Announcement

Collapse
No announcement yet.

New vulnerability in Intel CPUs since Pentium 4

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Click image for larger version

Name:	mdintelbug.jpg
Views:	1
Size:	56.8 KB
ID:	768594

    Comment


    • #22
      If its only a server related issue, its much less of a problem as you can just up the level of server grunt to replace the percentage loss from any patches that may be developed. As it cannot get into a user PC unless there is some security flaw, it sounds like just another exploit and as there have been many nasty ones over time, it may not be any worse than any other of the nasty ones. If the security on a user computer is lax and an exploit like this can get onto the machine, a boot disk image will wipe it out in any case.

      From the way its being hyped, it sounds like the nonsense that occurred before the year 2000 where the world was supposed to end but at midnight nothing happened. Some old mainframes had their software updated so it could handle full years (2000 versus 00) but the rest was nonsense. This is sounding much the same. Now being a cynic at best, there is another security concern, a single instance of an exploit being used as an excuse for security agencies to install snooping software on servers around the world through the patches that may be applied to so many servers is probably a much greater risk than what the exploit is being described as.
      hutch at movsd dot com
      The MASM Forum

      www.masm32.com

      Comment


      • #23
        Originally posted by Steve Hutchesson View Post
        From the way its being hyped, it sounds like the nonsense that occurred before the year 2000 where the world was supposed to end but at midnight nothing happened. Some old mainframes had their software updated so it could handle full years (2000 versus 00) but the rest was nonsense.
        I do not think the "rest was nonsense". I know that in the company I worked for at that time, we worked our asses of in overtime to hunt down all possible occurrences of the Y2K-bug in our software, fixing it/testing it/deploying it to the clients. And yes - we were lucky to find all problematic pieces of code. Our software run smoothly after 1999-12-31. But not because it was "nonsense" aka Y2K wasn't an issue for us. But because we invested lots of work in it.

        And judging from what others reported, thy did the same thorough code analysis and fix(es). And to me that's the reason because most people outside the industry think it was overhyped: most software got fixed and deployed in time, thanks us all. And therefore no major incidents happened. And not because it was a non-issue.

        I unfortunately do not know enough about CPUs, so I can't really judge the seriousness of this one. For example this thread is interesting to me, because it analyzes the impact on VMs. But I don't "get the beef".

        But I trust a few people from whom I've read comments about the issue at hand, because of their reliable and decent track records.

        Comment


        • #24
          Knuth,

          You are living proof that the world did not end at midnight 1999. Now lets face it, if every computer on the planet went BANG, the sun would rise the next day, the moon would continue to orbit the planet, it would be cold in winter, hot in summer and abacus sales would hit the roof.
          hutch at movsd dot com
          The MASM Forum

          www.masm32.com

          Comment


          • #25
            Javascript is all that is needed to read all memory.
            Couldn't edit this post with JavaScript off.


            According to the blog post below, a banner on a web page with javascript could read all your passwords.
            And to top it off, the link below won't completely display because it uses Javascript!
            So, read at your own risk! https://blog.oo-software.com/en/melt...eid=bbffe27fcf


            I'm trying running without JavaScript and things aren't going well (barely got this to post.)

            Blocking individual sites using Chrome does NOT appear to work.
            I added several sites to the blocked list and they still work.
            Completely turning off Javascript does work.

            According to the blog above we need to contact BIOS manufacturer for an update.
            He also says this effects Android and Apple cell phones.

            If the blog above is correct, this is a nightmare for many.

            Tried downloading Chrome with Javascript off and couldn't do it.
            https://www.google.com/chrome/browse...top/index.html

            With JavaScript on it downloads the current version for 32-bit:
            Version 63.0.3239.132 (Official Build)

            Comment


            • #26
              Thanks Mike for the info,

              To clear off your passwords or logins id that are stored on the web browser cache, I use CCLeaner
              It does look like we need to run this CCLeaner immediately after each usage of the browser !

              Perhaps a firewall appliance can stop hackers from intrusion into our network?

              Comment


              • #27
                Originally posted by Mike Doty View Post
                Javascript is all that is needed to read all memory.
                Couldn't edit this post with JavaScript off.

                According to the blog post below, a banner on a web page with javascript could read all your passwords.
                According to a marketing post on a commercial site by someone who "has a very broad sales and account management background, having previously been employed by various international companies in both senior sales and customer service roles." Yep obviously an expert in such issues. And guess what - their disk imaging software just happens to be a solution.

                Classic FUD.


                --
                [URL="http://www.camcopng.com"]CAMCo - Applications Development & ICT Consultancy[/URL][URL="http://www.hostingpng.com"]
                PNG Domain Hosting[/URL]

                Comment


                • #28
                  Intel AMT Security Issue Lets Attackers Bypass Login Credentials in Corporate Laptops
                  "The trouble with quotes on the Internet is that you can never know if they are genuine." - Abraham Lincoln.

                  Comment


                  • #29
                    Another Hack on Intel ! But this need physical access which is tougher to do

                    Comment

                    Working...
                    X