Quantcast
[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology


View post   

[ Toggle deleted replies ]
File: 561 KB, 1930x1960, Zen Secure.jpg [View same] [iqdb] [saucenao] [google] [report]
64141073 No.64141073 [Reply] [Original] [archived.moe] [rbt]

None at all. AT-FUCKING-ALL.
It's just physically impossible due to Zen's very structure of the architecture. Don't fall into believing BS FUD produced by random shitheads on internet. There are NO vulnerabilities in Zen.
For more info see this:
http://www.youtube.com/watch?v=qgiUuTmXyGs

>> No.64141105
File: 201 KB, 1345x960, Zen is Flawless.jpg [View same] [iqdb] [saucenao] [google] [report]
64141105

>> No.64141118

Too much conflicting shit about AMD. It's either affected by 1 of the vulnerabilities or none of them, with reputable people disagreeing.

>> No.64141139

Delid this

>> No.64141156 [DELETED] 

>>64141118

>> No.64141160

>>64141118
It's not affected by Spectre 1 as that one is executed strictly on Operating System's side, which means that security patches should be provided by OS maker and it has nothing to do with AMD. Even if someone tries to attack Zen through Spectre 1, it's downright impossible because Zen's SEV automatically blocks any attempts at accessing ring 0 from ANYWHERE. Basically what this means is that SEV fully protects from BOTH Spectre 1 and Spectre 2 right out-of-the-box. Literally fucking FLAWLESS and ABSO-FUCKING-LUTELY IMPENETRABLE.

>> No.64141168

>>64141118
Fight your Intel urges anon

>> No.64141177

>>64141160
>>64141168
Even if Zen has the extra protection, if it's an OS level thing and security patches should / can fix it, why is it labeled as "not possible" for Intel?

>> No.64141178

>>64141118
it's not affected by meltdown which is the only one that matters

>> No.64141182

because AMD is shit and can't even multi-thread

fucking lol

>> No.64141231

>>64141177
>why is it labeled as "not possible" for Intel?
Because Inturd Core i series' very structure, which is monolithic as fuck, allows that. Zen is not one single ring 0, it's several separate modules (think like QubeOS, but a CPU), while Inturd's trash is STILL one single module even up to this very day. Jews fucked up big-time and now they'll suffer for their arrogance. Gas and burn the kikes, I say. Fuck 'em. Fuck 'em good.

>>64141178
It's not affected by ANYTHING. Meltdown, Spectre 1 & 2, doesn't matter - SEV provides ABSOLUTE projection for Zen's ring 0.

>> No.64141235

>>64141177
it chip specific hack, intel/Microsoft/linux need to make custom setting for each chip

>> No.64141243

All of this seems like fear mongering. If the most worrisome method of attack for the normal user would be some malicious javascript ad or whatever, browser updates would probably be enough to make most people safe enough.

>> No.64141248
File: 944 KB, 1228x1502, IFHFASGFM.png [View same] [iqdb] [saucenao] [google] [report]
64141248

>>64141182

>> No.64141273

>>64141073
>There are NO vulnerabilities in Zen.
False.

There aren't any known ones directly related to this.

>> No.64141274

>>64141243
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

>> No.64141275

>>64141231
>like QubeOS, but a CPU
that's orgasmic

>> No.64141345

>>64141182
Still stuck on FX era?

>> No.64141373

>>64141273
>autism, the post

>> No.64141406

>>64141373
He's not wrong tho...

>> No.64141413

Intel Cucks trying to pathetically defend themselves, it's over, just fucking give up.

AMD is superior, Apple Ax is superior,

>> No.64141426

Does anybody know if iphone is affected?

