Forumi


Povratak   PC Ekspert Forum > Računala > Intel
Ime
Lozinka

Odgovori
 
Uređivanje
Staro 03.03.2018., 22:56   #271
The Exiled
McG
Moj komp
 
The Exiled's Avatar
 
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 1,011
SgxSpectre Attack Can Extract Data from Intel SGX Enclaves
Citiraj:
Intel Software Guard eXtensions (SGX) is a feature of modern Intel processors that allow an application to create so-called enclaves. This enclave is a hardware-isolated section of the CPU's processing memory where applications can run operations that deal with extremely sensitive details, such as encryption keys, passwords, user data, and more. According to researchers, SgxSpectre works because of specific code patterns in software libraries that allow developers to add SGX support to their apps. Vulnerable SGX development kits include the Intel SGX SDK, Rust-SGX, and Graphene-SGX. Intel's recent Spectre patches don't necessarily help, as an attacker can work around these fixes. Intel says an update for the Intel SGX SDK that adds SgxSpectre mitigations will be released on March 16. App developers will need to integrate this new SDK version into their SGX-capable apps and issue an update to users. Apps that implement Google's Retpoline anti-Spectre coding techniques are safe, researchers say.
The Exiled je offline   Reply With Quote
Staro 05.03.2018., 11:23   #272
Gigi1
Premium
Moj komp
 
Datum registracije: Feb 2005
Lokacija: Zagreb
Postovi: 1,252
shitshow se i dalje nastavlja, ali bitno da se pisalo da je "bug nepostojeci"
__________________
Gigi1 je online   Reply With Quote
Staro 06.03.2018., 09:00   #273
BsClocked
Dobro je sve.
Moj komp
 
BsClocked's Avatar
 
Datum registracije: Sep 2012
Lokacija: 00001
Postovi: 579
BsClocked je offline   Reply With Quote
Staro 06.03.2018., 09:44   #274
Manuel Calavera
Premium
Moj komp
 
Manuel Calavera's Avatar
 
Datum registracije: Jul 2012
Lokacija: vk+
Postovi: 10,019
Frend ima neke pizdarije sa win, povuklo mu update za spectre kaže, pa je sad ubacivao neke starije microcodove tj. modao je biose
Manuel Calavera je offline   Reply With Quote
Staro 15.03.2018., 16:26   #275
The Exiled
McG
Moj komp
 
The Exiled's Avatar
 
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 1,011
Intel Publishes Spectre & Meltdown Hardware Plans: Fixed Gear Later This Year
Citiraj:
Intel is announcing that they have developed hardware fixes for both the Meltdown and Spectre v2 vulnerabilities, which in turn will be implemented into future processors. Both the next version of Intel’s Xeon server/HEDT platform – Cascade Lake – as well as new 8th gen Core processors set to ship in the second half of this year will include the mitigations. Meanwhile for updating Intel’s consumer chips, this is a bit more nebulous. While Intel hasn’t shared the complete text of their announcement with us ahead of press time, their specific wording is that the changes will be included in 8th gen Core processors “expected to ship in the second half of 2018.” Intel hasn’t said what processor family these are (e.g. Cannon Lake?), or for that matter whether these are even going to be traditional consumer chips or just the Core HEDT releases of Cascade Lake.

As for the hardware changes themselves, it’s important to note that Intel’s changes only mitigate Meltdown (what Intel calls “variant 3”) and Spectre variant 2. In both cases the company has mitigated the vulnerabilities through a new partitioning system that improves both process and privilege-level separation, going with a “protective walls” analogy. Unfortunately these hardware changes won’t mitigate Spectre variant 1. And admittedly, I haven’t been expecting Intel (or anyone else) to figure that one out in 2018. The best mitigations for Spectre v1 will remain developer-focused software techniques such as retpoline.
Izvor: AnandTech
The Exiled je offline   Reply With Quote
Staro 28.03.2018., 11:13   #276
geronimo_2
Premium
Moj komp
 
geronimo_2's Avatar
 
Datum registracije: Jun 2005
Lokacija: Rijeka / Grobnik
Postovi: 2,274
geronimo_2 je offline   Reply With Quote
Staro 28.03.2018., 12:29   #277
The Exiled
McG
Moj komp
 
