LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 03-13-2018, 03:45 PM   #1
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-15.0
Posts: 11,044

Rep: Reputation: Disabled
AMD allegedly has its own Spectre-like security flaws


That's the title of an article published by CNET:
https://www.cnet.com/news/amd-has-a-...aw-of-its-own/

Happy reading.
 
Old 03-13-2018, 04:17 PM   #2
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 2,454

Rep: Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347
This smells like a hit-job by Intel. The vulnerabilities not only aren't speculative execution information leak vulnerabilities that would be similar to Spectre and Meltdown, but they also don't seem like they would be usable in the real world.

The lack of any kind of emergency response to fix this will be the proof.
 
12 members found this post helpful.
Old 03-13-2018, 04:30 PM   #3
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 15.0 + Multilib
Posts: 2,159

Rep: Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512
yes, the 24-hour lead-time is Very Nasty.

Sounds kinda like the Windows Crypto-Locker Scheme ( pay us now or pay us later ).

There's some discussion on slashdot: https://it.slashdot.org/story/18/03/...indings-public

One of the posts in the slashdot discussion points at the Blackmailer's site: https://amdflaws.com/

From what I can tell, they're a bunch of *'s ( apologies for plagiarizing Kurt Vonnegut )

-- kjh
 
Old 03-13-2018, 04:30 PM   #4
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727

Rep: Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247
Quote:
Originally Posted by volkerdi View Post
This smells like a hit-job by Intel. The vulnerabilities not only aren't speculative execution information leak vulnerabilities that would be similar to Spectre and Meltdown, but they also don't seem like they would be usable in the real world.

The lack of any kind of emergency response to fix this will be the proof.
Yeah, yeah...

BUT, like I said somewhere, the Age of Hardware Vulnerabilities has just begun with Spectre/Meltdown public release and the Heroic Age of Manually Building Packages ended in that day...

Dear Patrick, with all respect I strongly suggest you to arrive to "slackware.SlackBuild" and to ensure you can clean rebuild the entire distribution just hitting it. Just in case, maybe you will need it in a weekly base...

Last edited by Darth Vader; 03-13-2018 at 04:51 PM.
 
Old 03-13-2018, 04:58 PM   #5
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 2,454

Rep: Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347
Quote:
Originally Posted by Darth Vader View Post
Dear Patrick, with all respect I strongly suggest you to arrive to "slackware.SlackBuild" and to ensure you can clean rebuild the entire distribution just hitting it. Just in case, maybe you will need it in a weekly base...
Such a script would certainly have to be rewritten for the new magic build order before every use. Just look at what nobodino is doing.
 
3 members found this post helpful.
Old 03-13-2018, 07:03 PM   #6
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,350

Rep: Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739
From the link in post #1
Quote:
The majority of these reported vulnerabilities would require administrative access to work, meaning an attacker would first need to have control of your machine through some type of malware.
The article gives the impression that these exploits are working against the Windows 10 operating system.
 
Old 03-13-2018, 08:59 PM   #7
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 2,454

Rep: Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347Reputation: 8347
Quote:
Originally Posted by kjhambrick View Post
From what I can tell, they're a bunch of *'s ( apologies for plagiarizing Kurt Vonnegut )
Breakfast of Champions! One of my favorites.
 
1 members found this post helpful.
Old 03-14-2018, 08:29 PM   #8
ChuangTzu
Senior Member
 
Registered: May 2015
Location: Where ever needed
Distribution: Slackware/Salix while testing others
Posts: 1,718

Rep: Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857
Quote:
Originally Posted by volkerdi View Post
This smells like a hit-job by Intel. The vulnerabilities not only aren't speculative execution information leak vulnerabilities that would be similar to Spectre and Meltdown, but they also don't seem like they would be usable in the real world.

