The cure worse than the disease; get your new patches or enjoy a total meltdown

Subject: General Tech | April 27, 2018 - 12:59 PM |
Tagged: meltdown, microsoft, security, patch, Windows 7, server 2008 r2

Wasn't it hilarious when Microsoft released a patch for the Meltdown flaw that made things even worse by allowing write access to kernel memory as well as read access?  Well, if you haven't the patch which fixes the patch in place you won't be laughing so hard today.  The Register has seen proof of concept code which makes use of this flaw to elevate a DOS shell window to NT AUTHORITY\System from a user without admin privileges.  Get yourself patched up, especially that Server 2008 instance!

stop-hitting-yourself-meme.jpg

"If you're not up-to-date with your Intel CPU Meltdown patches for Windows 7 or Server 2008 R2, get busy with that, because exploit code for Microsoft's own-goal flaw is available."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

Intel promises 2018 processors with hardware mitigation for Spectre and Meltdown

Subject: Processors | March 15, 2018 - 10:29 AM |
Tagged: spectre, meltdown, Intel, cascade lake, cannon lake

In continuing follow up from the spectacle that surrounded the Meltdown and Spectre security vulnerabilities released in January, Intel announced that it has provided patches and updates that address 100% of the products it has launched in the last 5 years. The company also revealed its plan for updated chip designs that will address both the security and performance concerns surrounding the vulnerabilities.

Intel hopes that by releasing new chips to address the security and performance questions quickly it will cement its position as the leader in the enterprise compute space. Customers like Amazon, Microsoft, and Google that run the world’s largest data centers are looking for improved products to make up for the performance loss and assurances moving forward that a similar situation won’t impact their bottom line.

security-wafer-2x1.jpg

For current products, patches provide mitigations for the security flaws in the form operating system updates (for Windows, Linux) and what are called microcode updates, a small-scale firmware that helps provide instruction processing updates for a processor. Distributed by Intel OEMs (system vendors and component providers) as well as Microsoft, the patches have seemingly negated the risks for consumers and enterprise customer data, but with a questionable impact on performance.

The mitigations cause the processors to operate differently than originally designed and will cause performance slowdowns on some workloads. These performance degradations are the source of the handful of class-action lawsuits hanging over Intel’s head and are a potential sore spot for its relationship with partners. Details on the performance gaps from the security mitigations have been sparse from Intel, with only small updates posted on corporate blogs. And because the problem has been so widespread, covering the entire Intel product line of the last 10 years, researchers are struggling to keep up.

The new chips that Intel is promising will address both security and performance considerations in silicon rather than software, and will be available in 2018. For the data center this is the Cascade Lake server processor, and for the consumer and business markets this is known as Cannon Lake. Both will include what Intel is calling “virtual fences” between user and operating system privilege levels and will create a significant additional obstacle for potential vulnerabilities.

The chips will also lay the ground work and foundation for future security improvement, providing a method to more easily update the security of the processors through patching.

By moving the security mitigations from software (both operating system and firmware) into silicon, Intel is reducing the performance impact that Spectre and Meltdown cause on select computing tasks. Assurances that future generations of parts won’t suffer from a performance hit is good news for Intel and its customer base, but I don’t think currently afflicted customers will be satisfied at the assertion they need to buy updated Intel chips to avoid the performance penalty. It will be interesting to see how, if at all, the legal disputes are affected.

meltdown-spectre-kernel-vulnerability.png

The speed at which Intel is releasing updated chips to the market is an impressive engineering feat, and indicates at top-level directive to get this fixed as quickly as possible. In the span of just 12 months (from Intel’s apparent notification of the security vulnerability to the expected release of this new hardware) the company will have integrated fairly significant architectural changes. While this may have been a costly more for the company, it is a drop in the bucket compared to the potential risks of lowered consumer trust or partner migration to competitive AMD processors.

For its part, AMD has had its own security issues pop up this week from a research firm called CTS Labs. While there are extenuating circumstances that cloud the release of the information, AMD does now have a template for how to quickly and effectively address a hardware-level security problem, if it exists.

The full content of Intel's posted story on the subject is included below:

Hardware-based Protection Coming to Data Center and PC Products Later this Year

By Brian Krzanich

In addressing the vulnerabilities reported by Google Project Zero earlier this year, Intel and the technology industry have faced a significant challenge. Thousands of people across the industry have worked tirelessly to make sure we delivered on our collective priority: protecting customers and their data. I am humbled and thankful for the commitment and effort shown by so many people around the globe. And, I am reassured that when the need is great, companies – and even competitors – will work together to address that need.

But there is still work to do. The security landscape is constantly evolving and we know that there will always be new threats. This was the impetus for the Security-First Pledge I penned in January. Intel has a long history of focusing on security, and now, more than ever, we are committed to the principles I outlined in that pledge: customer-first urgency, transparent and timely communications, and ongoing security assurance.

Today, I want to provide several updates that show continued progress to fulfill that pledge. First, we have now released microcode updates for 100 percent of Intel products launched in the past five years that require protection against the side-channel method vulnerabilities discovered by Google. As part of this, I want to recognize and express my appreciation to all of the industry partners who worked closely with us to develop and test these updates, and make sure they were ready for production.

With these updates now available, I encourage everyone to make sure they are always keeping their systems up-to-date. It’s one of the easiest ways to stay protected. I also want to take the opportunity to share more details of what we are doing at the hardware level to protect against these vulnerabilities in the future. This was something I committed to during our most recent earnings call.

While Variant 1 will continue to be addressed via software mitigations, we are making changes to our hardware design to further address the other two. We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 and 3. Think of this partitioning as additional “protective walls” between applications and user privilege levels to create an obstacle for bad actors.

These changes will begin with our next-generation Intel® Xeon® Scalable processors (code-named Cascade Lake) as well as 8th Generation Intel® Core™ processors expected to ship in the second half of 2018. As we bring these new products to market, ensuring that they deliver the performance improvements people expect from us is critical. Our goal is to offer not only the best performance, but also the best secure performance.

But again, our work is not done. This is not a singular event; it is a long-term commitment. One that we take very seriously. Customer-first urgency, transparent and timely communications, and ongoing security assurance. This is our pledge and it’s what you can count on from me, and from all of Intel.

Source: Intel

Unmasking the Spectre; will the new patches cause a performance Meltdown?

Subject: General Tech | February 28, 2018 - 12:59 PM |
Tagged: Intel, kaby lake, Skylake, security, spectre, meltdown

With the new improved Intel patches to protect against Spectre and Meltdown, The Tech Report made the effort to revisit the performance impact you can expect on a system with a Core i7-7700HQ and a Samsung PM961 512 GB NVMe SSD.  Javascript tests show a noticeable drop in performance and while PCMark Essentials total score showed a dip in performance the gaming specific tests did not.  It will be interesting to see if this levels the playing field between Ryzen and Skylake, as the performance delta is already very small.  Check out the full results here.

Alienware-13-e1494615490833-1024x785__94158.1502603207.500.659.jpg

"Intel recently released stable microcode updates to mitigate the Spectre vulnerability on Skylake and newer CPUs. We ran back-to-back tests with and without the patch on one of our Kaby Lake systems to see just how much performance suffers in exchange for safety."

Here is some more Tech News from around the web:

Tech Talk

 

A quick lesson in bad optics from Intel

Subject: General Tech | January 29, 2018 - 01:26 PM |
Tagged: Intel, spectre, meltdown

This story has initiated a lot of guesswork and is likely not as bad as it is being made out to be, however it is a great example of how not to react to a major flaw.  Without even delving into the selling of Intel stocks, it is already easy to point out how bad the Spectre and Meltdown flaws have been handled; from the initial Microsoft patches offering possible performance degradation to the Intel microcode patches rebooting machines and the final official recommendation to avoid the patches altogether for now.

