugs Ever Found (reuters.com) · · Score: 1

    You cannot spend money to "upgrade" your system. Your Intel processors are flawed and there is no fixed version of the processor available.

  5. Re:It happens to be a slow news week on How a Researcher Hacked His Own Computer and Found One of the Worst CPU Bugs Ever Found (reuters.com) · · Score: 2

    I always wonder why people lie about this. The CVSS is not a 1.5. Your link even proves you wrong. How is it overblown? This is a huge issue.

  6. Re:Intels updates also slow down AMD chips that do on By Next Week, Intel Expects To Issue Updates To More Than 90% of Processor Products Introduced Within Past Five Years (intel.com) · · Score: 4, Informative

    Exactly. As CERT originally said, the only solution is to replace your Intel processor:

    Solution

    Replace CPU hardware

    The underlying vulnerability is primarily caused by CPU architecture design choices. Fully removing the vulnerability requires replacing vulnerable CPU hardware.

  7. Forget about Spectre. Meltdown is an Intel flaw that cannot be fixed without replacing the processor.

  8. Re:Paid Intel shills will mention 'spectre'... on By Next Week, Intel Expects To Issue Updates To More Than 90% of Processor Products Introduced Within Past Five Years (intel.com) · · Score: 4, Informative

    Exactly. What is interesting is that Intel apparently got to CERT and made them change their solution from "replace the hardware" to "apply updates". Look at the difference between the two notifications:

    Original CERT notification:
    https://webcache.googleusercon...

    Replaced CERT notification:
    https://www.kb.cert.org/vuls/i...

  9. Here is your executive summary: your Intel chip has a flaw that allows any program to read memory it isn't supposed to. As CERT said, the only fix is to replace the hardware:

    https://webcache.googleusercon...

  10. Re:Can someone explain how will this be implemente on By Next Week, Intel Expects To Issue Updates To More Than 90% of Processor Products Introduced Within Past Five Years (intel.com) · · Score: 2

    Meltdown cannot be fixed in microcode or software. There are already programs out there that exploit it. It affects all modern Intel processors. The fixes just mitigate the problem. You are talking about Spectre.

  11. They can't disable speculative executions. That would take us back to the stone age.

  12. I don't know if they help with the performance loss, or even what the performance loss really is. I'm not an expert, but I do know this isn't fixable in software or microcode. The explanation of the flaw makes this clear. I am talking about the Intel flaw though, not the other one.

  13. You can make it harder to exploit, but the flaw is in the hardware and is fundamental to the Intel architecture. At this point if you are really worried about it you need to replace all your Intel processors that contain this flaw with ones that do not.

  14. Re:Can someone explain how will this be implemente on By Next Week, Intel Expects To Issue Updates To More Than 90% of Processor Products Introduced Within Past Five Years (intel.com) · · Score: 2

    It isn't possible. Intel is desperate to spin this story. There is no software solution to this flaw, but there are mitigation steps that can be done in software.

  15. Wrong. You cannot fix this flaw using software or microcode. The only way to fix this is to replace the flawed microprocessor. The fixes being released just mitigate the threat.

  16. Actually Google has a really good overview: https://googleprojectzero.blog...

    The short story is that there is no fix to stop any process from reading the entire memory contents of the machine. You need to replace the Intel processor with processor that doesn't have this flaw to fix this problem.

  17. They are trying to use damage control to stop the falling stock price.

  18. He is wrong. There are already PoC available that demonstrate "breaking out of a web browser". There is nothing magical about a web browser. It is just a program like any other.

  19. Don't be confused. Intel is lying. As CERT just announced the only solution to this fix is to replace the processor. The software fixes are just workarounds that make it more difficult.

  20. How would a kernel know what is your gmail password and what is your grocery list?

  21. Thanks Intel.

  22. Re:It's not a bug, it's a design decision on Intel Responds To Alleged Chip Flaw, Claims Effects Won't Significantly Impact Average Users (hothardware.com) · · Score: 4, Insightful

    All hardware is "shared". Javascript in your browser can read other processes memory. You aren't safe. Any website can exploit this.

  23. It already has. It begins by losing "p"'s. Hel !

  24. Yes. It means you can read the contents. Google has a good overview of the bug and has proven that it works.

  25. Re:Can we pause the Panic Parade, please? on Intel Responds To Alleged Chip Flaw, Claims Effects Won't Significantly Impact Average Users (hothardware.com) · · Score: 1

    Do you visit websites? You are running code. That code can be malicious. And don't say "I only visit trusted sites". Those sites can be compromised. You don't need to click on an ad to run JavaScript.