Database Handicapping Software- JCapper

JCapper Message Board

          Off Topic
                      -- All Intel Processors Made in the Last Decade Might Have a Massive Security Flaw

Home Register
Log In
By All Intel Processors Made in the Last Decade Might Have a Massive Security Flaw
jeff
1/3/2018
8:53:55 AM
Report: All Intel Processors Made in the Last Decade Might Have a Massive Security Flaw:
https://gizmodo.com/report-all-intel-processors-made-in-the-last-decade-mi-1821728240


--quote:
"There's small screwups and big screwups. Here is tremendously huge screwup: Virtually all Intel processors produced in the last decade have a major security hole that could allow "normal user programs—from database applications to JavaScript in web browsers—to discern to some extent the layout or contents of protected kernel memory areas," the Register reported on Tuesday.

Essentially, modern Intel processors have a design flaw that could allow malicious programs to read protected areas of a device's kernel memory (memory dedicated to the most essential core components of an operating system and their interactions with system hardware). This flaw could potentially expose protected information like passwords. Since the error is baked into the Intel x86-64 hardware, it requires an OS-level overwrite to patch—on every major operating system, including Windows, Linux, and macOS.

The exact details of the design flaw and to what extent users are vulnerable are being kept under wraps for now, per the Register, though since developers appear to be rushing towards patching systems in coming weeks it is likely very bad. In the absolute worst-case speculative scenario, something as simple as JavaScript running on a webpage or cloud-hosted malware could gain access to some of the most sensitive inner workings of an Intel-based device.

Because the fix entails severing kernel memory entirely from user processes, patched OSes could potentially see a massive performance hit of "five to 30 percent slowdown, depending on the task and processor model"..."
--end quote



Great.

Just what every owner of a PC or Laptop with an Intel chip needs.

Just for fun, check out the comments beneath the article:

"10 years for it to be discovered by legit researchers. No telling when state-level or other groups knew about it."


Happy Wednesday everyone,


-jp

.

~Edited by: jeff  on:  1/3/2018  at:  8:53:55 AM~

Reply
jeff
1/5/2018
12:00:58 PM
Interesting point of view expressed by the author of an article I found earlier today on SeekingAlpha.com.

Intel Security Risk Is Much Worse Than Management Commentary Indicates:
https://seekingalpha.com/article/4135558-intel-security-risk-much-worse-management-commentary-indicates


--quote:
"In our view, the security problem is a much bigger problem than Intel is acknowledging, and Intel investors will be in for a very rough ride for the next couple of years. While Intel may not have much of a problem on the consumer side from this security issue, in our view, Intel’s data center business is at a serious risk."
--end quote


Fyi, the following comment posted beneath the article kind of caught my attention:

"Dannotech

Comments (261) |+ Follow |Send Message

@Jbitzerjr

The way the attacks works is that I could, as a C++ developer, buy a subscription to Azure, write a simple program that does some data analytics in the cloud, load it with my exploit, upload that program to the Azure cloud and let it run. And even though it a purely user-mode application, it has access to the machine and is constantly scraping data from other client OS's on that machine by peeking into the Kernel memory without the datacenter having any knowledge that the attack is happening.

There is no telling who might be my virtual neighbors on that machine, but what if it's a bank's web sight? The attacker could easy scrape account numbers and passwords as users login.

So yea, this is way bigger than on-site bad actors."






-jp

.

~Edited by: jeff  on:  1/5/2018  at:  12:00:58 PM~

Reply
Reply

Copyright © 2008 JCapper Software              back to the JCapper Message Board              www.JCapper.com