As Slashdot linked to today, Intel reached out to their major customers before alerting the general public about the issue.  This is a common practice in the industry, to inform vendors, resellers and manufacturing partners about major changes that they will be required to implement to mitigate a patch.  However in these days of 'cyberwarfare', there is some cause for concern that foreign companies may have communicated this information knowingly or not, to their respective governments.  Intel chose not to inform governments directly about the flaws, something which seems like it really should be done in today's world.  It is unlikely anything horrible has happened on a widespread basis because of this flaw and the playing field is now level again; however this remains a great example of how not to deal with the discovery of a major architectural flaw which continues to cause grave security concerns globally.

Spying.jpg

"According to The Wall Street Journal, Intel initially told a handful of customers about the Meltdown and Spectre vulnerabilities, including Chinese tech companies like Alibaba and Lenovo, before the U.S. government. As a result, the Chinese government could have theoretically exploited the holes to intercept data before patches were available."

Here is some more Tech News from around the web:

Tech Talk

 

Source: Slashdot

Intel will be melting down the spectre of insecurity later this year

Subject: General Tech | January 26, 2018 - 12:45 PM |
Tagged: Intel, spectre, meltdown, rumour

Brian Krzanich, still the lead at Intel, announced that new Intel chips will arrive in 2018 which are immune to Spectre and Meltdown.  This is interesting in several ways, and may offer the first really compelling reason to upgrade an Intel system in quite some time.  It is unlikely this new processor will be Cannon Lake as it has been taped out for long enough there are accusations that Intel is purposely holding it back.  It could indicate that Ice Lake will arrive earlier than expected, both to resolve their architectutal flaws and as a counter to AMD's Ryzen and ThreadRipper or possibly only refer to a certain family of mobile or server chips.  It is also unknown what effect the changes will have on the performance of these chips.  The Inquirer would like to know ... about a few things, in fact.

Stacy-Smith-Intel-Manufacturing.jpg

"INTEL CEO Brian Krzanich, he of the conveniently well-timed stock sale, has told investors that the company will launch chips immune to the Meltdown and Spectre vulnerabilities later this year."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer
Author:
Subject: Editorial
Manufacturer: Intel

Another Strong Quarter for the Giant

This afternoon Intel released their Q4 2017 financial results. The quarter was higher in revenue than was expected by analysts. The company made $17.1B US in revenue and recorded a non-GAAP net of $1.08 a share.  On the surface it looks like Intel had another good quarter that was expected by the company and others alike. Underneath the surface these results have shown a few more interesting things about the company as well as the industry it exists in.

Intel-Swimming-in-Money.jpg

We have been constantly hearing about how the PC market is weak and it will start to negatively affect those companies who's primary products go into these machines. Intel did see a 2% drop in revenue year on year from their Client Computing Group, but it certainly did not look to be a collapse. We can also speculate that part of the drop is from a much more competitive AMD and their strong performing Ryzen processors. These indications point to the PC market still being pretty stable and robust, even though it isn't growing at the rate it once had.

The Data Center Group was quite the opposite. It grew around 20% over the same timespan. Intel did not provide more detail but it seems that datacenters and cloud computing are still growing at a tremendous rate. With the proliferation of low power devices yet increased computing needs, data centers are continuing to expand and purchase the latest and greatest CPUs from Intel. So far AMD's EPYC has not been rolled out aggressively so far, but 2H 2018 should shed a lot more light on where this part of the market is going.

Click to continue reading about Intel's Q4 2017 earnings!

Podcast #484 - New Samsung SSDs, Spectre and Meltdown updates, and more!

