Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


New "Zombieland" attack and intel lied and betrayed us
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

New "Zombieland" attack and intel lied and betrayed us

jsgjsg Member, Resident Benchmarker

You thought, you are secure at least with the new Cascade Lake processors from intel and, if installing intels patches, on older intel processors too? You are wrong.

(Meanwhile quite well known) researchers at the university of Graz (Austria) discovered a new attack, "Zombieland" some time before intel launched their new "secure" processor generation and also before intel made a public announcement about their processors being secure thanks to their patches.

As soon as intel learned about the danger they put an embargo on the scientist and later prolonged it to Nov. 12. Now, such an embargo is not uncommon or unreasonable per se; after all everyone wants that a manufacturer, in this case intel, gets some time to fix the problem. But intel instead made announcements about their processors to be secure and prolonged the embargo so that nobody would learn the truth. In other words: intel lied and betrayed everyone, their large customers as well as us the small end customers.

"But those researchers are not bound by intels diktat!" you say? Well, theoretically they are not, they are employees of a "free" university. Factually however they are because intel sponsors the university of Graz (just like some other universities), so the university administration is in a place between a rock and hard place. The end result was anyway that the researchers stayed mum till Nov. 12.

Here's the link -> https://zombieloadattack.com/

Important: Note that even "MDS resistant" CPUs from intel do not protect against Zombieland. The only protection working so far seems to be to disable both TSX and Hyperthreading - which cuts deeply into providers income.

Or simply BUY AMD!

«13

Comments

  • Should have bought stocks.

  • raindog308raindog308 Administrator, Veteran

    I think this vuln has the best Intel processor vulnerability logo so far.

    image

  • All those vulns... Anyone implemented them in the real world? Any real damage done?

  • well, Intel seems to be going down the drain lately, and i'm not talking just about exploits, its sort of following the trend of post-Jobs Apple

    with the new Ryzen processors I think AMD will start to be a solid alternative

  • Oh noes teh zomebiz are nigh!

  • hostdarehostdare Member, Patron Provider

  • jackbjackb Member, Host Rep
    edited November 2019

    Looks like it hits nested virt too.

    Unfortunately, Variant 1 is always possible, if the
    attacker can identify an alias mapping of any accessible user page
    in the kernel. This is especially true if the attacker is running in or
    can create a virtual machine. Hence, we also recommend disabling
    VT-x on systems that do not need to run virtual machines.

  • Maybe I can buy high core count Xeons with supermicro boards cheaply from Ebay for personal use since it looks like the server market will massively dump Intel because this is an architectural flaw no amount of micro code can fix. Home machines are mostly single user so this issue is moot.

    Or maybe I am just dreaming..

  • @poisson said:

    Won't you be wasting lots of money on electricity?

  • Does this mean providers that offer true "dedicated cores" are less susceptible (not immune) to some of the attacks?

  • jsgjsg Member, Resident Benchmarker

    @k9banger said:
    Does this mean providers that offer true "dedicated cores" are less susceptible (not immune) to some of the attacks?

    No, usually not. Reason: Most dedicated cores are actually hardware hyperthreads.

    Thanked by 1poisson
  • @jsg said:
    You thought, you are secure at least with the new Cascade Lake processors from intel and, if installing intels patches, on older intel processors too? You are wrong.

    (Meanwhile quite well known) researchers at the university of Graz (Austria) discovered a new attack, "Zombieland" some time before intel launched their new "secure" processor generation and also before intel made a public announcement about their processors being secure thanks to their patches.

    As soon as intel learned about the danger they put an embargo on the scientist and later prolonged it to Nov. 12. Now, such an embargo is not uncommon or unreasonable per se; after all everyone wants that a manufacturer, in this case intel, gets some time to fix the problem. But intel instead made announcements about their processors to be secure and prolonged the embargo so that nobody would learn the truth. In other words: intel lied and betrayed everyone, their large customers as well as us the small end customers.

    "But those researchers are not bound by intels diktat!" you say? Well, theoretically they are not, they are employees of a "free" university. Factually however they are because intel sponsors the university of Graz (just like some other universities), so the university administration is in a place between a rock and hard place. The end result was anyway that the researchers stayed mum till Nov. 12.

    Here's the link -> https://zombieloadattack.com/

    Important: Note that even "MDS resistant" CPUs from intel do not protect against Zombieland. The only protection working so far seems to be to disable both TSX and Hyperthreading - which cuts deeply into providers income.

    Or simply BUY AMD!

    Nice and informative - as usual. :)

    I've had great luck with AMD desktop video cards (Sapphire made especially) - both with Windows and Linux, but haven't used AMD CPU-s since the Athlon was a no-brainer to buy, compared to contemporary Intel offers.

    Since the emerge of Ryzen 3rd generation, I'm seriously considering to make my next CPU an AMD again. However, local computer/tech forums are full of AMD CPU BIOS/motherboard peculiarities - unlike Intel.

    Don't know if it's similar in the server department.

    That is my main worry with AMD - like new x570 motherboards requiring a cooler for the chipset - on top of worries about RAM module compatibility, working frequency etc.

    Thanked by 1jsg
  • jsgjsg Member, Resident Benchmarker

    @bikegremlin said:
    Nice and informative - as usual. :)

    Thanks for the compliment.

    Since the emerge of Ryzen 3rd generation,... However, local computer/tech forums are full of AMD CPU BIOS/motherboard peculiarities - unlike Intel.

    I think that's due to a large degree to overclocking and similar "games". I have a Ryzen 8 core processor since quite early on and I had no problems whatsoever except for some RAM speed problems but those were due to very early BIOS versions and are fixed since a long time.

    I would suggest to go with either a Asus or Asrock mainboard (I only had good experiences with those) or with an MSI one (MSI seems to be well supported by AMD).

    And stay away from funny (actually greedy) "tuning" and overclocking experiments. Ryzens with decent memory are really fast beasts anyway. There is simply no need to squeeze out more performance.

    Disclaimer: I don't care at all about gaming and graphics cards. What I need and care for is reliability and decent speed.

    Thanked by 2poisson vimalware
  • Tapping on some collective knowledge here. Which of the providers in my white list offers AMD servers? I only know one because I bought my box from that provider (a key reason was because it is an AMD box that's very competitively priced). I just want to add an annotation next to the provider if it offers AMD servers so that people know where to find a reliable provider if they are concerned and wish to switch.

  • @bikegremlin said:
    Nice and informative - as usual. :)

    I've had great luck with AMD desktop video cards (Sapphire made especially) - both with Windows and Linux, but haven't used AMD CPU-s since the Athlon was a no-brainer to buy, compared to contemporary Intel offers.

    Since the emerge of Ryzen 3rd generation, I'm seriously considering to make my next CPU an AMD again. However, local computer/tech forums are full of AMD CPU BIOS/motherboard peculiarities - unlike Intel.

    Don't know if it's similar in the server department.

    That is my main worry with AMD - like new x570 motherboards requiring a cooler for the chipset - on top of worries about RAM module compatibility, working frequency etc.

    As @jsg said, most of the problems have been sorted out. There is another reason to buy AMD because of future proofing. The AM4 socket will continue to be used by AMD for the foreseeable future; AMD has announced that they do not see any technical reasons to change the socket unless they reach an inflection point where they do not have a choice but to change the socket.

    This means that if even if you buy a used AM4 motherboard on the cheap now, it will support the latest and greatest AMD processor with a BIOS update, and it will continue to do so for the next couple of years with a mere BIOS update. You save money (and the environment) upgrading in future.

  • @poisson said:
    Tapping on some collective knowledge here. Which of the providers in my white list offers AMD servers? I only know one because I bought my box from that provider (a key reason was because it is an AMD box that's very competitively priced). I just want to add an annotation next to the provider if it offers AMD servers so that people know where to find a reliable provider if they are concerned and wish to switch.

    Just did a quick search and seems like for VPS, I mostly see ExtraVM and Nexus Bytes in selected location. Updated accordingly.

    Thanked by 1ITLabs
  • @jsg said:

    @bikegremlin said:
    Nice and informative - as usual. :)

    Thanks for the compliment.

    Since the emerge of Ryzen 3rd generation,... However, local computer/tech forums are full of AMD CPU BIOS/motherboard peculiarities - unlike Intel.

