New secret-spilling flaw affects almost every Intel chip since 2011

https://cpu.fail/

New secret-spilling flaw affects almost every Intel chip since 2011
https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/

"Security researchers have found a new class of vulnerabilities in Intel
chips which, if exploited, can be used to steal sensitive information
directly from the processor."

"Intel has released microcode to patch vulnerable processors, including
Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake and Haswell chips. Intel
Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake chips are also
affected, as well as all Atom and Knights processors.

But other tech giants, like consumer PC and device manufacturers, are also
issuing patches as a first line of defense against possible attacks.

Computer makers Apple and Microsoft and browser makers Google have released
patches, with other companies expected to follow."

Install updates now to address a vulnerability in most Intel CPUs
https://www.engadget.com/2019/05/15/intel-mds-exploit/

"If you have a computer using an Intel CPU released since 2011 then
congratulations -- you've likely won a vulnerability, since only "select"
8th and 9th gen Core CPUs as well as 2nd generation Xeon Scalable CPUs have
hardware protection against the attacks."

"Patching the holes will require a combination of firmware updates and
software updates. macOS, Windows, ChromeOS and Linux already have software
updates to address MDS attacks, while Intel has also released microcode
updates for some of its hardware that you should get through motherboard
and system vendors. Just like Spectre and Meltdown, the fixes are expected
to impact performance"
https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

On Wed, 15 May 2019 01:01:15 -0700, Alan Baker wrote:

https://www.macobserver.com/link/apple-patches-zombieload/

I'm not sure of all the details, but there appear to be _four_ (4) flaws
o Zombieload https://zombieloadattack.com
o RIDL https://mdsattacks.com
o Fallout https://mdsattacks.com
o Meltdown UC https://meltdownattack.com (apparently similar to Spectre)

While Zombieload is just one of these 4 flaws, here's the impact as quoted
in the article that Alan Baker kindly linked to above:

"*Some Macs could face up to a _40 percent_ performance hit*
for those who opt-in to the full set of mitigations."
https://www.macobserver.com/link/apple-patches-zombieload/

On Wed, 15 May 2019 07:39:08 +0000, Arlen G. Holder vomited this verbiage
that I considered to be worthy of my attention for one of a variety of
possible reasons:


New secret-spilling flaw affects almost every Intel chip since 2011
https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/


It is well known, at least in some circles, that Intel engineers
used LSD, in micro-doses and otherwise, to stimulate their creativity.

Can this be the result?

But bring on the popcorn. It's time to watch everyone go hysterical
and clamour like apes for a quick fix to their illusory threats.

On 15 May 2019, F. Russell wrote
(in article ):

On Wed, 15 May 2019 07:39:08 +0000, Arlen G. Holder vomited this verbiage
that I considered to be worthy of my attention for one of a variety of
possible reasons:


New secret-spilling flaw affects almost every Intel chip since 2011
https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/

It is well known, at least in some circles, that Intel engineers
used LSD, in micro-doses and otherwise, to stimulate their creativity.

Can this be the result?

But bring on the popcorn. It's time to watch everyone go hysterical
and clamour like apes for a quick fix to their illusory threats.

The article linked above states that Apple, Microsoft, and Google have
already issued patches. It also states that the attack is not easily or
quickly performed, and that there are no known examples of the attack in the
wild. Finally it was noted that primary target seems to be cloudy services.
This means that:

1 users are unlikely to have been attacked in the past or being under attack
now;

2 if users patch their systems they are unlikely to be attacked in the
future;

3 cloud service providers had better patch quickly.

The threat is not illusory, but not a serious one at this time; it could
become serious, later. Probably much later. There is already hysteria and
ape-like clamour. This thread, cross-posted all over because the OP
specializes in ape-like clamour, is but one of at least three I see in this
newsgroup about this problem. The others were also started by hysterical
clmouring apes. Time to update the killfile.

On Wed, 15 May 2019 14:15:08 -0400, Wolffan vomited this verbiage that I
considered to be worthy of my attention for one of a variety of possible
reasons:


3 cloud service providers had better patch quickly.


I am not a "cloud service provider." I use GNU/Linux as a highly
productive desktop workstation and I couldn't care less about these
potential threats because I will NEVER see them just I will NEVER
see any of the previous side-channel attacks.

But I am quite certain that other desktop workstation users will
be scrambling for the patches like old women at a Walmart sale.

On Wed, 15 May 2019 14:15:08 -0400, Wolffan wrote:

This thread, cross-posted all over because the OP
specializes in ape-like clamour,

Hi Wolffan,

Usenet is a potluck picnic where each person strives to add value
O But not you.

You and I have encountered each other before.
o You're a cowardly bully troll - who posts unsubstantiated bull****.

*Why must you _prove_ you're a troll who posts worthless bull****?*
o You prove me right - every time you spew your bull**** on Usenet.

The original post contains _only_ recent new cited facts, all of which was
presented factually verbatim, chosen respectfully from reliable media
sources, and which were purposefully helpfully supplied, along with the
URL, the salient cited facts to the recipients where they could simply
click on the URLs provided when and if interested.

The recipients were (clearly) PC owners of Intel based computers.
o The fact you hate facts doesn't change that those are the facts.

All you're doing is proving you don't comprehend even these simple facts.

What we hope will change, is that someday, you'll post something of value.
o But not today, it seems.

On 2019-05-15 18:28:58 +0000, F. Russell said:
On Wed, 15 May 2019 14:15:08 -0400, Wolffan vomited this verbiage that I
considered to be worthy of my attention for one of a variety of possible
reasons:

3 cloud service providers had better patch quickly.

