• Welcome to BellGab.com Archive.
 

S.P.E.C.T.R.E. meltdown!

Started by Jackstar, January 18, 2018, 02:29:14 PM

Jackstar

QuoteJanuary 18 2018
BUSTED: RECENT INTEL PROCESSOR (MELTDOWN) SCANDAL INVOLVES INTEL PROCESSORS ONLY, SANDY BRIDGE FORWARD
Spectre is such a small problem I would not worry about it on an AMD or ARM platform. I would worry about it on an Intel platform though. They released to the public a lie to cover for the fact that Intel's Vpro core was an intentional back door for the NSA. The memory vulnerability, (if it exists at all) is a sideshow, and ARM and AMD were back stabbed with claims they had the same problems just to either help Intel, or cover for the fact that the vulnerability was intrinsic to hardware, and specifically the separate Vpro processor that was onboard every Intel chip from Sandy Bridge forward. If you want to be realistc about things, the Spectre bug is simply a no show on AMD and ARM, because it is simply too hard to do to them for it to mean anything, and AMD and ARM are not affected by the Meltdown bug AT ALL.
In 2011 I outlined the problem in a report titled "Is Intel's Sandy Bridge on a road to nowhere?" I pointed out the problem - a second on chip processor that was always on, even when the power was turned off, and this processor could clandestinely switch on any part of the computer when it received a remote command. Intel marketed this as "making the administrator's job easier" because an administrator could install updates and get data while all employees were at home asleep, and everyone would simply arrive to work the next day with everything updated because even if their power was turned off, their computers could receive updates anyway.

PROBLEM: All encryption keys any system had were held on this second processor, which was not adequately secured AT ALL from the outside world. It allowed a total highway into anyone's system, and I said at that time that the only real reason why this would be done would be to allow intelligence agencies access whenever they wanted, - access no one could stop because the encryption keys were right there for the intelligence agencies to use. Sandy Bridge, and all processors forward,A TOTAL OF 1,487 different models of Intel chips had this right up to every Intel chip made today.

So everything was fine and dandy, as long as only a few ex NSA people who could be acceptably contained tried to spread the word on sites like this one and no one got the NSA tools that are used to access these processors. After all, if it was only me blowing the whistle in 2011, they could just blow it off. PROBLEM: About 8 months ago, someone inside the NSA released all these tools to the public in a "wiki" type release, and now, 8 months later hacker Joe is playing NSA and the NSA simply does not want that. This is the ONLY REASON, AND I MEAN ONLY reason why the "bug" was "mysteriously found" by some hoax fraud jackass who "read thousands and thousands of pages of Intel processor manuals, and found it". YEAH RIGHT, BULLSHIT.

So I knew, from early 2011, that everything from now on had to be AMD.

Seems legit.

Jojo

Quote from: Jackstar on January 18, 2018, 02:29:14 PM
Seems legit.
Who did you quote and why did their name not show after the quotation marks?


Jackstar

This is so much more convenient for everyone.

Quote from: Jackstar on January 20, 2018, 05:20:10 PM
This is so much more convenient for everyone.

Well for an extra $20.92, Dell will sell you a lapper that supposedly has the Intel ME disabled.  I thought that was only available on systems
sold for Government use but it would seem that is no longer the case.


albrecht

Quote from: Jackstar on January 20, 2018, 05:20:10 PM
This is so much more convenient for everyone.
I'm not doubting the NSA and other agencies are "involved" with the various tech companies and I like their allusions when naming their secret programs- but that is my main problem with the theory. Presumably "code names" for "super secret" plans would be randomly assigned so even the revealing of the name wouldn't grant an idea of what the program is about. Naming a "super secret" project to allowing, essentially, spying on everyone after Odin's ability to do so (which he got by losing an eye- short version) doesn't seem secure. Then again the spooks could be naming projects so closely to what the project so that if it comes out it would seed some doubt in the public's eye: "you really think we would be so stupid to name a secret project by a name giving away the purpose?" "Come on, nothing to see here but some people's 'conspiracy theory' and some accidental chip design problems.")

Jackstar

Quote from: albrecht on January 20, 2018, 06:13:49 PM
Presumably "code names" for "super secret" plans would be randomly assigned

I don't find it plausible that the company was randomly named, "Intel."



Quote from: albrecht on January 20, 2018, 06:13:49 PM
"you really think we would be so stupid to name a secret project by a name giving away the purpose?"

https://en.wikipedia.org/wiki/The_Purloined_Letter

albrecht

Quote from: Jackstar on January 20, 2018, 06:22:05 PM
I don't find it plausible that the company was randomly named, "Intel."
Or that they informally call the intelligence agency" the company" and the other one (of now many) "no such company."

Good points above.

Jackstar

Quote from: albrecht on January 20, 2018, 06:38:01 PM
and the other one (of now many) "no such company."


I'm old enough to remember when popular opinion of the existence of the National Security Agency was right up there with the existence of Bigfoot. "hahah they can't listen to all the phonecalls, that's impossible"



yeah sure right.

Juan

I have a friend who calls once a week to complain about everything. As she is an old woman with only two cats, the “conversations” are never less than an hour. My contribution is an occasional grunt while I read Bellgab. I certainly hope that some NSA bastard has to listen to it.

albrecht

Quote from: Juan on January 21, 2018, 11:01:47 AM
I have a friend who calls once a week to complain about everything. As she is an old woman with only two cats, the “conversations” are never less than an hour. My contribution is an occasional grunt while I read Bellgab. I certainly hope that some NSA bastard has to listen to it.
"They" will tell you it is comparatively low-pay but the real reason is above.  ;) When "they" are going for electronic systems to "listen," record, and data-mine.
http://www.chicagotribune.com/news/nationworld/ct-nsa-losing-talent-20180102-story.html

Jackstar

Quote from: Juan on January 21, 2018, 11:01:47 AM
I certainly hope that some NSA bastard has to listen to it.

Machines parse the recordings. A human doesn't get to peruse the index/ToC of every call one has ever participated in until robots put up a flag.

Most people do not realize--at all--that modern computing was invented in the 1800s. Everything a TRS-80 could do, could be done by steam pistons and vacuum tubes a hundred years prior, albeit with wildly gross inefficiency.

When the transistor was developed in the Fifties, it was then possible to get those same systems working on a much more affordable and ubiquitous scale. But before the hardware existed to run it, software to manage every aspect of human life was already being deliberated, designed, authored, & tested.

Before the technology to manufacture millions of touchscreens went online, decades of research and development went into preparing technological gates* for that inevitable future.

The reader is encouraged to draw their own conclusions from this point forward. Namaste.



Ummmmm....

https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html

in 4 bytes...


Ummm...    ermm....      oooooooo......             Duh...

Yeah, in 4 Bytes   
(Still think I'm fucking w/ Y'all ?  )       4 Bytes       :o

Jackstar

>tfw your only computer crime for four decades has been globally relentless shitposting

[attachment=1]


That "God Mode" is some freaky shit guys:


Jackstar

After years of knowing it's there, and seeing it vividly portrayed in cinema, it's surreal to actually watch it being done.

Thanks, Hillary!


Quote from: Walks_At_Night on October 11, 2018, 06:34:32 PM
That "God Mode" is some freaky shit guys:


nice assembler code...      Thanx.     ;)

Quote from: Jackstar on October 11, 2018, 08:56:13 PM
After years of knowing it's there, and seeing it vividly portrayed in cinema, it's surreal to actually watch it being done.

Thanks, Hillary!
LOL - I think you're mis-directing.
It should be: "Karma is a bitch, Intel."    ;)


The best explanation I've come across so far:   Say What ?    for the lay-person.
Like I've mentioned before - this is a hardware problem.   It Cannot Be Fixed By Software Means for the plain and simple fact that it operates UNDER the software level. Even the BIOS / EUFI can NOT mitigate it.

BTW - this was a "FUNCTION" that was hard coded into the chips - from Israel.
(Everything from the Pentium II forward was designed in Israel.)      >:(

Jackstar

Quote from: (Sandman) Logan-5 on November 01, 2018, 04:42:04 AM
BTW - this was a "FUNCTION" that was hard coded into the chips - from Israel.
(Everything from the Pentium II forward was designed in Israel.)      >:(

[attachment=1]


Designs for new AMD line revealed. Should be competitive.

Quote
Now, the same team of cybersecurity researchers who discovered original Meltdown and Spectre vulnerabilities have uncovered 7 new transient execution attacks affecting 3 major processor vendorsâ€"Intel, AMD, ARM.

While some of the newly-discovered transient execution attacks are mitigated by existing mitigation techniques for Spectre and Meltdown, others are not.

https://thehackernews.com/2018/11/meltdown-spectre-vulnerabilities.html

In Depth Details on the attacks:   https://arxiv.org/abs/1811.05441


Jackstar

https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/

QuoteThe researchers [...] have found that "a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem" reveals memory layout data, making other attacks like Rowhammer much easier to carry out.

The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior.

"We have discovered a novel microarchitectural leakage which reveals critical information about physical page mappings to user space processes," the researchers explain.

"The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments."


[attachment=1]

I'll say it again: You can't securely mitigate a hardware bug / feature with a software solution. There is always another way around it.

Quote“This newly disclosed attack bypasses all known mitigation mechanisms implemented in response to Spectre and Meltdown,”

https://threatpost.com/new-swapgs-side-channel-attack-bypasses-spectre-and-meltdown-defenses/147034/

ChromeOS and android are also affected.

Intel has no plans to dump speculative execution and revamp the chip. (Ryzen will blow them out of the water if they did.)
Those assholes want to shift the problem onto the code jockeys.
That built in backdoor must have been a gold-mine for the NSA and a cash cow for Intel.

https://www.digitaltrends.com/computing/intel-ice-lake-wont-rid-spectre/



Powered by SMFPacks Menu Editor Mod