Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Monday September 03 2018, @12:02AM   Printer-friendly
from the hackers-may-violate-your-ring dept.

Intel has backtracked on the license for its latest microcode update that mitigates security vulnerabilities in its processors – after the previous wording outlawed public benchmarking of the chips.

With the Linux 4.19 kernel that just kicked off development this month has been continued churn in the Spectre/Meltdown space, just not for x86_64 but also for POWER/s390/ARM where applicable. For getting an overall look at the performance impact of these mitigation techniques I tested three Intel Xeon systems and two AMD EPYC systems as well as a virtual machine on each side for seeing how the default Linux 4.19 kernel performance -- with relevant mitigations applied -- to that of an unmitigated kernel.

At the BlackHat conference last month, Christopher Domas demonstrated an attack against an x86 CPU using MSR's and an embedded RISC core to bypass ring protections. The full presentation "GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs" is viewable on YouTube. Is it time for CPU vendors to rethink security?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday September 03 2018, @02:15PM (2 children)

    by Anonymous Coward on Monday September 03 2018, @02:15PM (#729856)

    No,

    It is time for a class action suite by all Via C3 owners.

  • (Score: 0) by Anonymous Coward on Monday September 03 2018, @04:09PM

    by Anonymous Coward on Monday September 03 2018, @04:09PM (#729889)

    exactly. the only thing these people care about is whether it will affect their bottom line or if they can curry favor with entities with more power. they are whores of the supranational surveillance state.

  • (Score: 1, Interesting) by Anonymous Coward on Monday September 03 2018, @04:10PM

    by Anonymous Coward on Monday September 03 2018, @04:10PM (#729890)

    After watching the video, it is likely that the vendor considered their liability when building these architectures, and that the engineering in these architectures were quite expensive to implement. This leads me to the hypothesis that:

    1. The architectures were built by request, not by invention.

    2. That the requesters would have had contractual obligations if that were so.

    3. Those contractual obligations probably would have included indemnification in the event of litigation. Probably in the form of kickbacks through "research grants" or some other innocous budgetary line item, should the manufacturer ever have go to court.

    4. Those contractual obligations probably also included a demand that the requester make public their demand for these technologies to mitigate any future deniability.

    This would explain the directory of the FBI making ridiculous demands for backdoors. He is just fulfilling a contractual obligations to one or more vendors. They are asking for backdoors in public that they already bought in private, in order to indemnify the manufacturers. The requests are not a declaration of intent, but rather a telltail of existing collusion in a conspiracy to violate the civil rights of every American.