I am not a "cloud service provider." I use GNU/Linux as a highly
productive desktop workstation and I couldn't care less about these
potential threats because I will NEVER see them just I will NEVER
see any of the previous side-channel attacks.

But I am quite certain that other desktop workstation users will
be scrambling for the patches like old women at a Walmart sale.

The OS you use is completely irrelevant (other than if you use some
obscure OS you may never get a patch). These problems are with the
hardwear chips themselves and some of the past problems affected almost
ALL CPU chips: Intel, AMD, and ARM.

On 2019-05-15, Arlen G. Holder wrote:
On Wed, 15 May 2019 14:15:08 -0400, Wolffan wrote:

This thread, cross-posted all over because the OP
specializes in ape-like clamour,

an accurate assesment.

Hi Wolffan,

Usenet is a potluck picnic where each person strives to add value
O But not you.

He added a warning about cross posting, most people who are are able
to observe and discover trends, know that excessive crossposting leads
to low quaitity theads.

O But not you.

You and I have encountered each other before.
o You're a cowardly bully troll - who posts unsubstantiated bull****.

You're a cowardly bully troll - who posts unsubstantiated bull****
until called on it, then you are strangely silent.

--
When I tried casting out nines I made a hash of it.

On 16 May 2019, Jasen Betts wrote
(in article ):

On 2019-05-15, Arlen G. wrote:
On Wed, 15 May 2019 14:15:08 -0400, Wolffan wrote:

This thread, cross-posted all over because the OP
specializes in ape-like clamour,

an accurate assesment.

I no longer see the everlasting OOK-OOK-EEK-EEK that are the scummy little
chimp’s posts.



Hi Wolffan,

Kiss my ass



Usenet is a potluck picnic where each person strives to add value
O But not you.

He added a warning about cross posting, most people who are are able
to observe and discover trends, know that excessive crossposting leads
to low quaitity theads.

O But not you.

You and I have encountered each other before.

and you ran off. Because I pointed out that you support SPYING ON CHILDREN.


o You're a cowardly bully troll - who posts unsubstantiated bull****.

You're a cowardly bully troll - who posts unsubstantiated bull****
until called on it, then you are strangely silent.

Sounds like him.

Arlen,

Usenet is a potluck picnic where each person strives to add value
O But not you.

Most of them have, in relation to you, tried to do exacly that.

The only problem is that you think its upto /you/ to decide if something
that has been posted (toward you) has any value as all. It doesn't agree
with anything you think is true ? Its worthless. It doesn't contain
something you can use ? Its worthless. It tries to tell you your attitude
towards usenet in general stinks ? Its worthless and could only be said
by a troll.

*Why must you _prove_ you're a troll who posts worthless bull****?*
o You prove me right - every time you spew your bull**** on Usenet.

Kiddo, you seem to have a never-ending stream of people who all are against
you - and you than need to, and probably feel that you have the absolute
right to, lash out to. But with all of your assumptions of superiority you
seem to be unable to see that there is but one constant in that ever
changing group of people that are all stupid/trolling you/not wanting to
"add value", and that is you.

And that makes it, by using very simple logic, more likely than not that
/you/ are the cause of the problems.

Than again, that has been put forward by different people and you will
refuse to even consider it just like all the other times.

All you're doing is proving you don't comprehend even these simple facts.

As mentioned in the above, to you "don't comprehend" is just another phrase
for "don't bow to my superior understanding of the subject"

As for those 'facts' ? Same problem. They might be april first jokes,
but as long as /you/ think they are true than they are 'facts', and /noone/
is allowed to question your certainty about them.

What we hope will change, is that someday, you'll post something of value.
o But not today, it seems.

We hope so too. Of you that is. 'Cause a slew of ill-conceived,
convoluted, slap-dashed together, etc. "tutorials" and "step plans"
certainly doesn't break the "of value" treshold I'm afraid. And neither
does your never-ending stream of abuse towards anyone not agreeing with you.

Regards,
Rudy Wieser

UPDATE

9to5Mac (dateline, today, Nov 13 2019)
o Intel chip security flaws remain, say security researchers, despite claims
https://9to5mac.com/guides/security/

"Intel chip security flaws that affect all Macs, as well as Windows and
Linux machines, still exist, say security researchers ¡V despite the
chipmaker's claims to have fixed them. Similar flaws were found and patched
in ARM processors, but there is no suggestion at this stage that further
issues remain in these."

"The New York Times reports that the researchers have now gone public as
a result of concerns that Intel was misleading people."

NYTIMES: (dateline, yesterday, Nov 12 2019)
o Intel Fixes a Security Flaw It Said Was Repaired 6 Months Ago
https://www.nytimes.com/2019/11/12/technology/intel-chip-fix.html
"The Intel flaws, like other high-profile vulnerabilities the computer
security community has recently discovered in computer chips, allowed an
attacker to extract passwords, encryption keys and other sensitive data
from processors in desktop computers, laptops and cloud-computing servers."

"Researchers often agree to disclose vulnerabilities privately to tech
companies and stay quiet about them until the company can release a patch.
Typically, the researchers and companies coordinate on a public
announcement of the fix. But the Dutch researchers say Intel has been
abusing the process.

Now the Dutch researchers claim Intel is doing the same thing again. They
said the new patch issued on Tuesday still doesn¡¦t fix another flaw they
provided Intel in May."