The Exiled's Avatar
 
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 1,011
Začarani krug, a zakrpe i dalje rade više štete nego koristi.
The Exiled je offline   Reply With Quote
Staro 04.04.2018., 14:50   #278
geronimo_2
Premium
Moj komp
 
geronimo_2's Avatar
 
Datum registracije: Jun 2005
Lokacija: Rijeka / Grobnik
Postovi: 2,274

Zadnje izmijenjeno od: geronimo_2. 04.04.2018. u 15:29.
geronimo_2 je offline   Reply With Quote
Staro 04.04.2018., 15:06   #279
kopija
DIY DILETANT
 
kopija's Avatar
 
Datum registracije: Jan 2009
Lokacija: Čistilište
Postovi: 1,316
Citiraj:
Autor geronimo_2 Pregled postova
Čisto sumnjam da bi proizvođači matičnih starih deset godina izbacili nove biose čak i kada bi Intel izdao microcode update.
kopija je offline   Reply With Quote
Staro 04.04.2018., 15:58   #280
popo1
Registered User
Moj komp
 
Datum registracije: Jun 2007
Lokacija: Zagreb
Postovi: 113
Ako netko zna,
ako skinem sa microsoftove stranice zadnju verziju Windowsa 10, da li su u njima ove zakrpe protiv spectre i meltdown bug-a ?
I da li su sa tim zakrpama slabije performanje računala.
Inače, imam i5 kaby lake.
Zahvaljujem
popo1 je offline   Reply With Quote
Staro 11.04.2018., 13:05   #281
The Exiled
McG
Moj komp
 
The Exiled's Avatar
 
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 1,011
AMD Releases Spectre v2 Microcode Updates for CPUs Going Back to 2011
Citiraj:
AMD has released CPU microcode updates for processors affected by the Spectre variant 2 (CVE-2017-5715) vulnerability. The company has forwarded these microcode updates to PC and motherboard makers to include them in BIOS updates. Updates are available for products released as far as 2011, for the first processors of the Bulldozer line. The KB4093112 update included in the April 2018 Patch Tuesday contains additional Spectre v2 mitigations, not included with the original January 2018 Patch Tuesday release, which AMD deems necessary to completely mitigate Spectre v2. The company is still preparing patches for the RyzenFall, MasterKey, Fallout, and Chimera vulnerabilities that came to light last month, considered less dangerous and easier to fix than the Meltdown and Spectre flaws.
Izvor: BleepingComputer

Citiraj:
Autor popo1 Pregled postova
ako skinem sa microsoftove stranice zadnju verziju Windowsa 10, da li su u njima ove zakrpe protiv spectre i meltdown bug-a ? I da li su sa tim zakrpama slabije performanje računala.
Zasad te zakrpe još uvijek nisu integrirane (možda jednog dana budu), ali Windows Update tijekom i nakon instalacije pokupi sve bitno.

Performanse mogu, a i ne moraju biti iste - nažalost ovisi kakve si sreće.
The Exiled je offline   Reply With Quote
Staro 18.04.2018., 12:41   #282
popo1
Registered User
Moj komp
 
Datum registracije: Jun 2007
Lokacija: Zagreb
Postovi: 113
Ok, hvala na odgovoru.
popo1 je offline   Reply With Quote
Staro 03.05.2018., 21:34   #283
The Exiled
McG
Moj komp
 
The Exiled's Avatar
 
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 1,011
Spectre Watch: More Spectre-class CPU Vulnerabilities to be Announced Soon?
Citiraj:
Heise.de has published an exclusive report stating that they got wind of a new series of Spectre-class vulnerabilities that are currently being investigated by the greater security community, and that these vulnerabilities are going to be announced in the coming days. Meanwhile, seemingly in response to the Heise article, Intel has just published their own statement on the matter, which they’re calling “Addressing Questions Regarding Additional Security Issues.” Sources point to 8 individual CVE-assigned Spectre-class attacks, which for the moment they’re calling Spectre-NG. According to the site, Intel is working on two waves of patches, with the first wave currently set to be released in May, and Heise is further speculating that information on the first wave will be released just ahead of May’s Patch Tuesday. Meanwhile information on a second flaw could be released “any day now.”
Izvor: AnandTech
The Exiled je offline   Reply With Quote
Staro 22.05.2018., 09:38   #284
The Exiled
McG
Moj komp
 
The Exiled's Avatar
 
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 1,011
Google and Microsoft Reveal New Spectre Attack
Citiraj:
Security researchers from Google and Microsoft have found two new variants of the Spectre attack that affects processors made by AMD, ARM, IBM, and Intel. Rumors about this new flaw leaked online at the start of the month in a German magazine, but actual details were published today. Impressively, AMD has already released a 5 page whitepaper on the vulnerability, as well as a post on their security updates page outlining that they will be providing updates back to the Bulldozer series of processors. Even more remarkable, is AMD stats that these updates are already in the hands of Microsoft, who is completing final testing and validation and will be released over the standard update process.

The bugs - referred to in the past weeks as SpectreNG - are related to the previous Meltdown and Spectre bugs discovered last year and announced at the start of 2018. Both Google and Microsoft researchers discovered the bug independently. The bugs work similarly to the Meltdown and Spectre bugs, a reason why they were classified as "variant 3a" and "variant 4" instead of separate vulnerabilities altogether.
  • Variant 1: bounds check bypass (CVE-2017-5753) aka Spectre v1
  • Variant 2: branch target injection (CVE-2017-5715) aka Spectre v2
  • Variant 3: rogue data cache load (CVE-2017-5754) aka Meltdown
  • Variant 3a: rogue system register read (CVE-2018-3640)
  • Variant 4: speculative store bypass (CVE-2018-3639)
Izvor: BleepingComputer
The Exiled je offline   Reply With Quote
Staro 14.08.2018., 22:13   #285
pci_e3x
Premium spammer
Moj komp
 
pci_e3x's Avatar
 
Datum registracije: Aug 2010
Lokacija: Kšt
Postovi: 442
'ajmo izbacit dovoljno patcheva za (namjerne?) sigurnosne rupe u nasim proizvodima. Tako da kada izbacimo nove generacije CPU-a, izgledat ce da su puno brzi od starih.


L1 Terminal Fault - The Latest Speculative Execution Side Channel Attack
"While Meltdown breaks the user space to kernel space protection, L1TF allows to attack any physical memory address in the system and the attack works across all protection domains. It allows an attack of SGX and also works from inside virtual machines because the speculation bypasses the extended page table (EPT) protection mechanism. "
https://www.phoronix.com/scan.php?pa...Terminal-Fault



A Lot Of Spectre Changes Land In The Linux 4.19 Git Tree, Possible Performance Impact
https://www.phoronix.com/scan.php?pa...86-PTI-Spectre


Prije nego netko hate-a Windows, vec su izbacili patch:
https://support.microsoft.com/en-ae/...date-kb4343909

I Logo + Web je online, bez toga nije prava sigurnosna prijetnja:
https://foreshadowattack.eu/

__________________
https://github.com/precla

Zadnje izmijenjeno od: pci_e3x. 14.08.2018. u 22:36.
pci_e3x je offline   Reply With Quote
Staro 28.08.2018., 00:00   #286
The Exiled
McG
Moj komp
 