>> No.64141431
File: 1.13 MB, 232x181, Curry, but not Pajeet.gif [View same] [iqdb] [saucenao] [google] [report]
64141431

>>64141345
Post MFW/TFW/YFW fucking FAILDOZER makes a SUDDEN comeback out of nowhere and is BETTER than ALL of the TRASH Inturd shitted out in the last 10 years WHILE being super-cheap now
>MFW AMD fully and completely foreseed this, MFW AMD planned this all along, FOR ALL THESE YEARS

>> No.64141455

>>64141406
he's also a faggot, go suck his dick why dont you

>> No.64141460

>>64141105
I disagree with varient 3, you can use a times JS to effectively DOS attack the hardware forcing the cache dumps to cost the system a fuckton of performance while being able to slip in dirty code and pull sensitive data. Other than that yes everything is fine.

>> No.64141461

This isn't going to end well for Intel is it? I went from FX to Ryzen. I don't really feel this issue as much as people with Intel I'd imagine. Although my server has an Intel Pentium in it. Time to get an R3-1200/am4 setup going.

>> No.64141497

>>64141460

--> >>64141073. Video. Watch it.

>> No.64141503

>>64141455
You must just be here for the shitposting because everything you are saying is retarded. On the most fundemental level everyone knows nothing is totally secure.

>> No.64141514

>>64141461
>Time to get an R3-1200
Too weak, literal homeless bum tier. 1400 and Zen APUs are the very bare minimum you should go these days.

>> No.64141521

>it's all just a ploy to get intel stocks down and AMD stocks up
>from now on this type of cyber disinfo warfare will be common place in tech because people made trillions on it from bitcoin
>bitcoin was a huge fucking test to get normies into stocks


It doesn't or within margin of error (<1%) affect videogames, excel or rendering, 99% of users are safe, too bad the 1% are like 99% of Intel's income.

>> No.64141527

>>64141118

Disinfo works on the simple minded. If only intel were as good at security as they are at bullshitting.

>> No.64141532
File: 3.56 MB, 256x188, 1486699408083.gif [View same] [iqdb] [saucenao] [google] [report]
64141532

>>64141503
>everyone knows nothing on Intel's side is secure

>> No.64141533

>>64141503
Intel shill try this hard

here fact
Intel also got Milion more unknown vulnerabilities.

>> No.64141535

>>64141514
My main build is an r7-1700X. I just need a low power solution to power my file/print server.

>> No.64141540

>intel
>inplying

>> No.64141586

>>64141527
They're not even any good at bullshitting, as literally no one believed in this http://www.techpowerup.com/235092/intel-says-amd-epyc-processors-glued-together-in-official-slide-deck lame retarded 12-year old tier garbage shit

>> No.64141589

>>64141533
AMD shill haha this is weak, check out this

here fact incoming
AMD got a Bilion unknown vulnerabilities but just like Linux, nobody cares because market share

>> No.64141613

>>64141589
>AMD got a Bilion unknown vulnerabilities
show me some then?

and someone will post a pdf about a pile of intel cpu bug

>> No.64141619

>>64141589
>nobody cares
Fake news, you care. that make your statement false

>> No.64141623

Intel may have licenced the superior AMD64 ISA but they obviously don't have the skill to implement it securely. Stick with the original inventors, only AMD.

>> No.64141632

>>64141613
Why are you even responding to him? He's absolute Intbecile, literal ostrich-brained victim of Jewish trickery and kike marketing.

>> No.64141634

>>64141273
reddit: the post

>hurr durr technuqally corect

>> No.64141665
File: 388 KB, 1803x1351, 1494333800044.jpg [View same] [iqdb] [saucenao] [google] [report]
64141665

>>64141623
>Stick with the original inventors
Remember that time long long ago when AMD literally began as a company by stealing Intel's designs and copy-pasting (essentially pirating) Intel processors? Those were some top-notch dank memery days, indeed.

>> No.64141677

>>64141533
>point out real world common knowledge accepted by entire security industry makes me an intel shill
Your autism is amazing anon

>> No.64141803

>>64141619
If I care, why am I not randomly knocking AMD cpus to look for problems? See I don't care! Now stop bothering me shudra.

>> No.64141832

>Intel CEO to employees: 'We are going to take more risks'
https://www.cnbc.com/2017/12/19/intel-ceo-in-memo-we-are-going-to-take-more-risks.html
>Intel's CEO reportedly sold shares after the company already knew about massive security flaws
https://www.cnbc.com/2018/01/04/intel-ceo-reportedly-sold-shares-after-the-company-already-knew-about-massive-security-flaws.html

Soo this is what he meant, lmao

>> No.64141845

>>64141243
quit trying to minimalize the damage and divide victims.
Home virtualization is at an all time high. Many people here have multiple virtual machines and vps running at this very moment.
This affects everybody either directly or indirectly.

>> No.64141848

Only thing I want to know is how ARM is even related to this shit.

>> No.64141869

>>64141848
Wasn't there a project where AMD worked with ARM? Those are invulnerable.

>> No.64141908

>>64141869
Well what I've read is that ARM is also vulnerable but how?? Makes to damn sense to me.

>> No.64141926

>>64141869
>Wasn't there a project where AMD worked with ARM?
Yes. It's called Zen, lul. However, by itself ARM, when not being contracted by AMD, is not even remotely close to being as good.

>> No.64141961

>>64141869
K12 was to be a 2-part design, desktop x86 and an ARM core, the ARM side was dropped after it was realised it was pointless

>> No.64141978

>>64141908
Zen uses ARM cores. But these are highly customized and altered cores, so they're absolutely not same as ARM's mobile cores. ARM has potential security vulnerabilities in it's mobile core segment, and that has nothing to do with Zen.

>> No.64142977

>>64141073
Can the poor anons afflicted with patched Intel systems run this benchmark? Post results.

https://forums.dolphin-emu.org/Thread-unofficial-new-dolphin-5-0-cpu-benchmark-results-automatically-updated--45007

>> No.64143079
File: 11 KB, 478x97, kernel.jpg [View same] [iqdb] [saucenao] [google] [report]
64143079

just a reminder.

>> No.64143230

>>64141832
He's Transferring his money to bank of Israel right now

>> No.64143233

>>64143079
Linus already freed AMD from the custody, you slowpoke. Only Intel gets fucked in all holes from now on.

>> No.64143253

>>64141978
>Zen uses ARM cores
This fucken guy.

>> No.64143265

>>64143253
It's literally 14LPP, matey.
Same shit as what ARM makes in mobile.

>> No.64143267

>>64143233
this is exactly what is on the code, do you even C?

>> No.64143288

>>64141073
Ryzen is vulnerable to spectre1. The only cpu where the PoC i have *didn't* work, was FX8350.

$ ./150696aaaff98d3e.spectre
Reading 40 bytes:
Reading at malicious_x = 0xffffffffffdfed88... Success: 0x54=’T’ score=2
Reading at malicious_x = 0xffffffffffdfed89... Success: 0x68=’h’ score=2
Reading at malicious_x = 0xffffffffffdfed8a... Success: 0x65=’e’ score=2
Reading at malicious_x = 0xffffffffffdfed8b... Success: 0x20=’ ’ score=2
Reading at malicious_x = 0xffffffffffdfed8c... Success: 0x4D=’M’ score=2
Reading at malicious_x = 0xffffffffffdfed8d... Success: 0x61=’a’ score=2
Reading at malicious_x = 0xffffffffffdfed8e... Success: 0x67=’g’ score=2
Reading at malicious_x = 0xffffffffffdfed8f... Success: 0x69=’i’ score=2
Reading at malicious_x = 0xffffffffffdfed90... Success: 0x63=’c’ score=2
Reading at malicious_x = 0xffffffffffdfed91... Success: 0x20=’ ’ score=2
Reading at malicious_x = 0xffffffffffdfed92... Success: 0x57=’W’ score=2
Reading at malicious_x = 0xffffffffffdfed93... Success: 0x6F=’o’ score=2
Reading at malicious_x = 0xffffffffffdfed94... Success: 0x72=’r’ score=2
Reading at malicious_x = 0xffffffffffdfed95... Success: 0x64=’d’ score=2
Reading at malicious_x = 0xffffffffffdfed96... Success: 0x73=’s’ score=2
Reading at malicious_x = 0xffffffffffdfed97... Success: 0x20=’ ’ score=2
Reading at malicious_x = 0xffffffffffdfed98... Success: 0x61=’a’ score=2
Reading at malicious_x = 0xffffffffffdfed99... Success: 0x72=’r’ score=2
Reading at malicious_x = 0xffffffffffdfed9a... Success: 0x65=’e’ score=2
Reading at malicious_x = 0xffffffffffdfed9b... Success: 0x20=’ ’ score=2
Reading at malicious_x = 0xffffffffffdfed9c... Success: 0x53=’S’ score=2

>> No.64143323

>>64141105
>near zero
that's not zero

>> No.64143339

>>64141073
Bullshit.
>>64141105
PR Bullshit.

AMD is affected and it's a fundamental flaw in the original AMD64 design. Intel just added icing to the cake, making them vulnerable to "Meltdown" too.

For a quick rundown, read
https://twitter.com/nicoleperlroth/status/948684376249962496
Then, check the papers.
Spectre (aka affects ALL vendors, including AMD, and has NO FIX. Everyone is affected by CVE-2017-5753 and CVE-2017-5715.

Please stop spamming that horribly incorrect info-graphic.

>> No.64143345

>>64143267
Linus gave up and officially paroled AMD yesterday. AMD is being excluded now.

>> No.64143376

>>64143288
Stop spreading FUD BS, kid.
Spectre 1 is even easier to deal with than Spectre 2, and AMD's SEV already completely protects Zen from Spectre 2. Neither Spectre 1 nor Spectre 2 won't work jack shit on Zen.

>> No.64143403

>>64143339
0/10. You need to try way harder than just that, kid.
People aren't as dumb as you are to be swayed by such blatant BS FUD fake news you're spreading here.

>> No.64143409

>>64143345
That fix addressed only "Meltdown", it makes sense to reserve it to Intel CPUs.

>> No.64143437

>>64143403
>I'll just namecall him pretending to be a big boi and I'll keep avoiding any actual independent and/or academic source

I did not expect anything different. It can't be helped

>> No.64143457

>>64143409
Spectre 2 and Meltdown are same kind of internal attacks, attempts to access ring 0. Zen is absolutely impenetrable to both of them due to SEV. They can't do jack on Zen.

>>64143437
Nice non-argument, kid. At least you tried.

>> No.64143558

>>64143457
>Spectre 2 and Meltdown are same kind of internal attacks
No, they're not. Read the fucking papers or press reports or the academic findings. You're mixing AMD unfounded speculations and wishful thinking.

>>64143457
>lelele kid
>I'll namecall again, it worked so fine!!!11
Read the fucking source or the independent report I kindly linked for mentally challenged individuals like yourself.
I can't force you to educate yourself, that's up to you.

>> No.64143586

>>64143558
>academic findings
KYS, fuckwit.

>> No.64143631

>However, for both ARM and AMD, the toy example as described in Section 3 works reliably, indicating that out-of-order execution generally occurs and instructions past illegal memory accesses are also performed.

AMD is vulnerable, there just isn't a specific implementation that targets them yet.

>> No.64143671

>>64141431
Proofs? Show me benchmarks.

>> No.64143710

>>64143671
>Intel garbage gets gimped by up to 67% in performance
>goes behind Bulldozer
>Give me proofs
Can't you just count? Not even on fingers?

>> No.64143726

>>64143586

Those academics were the ones who disclosed the vulns you brain dead cocksucker gtfo

>> No.64143731

>>64143631
>isn't a specific implementation that targets them
So - completely invulnerable, then. And there won't be any "specific implementations" as SEV absolutely impenetrable security measure.

>> No.64143772

>>64143631
and people can still find way hack intel even after patch.

Until it got hack it none issue

>> No.64143848

>>64143731
If its executing instructions past illegal memory accesses then its not completely invulnerable at all.

>> No.64143853

>>64143457
>due to SEV
you don't even attempt to hide the very simple fact that you got no fucking clue. SEV is for datacenters and host hardening, it won't change a single thing for single hosts and for each VM. At best, a compromised VM won't allow to compromise the host and other VMs in an unpatched Xen/OpenVZ6/Docker scenario. It may help. But it won't defuse Spectre. Sure it may help in making containers... contain again.
>Spectre 2 and Meltdown are same kind
That's an undue and dangerous over-simplification. They are both attacks leveraging the same logic, but they are absolutely not the same attack and they are not even leveraging the same CPU features. The attack dubbed as "Meltdown" is maybe easier to implement and it's what patches are for.

>> No.64143879

>>64143731
>So - completely invulnerable
you weren't the smartest guy in your class, right?

>> No.64143880

>>64141460
>you can use a times JS to effectively DOS attack the hardware
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

>> No.64143896

>>64143731
>SEV
pls staph, you don't know what SEV is and what it is for, we got it.

>> No.64143922
File: 15 KB, 1144x81, AMD_BTFO.png [View same] [iqdb] [saucenao] [google] [report]
64143922

It's been SHOWN to affect AMD, you fucking morons.

>> No.64143927

>>64143848
>executing instructions past illegal memory accesses then
It can't be done when SEV is there. Such attempts get cockblocked immediately on spot.

>> No.64143943

>>64143922
https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)

>> No.64143949

>>64143922
>He trusts anything Google shitposts out
KYS.

>> No.64144002

>>64143927
No they don't, all that adds is a layer of encryption overtop the data, they're still getting the data its just encrypted, and encrypted data can always eventually be unencrypted.

It sounds like you have literally zero clue what you are talking about.

>> No.64144053

>>64143922
>6.4 Limitations on ARM and AMD
>We also tried to reproduce the Meltdown bug on several
>ARM and AMD CPUs. However, we did not manage
>to successfully leak kernel memory with the attack de-
>scribed in Section 5, neither on ARM nor on AMD.

>> No.64144065

>>64144002
>No they don't
http://www.youtube.com/watch?v=qgiUuTmXyGs
>they're still getting the data
They don't and they can't. See video above. They can't scrape shit.

You are a fucking lamer, kid.

>> No.64144425

>>64141118
>reputable
maximum damage control
what saddens me is that the likes of reuters are reporting according to intel's spiel, i.e., the ambiguous phrasing that makes it appear that all is lost on euqal terms for every cpu in the world but with plausible deniability that you didn't read it right and should take into account the peculiarities involved, which they conveniently didn't expand on.

Intel press release must have been written by a dual major in law and PR, a spawn from hell.

>> No.64144568

>>64144425
intel mkting probably went like:
>oh god we fug, wat do
>we have to make an official statement asap but that will doom us all
>us all
>intern says
>you know that issue that is an open secret to chip´makers, a hard to tackle problem technically but has negligible valid risks and thus no has ever bothered to fix yet?
>yes
>why don't we throw it into the release to muddy the waters, so we can plausibly drag both amd and arm names along with us in this mess?

>> No.64144596

>>64141961
Not dropped officially but it's been put on hold in favor of Zen. They were apparently going to revive it in the future for low power microservers and stuff at some point.

>> No.64144721

>>64144065
Please educate yourself on what SEV is. See >>64143896 and >>64143853 for pointers.

>>64141118
AMD is vulnerable in every and all Spectre-related advisories and papers.
https://www.kb.cert.org/vuls/id/584653 is just the latest addition.

>> No.64144752

/g/ goes to /pol/
they spot a shill from a mile away, they effortlessly and intuitively simply sense a larper, they catgorize every fallacy correclty, including all of those outside the sticky, get bored with their overall lack of inteligence and come back to
/g/ on /g/
where they eat up press releases, paid advertisements disguised as real pieces, rumors and acour the net to find each 1k subscriber moron on youtube, each 10 replies posts on plebbit, every fora, to revalidate their particular brand of confirmation biases.

>> No.64144770

>>64144721
>AMD is vulnerable in every and all Spectre-related advisories and papers.
Google says otherwise.
>>64144053

>> No.64144782

>>64144770
oshit, that was the meltdown vulnerability that actually matters, nvm lol

>> No.64144790

>>64144770
No, it doesn't says otherwise. Read the whole thing.

>> No.64144793
File: 971 KB, 484x682, JUST.png [View same] [iqdb] [saucenao] [google] [report]
64144793

>>64144568

>> No.64144819

Until someone in the security community actually clarifies how AMD and ARM are affected by Spectre and proposes a fix I'm going to assume it's bullshit to deflect from Meltdown which is apparently a considerably more serious problem anyway.

>> No.64144824

>muh SEV
Hahahahaha /g/

>> No.64144871

>>64144721
NO. PHYSICALLY. IMPOSSIBLE.

>> No.64144894

>>64141073
How can I get use on Spectre1 and 2 some use on Intel servers?

>> No.64144941

>>64144894
You'll have to figure it out by yourself, pajeet

>> No.64144973
File: 77 KB, 645x729, 1500987803422.png [View same] [iqdb] [saucenao] [google] [report]
64144973

>>64144871
>NO. PHYSICALLY. IMPOSSIBLE.

>> No.64144982

>all this discussion and shitstorm over a vulnerability that nobody here could even implement given all the tools
Just accept it, we're all dumb fucks discussing about stuff we dont even understand

>> No.64144985
File: 462 KB, 633x758, 71a.jpg [View same] [iqdb] [saucenao] [google] [report]
64144985

>>64143339
your source is a fucking twitter feed?

>> No.64145001

https://www.amd.com/en/corporate/speculative-execution

AMD quite literally says there's zero evidence that the second and third variants of the Spectre vulnerability apply to their chips. The first variant does apply to their chips but is mitigated by OS level fix that does not significantly affect performance.

>> No.64145018
File: 205 KB, 807x745, 1502213714324.png [View same] [iqdb] [saucenao] [google] [report]
64145018

ITT: intel damage control meltdown

>> No.64145070

>>64145001
>The first variant does apply to their chips but is mitigated by OS
So it doesn't apply, then, as it's being cockblocked on OS level. And even if it goes past it, SEV blocks it anyway.

>> No.64145133

>>64144985
Your reading comprehension skills never evolved after first grade? The referenced "quick rundown" is, guess what, a quick rundown. For all those people who, evidently, didn't read (because they have ADHD or they lack the appropriate rhetorical skills, not the mention scientific ones) the academic papers or who simply aren't into IT. It's from an independent and reputable third party rather than from PR Depts and Press Releases from this or that vendor. Why pointing to such a neutral source is commendable is left as an exercise to the reader.
Moreover, the "source" are the paper themselves and the advisories released so far.

>> No.64145154

>>64141832
The board had been planning to replace Krzxnaichvovocichcvich for some time now, his share sell had been appropriately registered and filed ahead of time.
It's got absolutely nothing to do with an inherent security exploit built into the main hardware function of their products since the Pentium was updated/fixed 23 years ago.

>> No.64145167

>>64145070
>SEV
Stop it already. >>64144721 >>64143896 >>64143853

>> No.64145379

>>64145167
Your buttmad is delicious, Intbecile.

>> No.64145507

Is there any windows test scripts out there or just linux? I want to see if my FX is vulnerable

>> No.64145675

>>64145379
>lelelel meems and namecalling
Again.
>>64143558
>I can't force you to educate yourself, that's up to you.
Reiterating the same rhetorical fallacy and the same incoherent blabbering 1000 times won't make an argument ever. For some reason you've decided to spread uninformed opinions on a vulnerability you didn't comprehend, on top of it you decide to connect few excerpts here and there with AMD technologies you don't even know about. What's the endgame in all this is unknown. Maybe it's Dunning-Kruger. Maybe it's a poor attempt to compensate with real life. I don't know. It's pretty stale and unfunny now anyway.

>> No.64145712

>>64145675

>>64144635

>>
Name (leave empty)
Comment (leave empty)
Name
E-mail
Subject
Comment
Password [?]Password used for file deletion.
Captcha
Action