PC Ekspert Forum - Rasprava i komentari o "Spectre" i "Meltdown" pošastima

PC Ekspert Forum (https://forum.pcekspert.com/index.php)

- Intel (https://forum.pcekspert.com/forumdisplay.php?f=8)

- - Rasprava i komentari o "Spectre" i "Meltdown" pošastima (https://forum.pcekspert.com/showthread.php?t=290321)

kada sa tim završite možete se zabaviti sa novom varijantom Skyfall i Solace.
baziraju na Meltdown i Spectre i još su pod "embargom", čekaju se chip/os-proizvođaći sa zakrpama nakon toga će biti objavljeni detalji

https://skyfallattack.com/

[SAJB] Windows Client Guidance for IT Pros to protect against speculative execution s

Imam pitanje...ispričavam se ako je postavljeno u krivoj temi
Znači trenutno imam verziju BIOS-a iz 2016. god. , znači nisam ih dosad nikad ažurirao jer nisam znao kako se to radi a i nisam imao potrebe. E sad bih ažurirao no ne znam jel mogu odmah staviti najnoviju verziju koja ima zakrpu za ove Intel bugove ili moram prvo ažurirat na one prethodne (jer ima 2-3 verzije nakon ove moje)

možeš samo zadnju, ona sadrži sve prethodne u sebi

ja bi cekao sa updejtom jer sve vise vise se javljaju problemi, a nisam siguran dal mozes sa BIOS-om ici unazad...
ak se ne varam i mnogi patchevi/updejtovi/BIOS-i su povuceni ili je izjavljeno sluzbeno da se priceka.
prouciti dobro prije upgrejda.

Znači od kad sam uzel T420, update mi je ugašen i nikad nije povlačen uopće.
Sad sam pokrenul InSpectre i veli mi da sam vulnerable i na Meltdown i na Spectre.
Performace je GOOD.

Kaj da napravim sad točno, ako mi netko može reći? Hrpu ovoga kaj pišete uopće ne shvaćam, jbga...te updejtaj, te nemoj, te ovo, te ono...pogubil sam se u svemu tome :wtf2:
Inače mi lap radi sasvim ok, kao i prvog dana.

gubis se zato jer se i sam intel pogubio. sve oslo u tri... :lol2:
izdaju pečeve preko k i onda ih kroz par sati/dana povlace ili "savjetuju" ne stavljat. tako da ja osobno cekam iako na stare sisteme nemam sta ni stavit :lol2:.

Aha ok hahahahaha thx :) iako sad čitam na InSpectre i oni sami vele da je potrebno napravit update Winsa...lud zbunjenog izgleda...

Nije im bas skripta bog-zna-kaj... :D

https://i.imgur.com/m1L4PZU.png

Saznao za ovo maloprije, mogu li se samo malo nasmijati.

:D :D :D :D

daj me nemoj

sad da amer ima imalo mozga, skrupula i muda, tuzio bi ih i za izdaju bokte.
kako danas sve prolazi ako imas para stari moj...

https://techcrunch.com/2018/01/28/in...ment/?ncid=rss

E jesam tulac i naivac, naravno da je moj pc sada dobio novi feature. Ako ga zelis rebootati iz windowsa onda se gasi ekran, nema posta i kao da je mrtav. Ako zelis takav pc upaliti, force shutdown pa paljenje ispocetka je zasada jedino rjesenje. Ne zelim ni guglati zasto i kako, sere mi se.

Citiraj:

Autor xlr (Post 3152919)

Stavio i ja jucer zadnji win10 update (povukao taman 1709) + update biosa (ga-b150n-phoenix), ali iz nekog razloga mi windowsi nisu nudili taj KBxxxx92 update. Morao sam ga rucno traziti, instalirao, rebootao, komp se nije htio bootati (crni post screen). Gasi, pali, proradio. Prokleta si, tehniko!

Da stvar bude gora, Microsoft izdaje zakrpu koja poništava sve prijašnje, dok se Intel ne odluči što zapravo hoće napraviti.

Citiraj:

Autor The Exiled (Post 3156721)

Da stvar bude gora, Microsoft izdaje zakrpu koja poništava sve prijašnje, dok se Intel ne odluči što zapravo hoće napraviti.

:roller:

Meltdown & Spectre: Misconceptions, Current Status, & Expert Interviews

Citiraj:

Meltdown is generally agreed to be more severe, but limited to Intel, while Spectre has to do with a fundamental aspect of CPUs made in the past 20 years. They involve an important technique used by modern CPUs to increase efficiency, called “speculative execution,” which is allows a CPU to preemptively queue-up tasks it speculates will next occur. Sometimes, these cycles are wasted, as the actions never occur as predicted; however, most of the time, speculating on incoming jobs will greatly improve efficiency of the processor by preemptively computing the inbound instructions.

Meltdown is a really annoying flaw but it is fairly obvious what needs to be changed in hardware so I fully expect upcoming processors not to be susceptible. In the mean time, patches like Linux KPTI provide effective protection. With Spectre I would argue that all current hardware modifications are mere stop-gap solutions. I guess it will take some time and good old fashioned research to figure out the most efficient way of mitigating such attacks.

Sa mitinga, lisa su (amd)

Citiraj:

Before I close, I’d like to address the recent important security issues facing our industry. Security is and always has been a fundamental focus for AMD, across all our products. We are vigilant about security in both our product design and throughout the product lifecycle. As new exploits arise, like we have seen with Spectre and Meltdown, we are dedicated to responding with speed and focus to keep our customers and partners informed and protected. As a reminder, we believe Meltdown is not applicable to AMD processors.

For Spectre Variant 1, we continue actively working with our ecosystem partners on mitigations, including operating system patches that have begun to roll out. We continue to believe that Variant 2 of Spectre is difficult to exploit on AMD processors. However, we are deploying CPU microcode patches that in combination with OS updates provide additional mitigation steps. Longer term, we have included changes in our future processor cores, starting with our Zen 2 design, to further address potential Spectre like exploits. We continue to collaborate closely with the industry on these vulnerabilities and are committed to protecting AMD users from these and other security threats as they arise.

Pozz!Evo upalio comp.i poceo se sam restartat upali se i ugasi i tako u krug ne mogu ni u bios uci jer mi ni tipkovnicu ni misa ne ukljuci a ekran crn.Znaci imam win 10 i intelov i5 4690k proc.gigabyte gaming 5 plocu sa updejtanim biosom na zadnju verziju.Sta se sad moze napraviti jer najvjerovatnije se to dogada zbog intelovog updejta za spectre?I kako da udem u win?

Citiraj:

Autor Graystone (Post 3160202)

Nisam citao sve, malo samo skicnuo, moooozda pomogne, ali cini mi se da si se zeznuo, pa svugdje su rekli da prije update-a napravis backup sa npr EASUS to-do backup ili slicnim alatima.Ja npr imam win7 32 na jednom HDD-u bas da mogu rijesavat ovakve govnarije, a trenutno sam zbog svega ovoga iskljucio updatee u win10.

https://social.technet.microsoft.com...0itprohardware

Hmm...fala na odgovoru ali nije mi jasno da ni u bios ne mogu uci jer se tako brzo iskljuci da ni tipkovnicu ne upali zbilja ne znam sta da napravim...

Makni sistemski disk, pa probaj bootati, čisto da eliminiraš Windows OS havariju, pa ako uspije - lako podesiš bootanje s USB-a i naknadno ponovno spojiš disk.

U slučaju da se ista stvar događa i kad nije spojen sistemski disk, moguće da je problem u samoj ploči, pa te vrlo vjerojatno čeka flashanje neke starije verzije BIOS/UEFI-a.

Citiraj:

Autor The Exiled (Post 3160346)

Ma ne vjerujem da je to. Sjecam se da ova moja ploca (Z77 pro4) ima opciju da ako stavis GPT SSD (ili HDD), mozes ukljucit nekakv fast boot gdje onda nemozes uci u BIOS, samo iz win sa asrockovom aplikacijom ''boot to UEFI''. Eto sada se vidi razlog za ne ukljucit tu glupost koja realno ustedi par sekundi bootanja :(

A tu je uvijek i clear CMOS. :)

Da, Fast Boot je posebna vrsta pizdarije, a i to kaj veliš - uvijek ima Clear CMOS.:)

Ako ima Gigabyte Z97X-Gaming 5 ploču, onda ga firmware/microcode BIOS zakrpe ne bi trebale mučiti, jer ih nema.

Decki fala na postovima rijesio sam problem!
Problem je bio u sitnim nakupinama prasine na ploci koji su pobrali vlagu i doslo je do nekakvog kratkog spoja a ploca valjda ima neki sistem da ne dopusti da se podigne win dok nesto nije u redu.Izvukao sam graficku i nista reset loop onda memoriju isto itd.
Tek kad sam unutrasnjost kucista koje je inace fractalovo sa svim onim silnim filterima prasine dobro ispuhao na kompresor i napravio clear cmos onda me je pustilo u bios tako da svima preporucam da sto cesce ciste unutrasnjost compa da im se ne bi ovakve stvari dogadale...

Post-Meltdown Intel Tries to Save Face with $250,000 Bug Bounty Program

Citiraj:

Intel has launched a public bug bounty program with individual rewards going as far as $250,000, the company said today in a press release. Intel had previously run a bug bounty program, but that one was limited to submissions from a few selected security researchers only. The new bug bounty program will be hosted on the HackerOne platform, and Intel has opened up its hardware, firmware, and software products for the occasion.

Through its new bug bounty program, Intel is trying to wash away the image of a disastrous patching process. In reality, the new bug bounty program is nothing more than a PR move, and even if it had been in place last year, it wouldn't have helped. Intel received notice of the Meltdown and Spectre bugs in June 2017, but it took four months to notify downstream OEMs about issues —doing so in November. Despite this, when public disclosure came around, Intel did not have CPU microcode patches available for OEM vendors, and the Meltdown and Spectre flaws are still largely unpatched even today.

Even if news of the Meltdown and Spectre flaws became public a week before the planned public disclosure, Intel can't use this as an excuse. The problem wasn't researchers getting in contact with the company, nor Intel paying researchers for their findings, but Intel patching its damn hardware, which Intel miserably failed to do with a six-month disclosure deadline.

MeltdownPrime and SpectrePrime

Citiraj:

In a research paper bit boffins from Princeton University and chip designer nVidia describe variants of Meltdown and Spectre exploit code that can be used to conduct side-channel timing attacks. In short, the team have discovered new ways for malware to extract sensitive information, such as passwords and other secrets, from a vulnerable computer's memory by exploiting the Meltdown and Spectre design blunders in modern processors. The software mitigations being developed and rolled out to thwart Meltdown and Spectre attacks, which may bring with them performance hits, will likely stop these new exploits. Crucially, however, changes to the underlying hardware probably will not: that is to say, whatever Intel and its rivals are working on right now to rid their CPU blueprints of these vulnerabilities may not be enough. These fresh exploits attack flaws deeply embedded within modern chip architecture that will be difficult to engineer out. Before you panic: don't. No exploit code has been released.

Pored toga, Microsoft za Spectre uvodi promjene na nivou kompajlera, dok Red Hat u prezentaciji na školski način pojašnjava kako Meltdown i Spectre iskorištavaju moderne (mikro)arhitekture.