The lack of any kind of emergency response to fix this will be the proof.
bingo...
Linus' response https://plus.google.com/+LinusTorval...ts/PeFp4zYWY46

other info:
https://forums.anandtech.com/threads...-this.2540299/
https://www.gamersnexus.net/industry...earch-cts-labs

Oh BTW, Intel stock is up today while AMD's fell...
https://www.marketwatch.com/investing/stock/intc
https://www.marketwatch.com/investing/stock/amd

Last edited by ChuangTzu; 03-14-2018 at 08:38 PM. Reason: added stock links
 
1 members found this post helpful.
Old 03-15-2018, 12:27 PM   #9
Martinus2u
Member
 
Registered: Apr 2010
Distribution: Slackware
Posts: 497

Rep: Reputation: 119Reputation: 119
Let's be honest. Speculative and out-of-order execution has been the holy grail of CPU design for a number of years, and they are the major reason for the dramatic increase in CPU power seen in this millenium. We can expect more leeching of side-band information using these mechanisms, in CPUs by all vendors.

I am not so worried that these mechanisms can be abused by persons with local access to a machine - which is bad enough in the current climate of state-owned espionage against their own citizens.

To me, the real scandal is a different one: namely that we allow web browsers to execute Turing-complete software in realtime, allowing remote attackers to exploit this type of security flaw, and others.
 
4 members found this post helpful.
Old 03-15-2018, 01:29 PM   #10
rogan
Member
 
Registered: Aug 2004
Distribution: Slackware
Posts: 216

Rep: Reputation: 117Reputation: 117
Given all I've read, heard and seen about it I'd guess
this is some kind of stock-price opportunism.
Sad thing is that it works.
 
1 members found this post helpful.
Old 03-21-2018, 09:47 AM   #11
abga
Senior Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 1,634

Rep: Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929
https://community.amd.com/community/...-labs-research
 
Old 03-21-2018, 11:43 AM   #12
Skaendo
Senior Member
 
Registered: Dec 2014
Location: West Texas, USA
Distribution: Slackware64-14.2
Posts: 1,445

Rep: Reputation: Disabled
Still have to note that "require administrative access to the system", it's only on a small set of their processors, and it's nothing like Spectre/Meltdown.

The person(s) who "disclosed" the information was very much an amateur and I wouldn't give them the time of day for how they handled the situation.
 
3 members found this post helpful.
Old 03-21-2018, 12:07 PM   #13
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-15.0
Posts: 11,044

Original Poster
Rep: Reputation: Disabled
So if I understand well and believe AMD's response I involuntary did spread FUD, as if someone gets root access on a computer all doors are of course open to do nasty things any way.

I am thus tagging this thread as [SOLVED], thanks abga for the link and Skaendo for the comment.

Last edited by Didier Spaier; 03-21-2018 at 12:09 PM.
 
1 members found this post helpful.
Old 03-21-2018, 12:41 PM   #14
Skaendo
Senior Member
 
Registered: Dec 2014
Location: West Texas, USA
Distribution: Slackware64-14.2
Posts: 1,445

Rep: Reputation: Disabled
Quote:
Originally Posted by Didier Spaier View Post
So if I understand well and believe AMD's response I involuntary did spread FUD, as if someone gets root access on a computer all doors are of course open to do nasty things any way.

I am thus tagging this thread as [SOLVED], thanks abga for the link and Skaendo for the comment.
It's not that AMD doesn't have problems, it's just that it has been blown *WAY* out of proportion by some person(s) looking for fame or money.
 
Old 03-21-2018, 12:56 PM   #15
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 15.0 + Multilib
Posts: 2,159

Rep: Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512Reputation: 1512
Didier Spaier --

You're already famous in my book, but how much money did you make on this Thread ?

-- kjh
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Intel Expands Its Bug Bounty Program for Spectre Security Flaws with New Awards LXer Syndicated Linux News 0 02-15-2018 06:42 AM
Spectre and Meltdown are massive security flaws that affect almost every PC on Earth. Here’s what you need to know jeremy Linux - News 5 01-08-2018 08:33 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 06:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration