VOGONS


Reply 100 of 151, by orinoko

User metadata
Rank Member
Rank
Member

@386SX

Reminds me of the time many years ago (we consider 2003 'many years' right?) I put together a Cyrix MII-333 running Windows 3.1 and installed the IE5 + dialup stack on it. Dialed up to the internet on the machine and I was able to access quite a few websites with no real issues. I knew of the risks, such an old system on the internet OMG no! But the thing is, by that point everyone was worried about 9x/ME/2k/XP exploits that I highly doubted I would have problems connecting Windows 3.1 onto the internet. I mean, it was all win16 in a win32 world anyway!

Reply 101 of 151, by Firtasik

User metadata
Rank Oldbie
Rank
Oldbie

Some progress under Linux. 😎

Spectre and Meltdown mitigation detection tool v0.34 […]
Show full quote

Spectre and Meltdown mitigation detection tool v0.34

Checking for vulnerabilities on current system
Kernel is Linux 4.13.0-36-generic #40~16.04.1-Ubuntu SMP Fri Feb 16 23:25:58 UTC 2018 x86_64
CPU is AMD Athlon(tm)X2 DualCore QL-60

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: NO

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec: NO
* Checking count of LFENCE instructions following a jump in kernel: YES (70 jump-then-lfence instructions found, which is >= 30 (heuristic))
> STATUS: NOT VULNERABLE (Mitigation: OSB (observable speculation barrier, Intel v6))

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: YES
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
* Retpoline enabled: YES
> STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that your CPU is unaffected)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: NO
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

A false sense of security is worse than no security at all, see --disclaimer

11 1 111 11 1 1 1 1 1 11 1 1 111 1 111 1 1 1 1 111

Reply 102 of 151, by DosFreak

User metadata
Rank l33t++
Rank
l33t++

Guess MS finally thinks the Intel microcode is stable enough to offer for download. Hopefully they'll push via Windows Update eventually
https://arstechnica.com/gadgets/2018/03/micro … icrocode-fixes/

How To Ask Questions The Smart Way
Make your games work offline

Reply 103 of 151, by Firtasik

User metadata
Rank Oldbie
Rank
Oldbie

Thinkpad T430 (Core i5 Ivy Bridge) after the latest BIOS update with 'Spectre Variant 2' fixes. 😀

Attachments

  • T430Spectre.png
    Filename
    T430Spectre.png
    File size
    18.7 KiB
    Views
    1700 views
    File license
    Fair use/fair dealing exception

11 1 111 11 1 1 1 1 1 11 1 1 111 1 111 1 1 1 1 111

Reply 106 of 151, by DosFreak

User metadata
Rank l33t++
Rank
l33t++

Posting this here since it's the biggest thread on the issue:
https://www.cnet.com/news/amd-has-a-spectre-m … law-of-its-own/

I doubt it'll get much coverage though.

/EDIT hmmm
https://twitter.com/cynicalsecurity/status/97 … 591954096381952

How To Ask Questions The Smart Way
Make your games work offline

Reply 107 of 151, by bjwil1991

User metadata
Rank l33t
Rank
l33t
DosFreak wrote:

Posting this here since it's the biggest thread on the issue:
https://www.cnet.com/news/amd-has-a-spectre-m … law-of-its-own/

I doubt it'll get much coverage though.

Good thing I don't have a Ryzen processor or board (cost more than getting 3 new tires for my car). I have the FX-6300, which has one vulnerability, but not the other.

Discord: https://discord.gg/U5dJw7x
Systems from the Compaq Portable 1 to Ryzen 9 5950X
Twitch: https://twitch.tv/retropcuser

Reply 109 of 151, by DosFreak

User metadata
Rank l33t++
Rank
l33t++

Updated Intel microcode for Coffee Lake, Kaby Lake and Skylake
https://support.microsoft.com/en-us/help/4090 … crocode-updates

How To Ask Questions The Smart Way
Make your games work offline

Reply 110 of 151, by bjwil1991

User metadata
Rank l33t
Rank
l33t

That's a lot of lakes. Michigan has 11,000 lakes. However, Intel has cool codenames for their processors, though.

Discord: https://discord.gg/U5dJw7x
Systems from the Compaq Portable 1 to Ryzen 9 5950X
Twitch: https://twitch.tv/retropcuser

Reply 111 of 151, by F2bnp

User metadata
Rank l33t
Rank
l33t
DosFreak wrote:
Posting this here since it's the biggest thread on the issue: https://www.cnet.com/news/amd-has-a-spectre-m … law-of-its-own/ […]
Show full quote

Posting this here since it's the biggest thread on the issue:
https://www.cnet.com/news/amd-has-a-spectre-m … law-of-its-own/

I doubt it'll get much coverage though.

/EDIT hmmm
https://twitter.com/cynicalsecurity/status/97 … 591954096381952

Yeah, this looks super fishy.

https://forums.anandtech.com/threads/amdflaws … s-this.2540299/

"The white paper ends by saying all of these vulnerabilities require admin-level privileges."

"Accessing the Secure Processoris done through a vendor supplied driver that is digitally signed."

My favorite is the following disclaimer:

"Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports. Any other organizations named in this website have not confirmed the accuracy or determined the adequacy of its contents."

Reply 113 of 151, by croton64

User metadata
Rank Newbie
Rank
Newbie

Bugs are real, but there's much hype around them.
Even Trail of Bits, the company they've used to confirm the findings are moderated with their wording.
CTS-Labs is the face of a financial movement, at least from what i've read so far.

Reply 114 of 151, by bjwil1991

User metadata
Rank l33t
Rank
l33t

Checked for the major bugs on my ASUS X54C-RB01 running Lubuntu 17.10.1 LTS, and it says not vulnerable (Celeron Dual-Core B820), and it might change if I installed the Core i3 processor.

Discord: https://discord.gg/U5dJw7x
Systems from the Compaq Portable 1 to Ryzen 9 5950X
Twitch: https://twitch.tv/retropcuser

Reply 115 of 151, by xjas

User metadata
Rank l33t
Rank
l33t

Interesting to see this thread back. I updated my Xeon E5440 machine recently from Linux Kernal 4.4.x (vulnerable) to 4.13.37 (patched) and ran some before & after benchmarks with Blender, Smallpt, & Octave (multithreaded code.) I saw zero measurable slowdown. Any tiny signal that might be there is within the margin of error of the benchmarks themselves. You might be able to resolve some small slowdown with rigorous scientific-like testing (multiple runs, control systems, statistical error analysis), but I doubt it's anything that you'd notice in normal activity. Granted, I didn't cover every possible use-case with those benchmarks, but for what I do that machine I haven't noticed a thing.

Patch your systems!

twitch.tv/oldskooljay - playing the obscure, forgotten & weird - most Tuesdays & Thursdays @ 6:30 PM PDT. Bonus streams elsewhen!

Reply 116 of 151, by dr_st

User metadata
Rank l33t
Rank
l33t

Others have reported ridiculous slowdowns in some specific cases. Also, Windows and Linux response to patching may be different, and since we are talking about at least two distinct vulnerabilities, with different software patches, some withdrawn ones, and dependence on CPU microcode patches as well, there are just too many variables for me to be certain that I understand everything.

Maybe I should say "Don't patch your systems!"???

https://cloakedthargoid.wordpress.com/ - Random content on hardware, software, games and toys

Reply 117 of 151, by bjwil1991

User metadata
Rank l33t
Rank
l33t

Here are the results after installing updates on my Compaq Presario C700 notebook running Windows 7 Pro SP1 32-bit running on an Intel Core2Duo T8100 CPU:

vulnerabilities.png
Filename
vulnerabilities.png
File size
31.18 KiB
Views
1254 views
File license
Fair use/fair dealing exception

Meltdown bug is patched, Spectre isn't, no microcode, and the performance says it's slower, even though I have a 120GB SSD installed.

Edit #1

I trimmed the SSD recently to no avail, and I believe that determines the desktop usage or something.

Microsoft is working on a microcode patch, as well as the spectre patch since the ones they released months ago Blue screened machines across the whole world due to more bugs (irony). My ASUS X54C isn't vulnerable since that has the microcode for the Intel CPU patched, as well as the spectre and meltdown bugs patched with the latest Kernel (64-bit OS).

Edit #2

vulnerabilities-2.png
Filename
vulnerabilities-2.png
File size
30.91 KiB
Views
1252 views
File license
Fair use/fair dealing exception

Installed the preview Monthly update, and all 3 are vulnerable (Microcode, Meltdown, and Spectre, while the performance is rated good). Also, the Microcode isn't available for the type of processor I have unfortunately... 😠 😵 and unfortunately, my main desktop is in storage right now, which I need to check for updates, install them, and smoke test the InSpectre program to see what's patched, and what ain't.

Will update as soon as I install more updates... again.

Discord: https://discord.gg/U5dJw7x
Systems from the Compaq Portable 1 to Ryzen 9 5950X
Twitch: https://twitch.tv/retropcuser

Reply 118 of 151, by candle_86

User metadata
Rank l33t
Rank
l33t
spiroyster wrote:
Itanium and early Atoms don't suffer it (but who uses them?). […]
Show full quote
appiah4 wrote:

No intel cpu since and including the Pentium Pro is safe to use unpatched.

Itanium and early Atoms don't suffer it (but who uses them?).

What this means for older hardware is that, pre Win7, there will be no 'official' patches, so basically any old OS (9X, ME, 2K, XP, Vista, unpatched old linux distros) and old hardware shouldn't be online (or at least don't keep sensitive info that you don't mind loosing on it). It's probably ended the use of a lot of these systems as daily drivers for people who still use them, but then again these systems can't be kept up to date (no patches, updates etc coming their way) anyhows so do people that use these as daily drivers care? who knows. It's not like this is the only security flaw that these old machines/OS suffer from which will never get patched though, although this one is fairly far reaching since the scope of the effected systems (pretty much most consumer CPU architectures in the last number of years at least).

People seem to think this is an Intel only problem... It is not... while Intel suffer Meltdown (and bad PR), AMD, ARM, POWER...all suffer Spectre.... so thats like every iPhone/iPad that exists and most (if not all) android phones o.0.... or put another way, anything that can play a youtube video at 'enough' quality thats worth it these days.

Maybe but I'd also image windows 9x would be fairly secure these days, no one rights code to target the 9x kernel anymore, so unless someone is using KernalEX they should be relativly safe anyway. It's the same mantra apple existed in for the longest time, secure by being obscure.

Reply 119 of 151, by Horizons

User metadata
Rank Newbie
Rank
Newbie
Firtasik wrote:

The performance impact is rather negligible for typical desktop usage.

Still feels snappier than Meltdown-free Phenom II. 🤣

Just comparing SPEC results, it actually looks like there's a pretty big drop on some subtests, especially branchier ones.

http://spec.org/cpu2017/results/res2017q4/cpu … 1003-00102.html (pre-mitigation)
http://spec.org/cpu2017/results/res2018q2/cpu … 0403-04894.html (post-mitigation)