Subject: General Tech | January 25, 2018 - 01:26 PM |
Tagged: spectre, Samsung, podcast, plex, meltdown, Intel, inspiron 13, dell, amd, 860 pro, 860 evo

PC Perspective Podcast #484 - 01/25/18

Join us this week for a recap of news and reviews including new SSDs from Samsung, updates on Spectre and Meltdown, and building the ultimate Plex server, and more!

You can subscribe to us through iTunes and you can still access it directly through the RSS page HERE.

The URL for the podcast is: http://pcper.com/podcast - Share with your friends!

Hosts: Ryan Shrout, Jeremy Hellstrom, Josh Walrath, Allyn Malventano

Peanut Gallery: Ken Addison

Program length: 1:28:56

Podcast topics of discussion:

  1. Week in Review:
  2. 0:41:30 Thanks to Casper for supporting our channel. Save $50 on select mattresses at http://www.casper.com/pcper code: pcper
  3. News items of interest:
  4. 1:14:10 Picks of the Week:
    1. Ryan:
  5. Closing/outro
 

Portable performace, post patch

Subject: General Tech | January 23, 2018 - 01:35 PM |
Tagged: meltdown, spectre, Broadwell, coffee lake

TechSpot ran two Dell XPS 13 ultraportables, one powered by a Broadwell era i5-5200U and one with a Coffee Lake i7-8550U, through a battery of benchmarks and tasks to see what effect the patches have had on performance.  They were lucky not to encounter the stability issues currently plaguing machines with patched UEFI but they do mention it. For intensive tasks, such as rendering or numerical calculations there was a noticeable hit to performance after the patches were installed, with both systems suffering equally.  This is interesting to see as there has been mention that older processors may suffer more than current generation CPUs.  Take a look at this newest set of benchmarks and expect to see more soon.

RE1Apq6.jpg

"We've already covered what you can expect on modern desktop systems, however today we'll be diving into the mobile side of things to see how Meltdown and Spectre patches affect ultraportable laptops."

Here is some more Tech News from around the web:

Tech Talk

 

Source: Techspot

Intel Recommends Waiting to Apply Haswell and Broadwell Spectre and Meltdown Patches

Subject: Processors | January 22, 2018 - 09:40 PM |
Tagged: spectre, meltdown, Intel

A couple of weeks ago, Intel acknowledged reports that firmware updates for Spectre and Meltdown resulted in reboots and other stability issues. At the time, they still suggested that end-users should apply the patch regardless. They have since identified the cause and their recommendation has changed: OEMs, cloud service providers, system manufacturers, software vendors, and end users should stop deploying the firmware until a newer solution is released.

INTEL_XeonE7v3_1_p.jpg

The new blog post also states that an early version of the updated patch has been created. Testing on the updated firmware started over the weekend, and it will be published shortly after that process has finished.

According to their security advisory, another patch that solved both Spectre 1 and Meltdown did not exhibit stability and reboot issues. This suggests that something went wrong with the Spectre 2 mitigation, which could be a fun course of speculation for tea-leaf readers to guess what went wrong in the patch. Ultimately, it doesn’t matter, though, because new code will be available soon.

Source: Intel

Intel is hoping to find a way to kill the disease slightly more quickly than the patient

Subject: General Tech | January 22, 2018 - 03:14 PM |
Tagged: Broadwell, haswell, Intel, security, meltdown, spectre

Spectre and Meltdown are about as bad as vulnerabilities can get, offering significant security issues on a wide variety of processors with only a band aid solution currently available.  It seems Intel is asking many clients to rip that band aid off as the supposed cure is now causing more widespread harm than the vulnerabilities it is to protect against.  This is not a case of performance decreases due to the patch but instead, as Intel executive vice president Neil Shenoy puts it, the patch "may introduce higher than expected reboots and other unpredictable system behaviour."  This means that not only new machines powered by Broadwell or Haswell are unprotected but also that many of your service providers will also not be installing these patches.

There is no good news out of this today, the difficulty a widespread attack is high but a targeted attack; not so much.

Capture.PNG

"We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot