Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




2676 posts

Uber Geek
+1 received by user: 1201

Trusted
Lifetime subscriber

# 249526 15-May-2019 07:21
Send private message quote this post

https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/
I introduce Spectre and Meltdown. Part III

This is pretty bad, and just as bad as the last two.

That along with the RDP vulnerability that came out recently.





Create new topic
142 posts

Master Geek
+1 received by user: 47


  # 2237120 15-May-2019 07:50
One person supports this post
Send private message quote this post

The frustrating part of these exploits is not so much the security vulnerability but rather Intel's solutions affecting performance. This microcode patch is going to be a 3% hit. Taking into consideration the previous patches as well we are looking at a 10% hit in total to performance. 


2335 posts

Uber Geek
+1 received by user: 405

Trusted
Subscriber

  # 2237126 15-May-2019 08:00
Send private message quote this post

I'm guessing that these researchers are now on AMD's payroll?

 
 
 
 


1053 posts

Uber Geek
+1 received by user: 209


  # 2237139 15-May-2019 08:19
Send private message quote this post

Na AMD will be hit just as hard if they ever become big enough to target. Last I heard it's still sub 10% so unless you have something juicy its just not worth the effort. Both are pretty guilty of taking "shortcuts" in the name of performance that opens risk





Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

1053 posts

Uber Geek
+1 received by user: 209


  # 2237140 15-May-2019 08:20
Send private message quote this post

Still, Fun fun fun been for IT guys patching this in secure enviroments





Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 



2676 posts

Uber Geek
+1 received by user: 1201

Trusted
Lifetime subscriber

  # 2237145 15-May-2019 08:31
One person supports this post
Send private message quote this post

Beccara:

 

Still, Fun fun fun been for IT guys patching this in secure enviroments

 

 

I hear you.... But if you don't have a process to patch in airgapped networks then you're opening yourself up to compromise. All it takes is one idiot to inadvertently plug a non-authorized device into the network to bring it down. Anyone say UK NHS and WannaCry. That being said moving the USB thumb drive between networks to hold the patches is an attack vector, hence why you need to manage things properly.






20078 posts

Uber Geek
+1 received by user: 6121

Trusted
Lifetime subscriber

  # 2238159 15-May-2019 09:23
Send private message quote this post

premiumtouring:

 

The frustrating part of these exploits is not so much the security vulnerability but rather Intel's solutions affecting performance. This microcode patch is going to be a 3% hit. Taking into consideration the previous patches as well we are looking at a 10% hit in total to performance. 

 

 

Which would pretty much revert us to the performance gains over the last 5+ years.


1053 posts

Uber Geek
+1 received by user: 209


  # 2238160 15-May-2019 09:24
Send private message quote this post

Yeah its all just man-hours, Almost just need to employ a person who does nothing but running around doing 0-day mitigation. Gotta love the MS blog title, They ain't messing around

 

Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

2069 posts

Uber Geek
+1 received by user: 182

Trusted

  # 2238302 15-May-2019 12:12
Send private message quote this post




Generally known online as OpenMedia, now working for Red Hat New Zealand as a Solution Architect for all things Linux, Virtual and of course Cloud. Still playing with MythTV and digital media on the side.

142 posts

Master Geek
+1 received by user: 47


  # 2238343 15-May-2019 13:25
Send private message quote this post

"An Apple support document on the ZombieLoad vulnerability provides details for "full mitigation" protection that can be enabled for customers with computers at heightened risk or that run untrusted software on their Macs.

Full mitigation requires using the Terminal app to enable additional CPU instructions and disable hyper-threading processing technology, which is available for macOS Mojave, High Sierra, and Sierra, but not on certain older machines. Apple says full mitigation could reduce performance by up to 40 percent, so most users will not want to enable it.

According to Intel, its microcode updates will have an impact on processor performance, but for the patch that Apple released in macOS Mojave 10.14.5, there was no measurable performance impact. Apple's fix prevents the exploitation of ZombieLoad vulnerabilities via JavaScript in Safari."

 

As much as 40%. Jesus.

 

I'd be super interested in seeing CPU reviewers go back and re:benchmark these "patched" Intel processors, and see whether or not they still hold water versus the AMD counterparts in testing.


20078 posts

Uber Geek
+1 received by user: 6121

Trusted
Lifetime subscriber

  # 2238349 15-May-2019 13:31
Send private message quote this post

40%, seriously?

 

I am wondering what precedent there would be for a class action law suit? 

 

I will be interested to see what Windows Performance hit ends up as?

 

 


1053 posts

Uber Geek
+1 received by user: 209


  # 2238372 15-May-2019 13:58
Send private message quote this post

Hopefully it's like the specter patches that had a 30% performance hit but only on some odd ball use cases. We saw 1-2% at best which was what others were seeing too





Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

349 posts

Ultimate Geek
+1 received by user: 201

Lifetime subscriber

  # 2238410 15-May-2019 15:18
Send private message quote this post

The 40% performance hit would come from disabling HYPErthreading, if and only if the target application set could actually advantageously use HYPErthreading.

 

It is interesting to note that BSD has HYPErthreading turned off by default, not only because of the security issues it brings, but also because many workloads - particularly server-type workloads - don't gain any advantage, and sometime a disadvantage, from having it on.

 

In the Windows world, it was regarded as Best Practice to turn off HYPErthreading for MS SQL Server instances, for example.

 

 

 

YMMV

 

 

 

And isn't it interesting to have both AMD and ARM come out and say words to the effect of "We don't have this issue, it's an Intel® special"


1443 posts

Uber Geek
+1 received by user: 275

Subscriber

  # 2238436 15-May-2019 15:49
Send private message quote this post

Both my iMac and MacBook, as part of 10.14.5 came up with firmware updates which has:

 

 Hyper-Threading Technology: Enabled

 

In 'System Information' along with an updated BootROM which makes wonder whether it has been patched with the new microcode as well. I haven't noticed any performance degradation but then again I really haven't stress tested it much since the update.





Laptop: MacBook Pro (15-inch, 2017)
Desktop: iMac (27-inch, 2017)
Smartphone: Samsung Galaxy S10+ 128GB - Prism Green
Additional devices: Unifi Security Gateway, Unifi Switch, Unifi AP AC HD, Unifi Cloud Key
Services: G-Suite, YouTube Premium, Wordpress, Spark

 


1053 posts

Uber Geek
+1 received by user: 209


  # 2238441 15-May-2019 15:53
Send private message quote this post

Worth keeping an eye on ARM and Intel but even with a 40% hit on everything Intel still win in thermal/power management in a rack





Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

179 posts

Master Geek
+1 received by user: 75


  # 2239685 17-May-2019 08:56
Send private message quote this post

PolicyGuy:

 

It is interesting to note that BSD has HYPErthreading turned off by default

 

 

OpenBSD does, because Theo decided it would be so. Other BSD distros like FreeBSD, macOS haven't done this.


Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Video game market in New Zealand passes half billion dollar mark
Posted 24-May-2019 16:15


WLG-X festival to celebrate creativity and innovation
Posted 22-May-2019 17:53


HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.