The Exiled's Avatar
 
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 1,011
Windows 10 KB4100347 Intel CPU Update Causing Boot Issues & Pushed to AMD Users
Citiraj:
On August 21st, Microsoft released an update to the May KB4100347 security update for Windows 10 and Windows Server 2016, which contain Intel CPU microcode updates to mitigate Spectre vulnerabilities. After installing this latest version, Windows users are reporting that they are unable to properly boot Windows 10 or are having performance issues. To further complicate the issue, this Intel CPU update is also being pushed to users of AMD processors. While it appears that AMD users are not suffering the same issues as those using Intel processors, it does appear that Microsoft made a mistake by pushing out the update to these users and those who are using unsupported Intel processors.
Izvor: BleepingComputer
The Exiled je offline   Reply With Quote
Staro 28.08.2018., 00:12   #287
Smartic
Premium
Moj komp
 
Smartic's Avatar
 
Datum registracije: Mar 2011
Lokacija: Varaždin
Postovi: 2,250
Meni od updatea prije 2 tjedna nadalje monitor bude u wake-up loopu po cca. 10 minuta kod svakog boota. Pojavi se slika na 0.2-3s pa crno 2-3s i tako konstantno dok se ne 'nađe'. Ne znam je li sigurno do toga, ali monitor radi normalno na jednom drugom kompu i na laptopu.

Mislite da bi updateanje BIOS-a riješilo to? Vidim da su u međuvremenu 3 zakrpe izašle za mikrokod(za moju ploču)...
Smartic je offline   Reply With Quote
Staro 28.08.2018., 00:22   #288
The Exiled
McG
Moj komp
 
The Exiled's Avatar
 
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 1,011
Jesi možda probal da li je takva situacija i kad spojiš monitor na iGPU izlaz na ploči? GTX 1080 možeš privremeno maknuti za to vrijeme. Čisto da i to eliminiraš.

Kaj se BIOS-a tiče, možeš probati novu verziju, ali obzirom da s ovim zakrpama fušaju na sve strane, bogtepitaj da li bude imalo kakvog učinka.
The Exiled je offline   Reply With Quote
Staro 30.08.2018., 17:53   #289
pci_e3x
Premium spammer
Moj komp
 
pci_e3x's Avatar
 
Datum registracije: Aug 2010
Lokacija: Kšt
Postovi: 442
The Performance Cost Of Spectre / Meltdown / Foreshadow Mitigations On Linux 4.19

https://www.phoronix.com/scan.php?pa...igations&num=1
__________________
https://github.com/precla
pci_e3x je offline   Reply With Quote
Staro 05.11.2018., 13:26   #290
The Exiled
McG
Moj komp
 
The Exiled's Avatar
 
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 1,011
Intel CPUs fall to new hyperthreading exploit that pilfers crypto keys
Citiraj:
PortSmash, as the new attack is being called, exploits a largely overlooked side-channel in Intel’s hyperthreading technology. Utilizing this attack, researchers were able to steal the private decryption key from an OpenSSL thread running in the same core as their exploit. While the researchers have only tested this vulnerability against Intel Skylake and KabyLake processors, they also expect it to work on AMD Ryzen processors. The only way to mitigate this attack is to disable SMT/Hyper-threading on a computer, which OpenBSD has already done by default since this summer when another timing attack was released called TLBleed. Intel has already removed hyper-threading from their new 9th generation gaming CPUs in order to offer hardware protection from Meltdown v3 and the L1 Terminal Fault vulnerabilities.
Izvor: ArsTechnica i BleepingComputer

Zadnje izmijenjeno od: The Exiled. Jučer u 21:54.
The Exiled je offline   Reply With Quote
Odgovori


Uređivanje

Pravila postanja
Vi ne možete otvarati nove teme
Vi ne možete pisati odgovore
Vi ne možete uploadati priloge
Vi ne možete uređivati svoje poruke

BB code je Uključeno
Smajlići su Uključeno
[IMG] kod je Uključeno
HTML je Uključeno

Idi na