    I think that's due to a large degree to overclocking and similar "games". I have a Ryzen 8 core processor since quite early on and I had no problems whatsoever except for some RAM speed problems but those were due to very early BIOS versions and are fixed since a long time.

    I would suggest to go with either a Asus or Asrock mainboard (I only had good experiences with those) or with an MSI one (MSI seems to be well supported by AMD).

    And stay away from funny (actually greedy) "tuning" and overclocking experiments. Ryzens with decent memory are really fast beasts anyway. There is simply no need to squeeze out more performance.

    Disclaimer: I don't care at all about gaming and graphics cards. What I need and care for is reliability and decent speed.

    My (old fashioned?) logic with using a separate (discreet?) graphic card is that budget ("low-midrange") ones are too cheap to not use them - and relieve the CPU and RAM of the extra burden. Laptop being an exception - power saving is primary goal there for me at least (autonomy).

    For motherboards - I've had good luck with Gigabyte in the previous decade - how does it fare with Ryzen?
    MSI is widely available and relatively well regarded with AMD here.
    Your first recommendation would be Asus?

    As for overclocking - never been a fan of it. Stability, durability and long lasting (while running cool with as little fan noise as possible) are more important for me.
    With new CPU-s, it's getting to the point of being more expensive than buying a better CPU - when you add all the extra costs for better cooling, power supply, more expensive motherboard that is required for that, more expensive RAM - plus the hassle to "find the sweet spot" where it doesn't crash too often. :)
    Seems to be a purpose in itself - for those who do it as a hobby.

  • @jsg said: Important: Note that even "MDS resistant" CPUs from intel do not protect against Zombieland.

    "Zombieland"? (It's Zombieload.)

    jsg said: In other words: intel lied and betrayed everyone, their large customers as well as us the small end customers.

    Is the dramatic "lie and betrayal" account your personal spin on what happened, or is the "lie and betrayal" account also corroborated by others?

  • @angstrom said:
    Is the dramatic "lie and betrayal" account your personal spin on what happened, or is the "lie and betrayal" account also corroborated by others?

    I read it as his opinion, but Intel really didn't do the right thing by embargoing the information and profiting from 6 months of knowingly selling stuff with known security vulnerabilities. If you are a big DC who ordered hundreds of Intel servers during that period, you are so going to be pissed.

  • angstromangstrom Moderator
    edited November 2019

    @poisson said:

    @angstrom said:
    Is the dramatic "lie and betrayal" account your personal spin on what happened, or is the "lie and betrayal" account also corroborated by others?

    I read it as his opinion, but Intel really didn't do the right thing by embargoing the information and profiting from 6 months of knowingly selling stuff with known security vulnerabilities. If you are a big DC who ordered hundreds of Intel servers during that period, you are so going to be pissed.

    Even @jsg doesn't object to the embargo (nor do I), so the embargo itself doesn't lead to a "lie and betrayal" reading. (Furthermore, this kind of embargo is standard practice.)

    Thanked by 1ITLabs
  • @poisson said: If you are a big DC who ordered hundreds of Intel servers during that period, you are so going to be pissed.

    Well, given the recent history of hardware vulnerabilities on Intel, any DC who ordered hundreds of Intel servers during the past six months shouldn't have had any illusions.

    Anyway, isn't the price a big reason why DCs order Intel servers?

  • @angstrom said:
    Even @jsg doesn't object to the embargo (nor do I), so the embargo itself doesn't lead to a "lie and betrayal" reading. (Furthermore, this kind of embargo is standard practice.)

    Personally, I don't really agree with the embargo even if it is standard practice. I think decisions to purchase would have most certainly changed with this piece of information added to the mix.

    Thanked by 1pepa65
  • @poisson said:

    @angstrom said:
    Even @jsg doesn't object to the embargo (nor do I), so the embargo itself doesn't lead to a "lie and betrayal" reading. (Furthermore, this kind of embargo is standard practice.)

    Personally, I don't really agree with the embargo even if it is standard practice. I think decisions to purchase would have most certainly changed with this piece of information added to the mix.

    Software vulnerabilities are sometimes embargoed as well.

    Naturally, if Intel is already a villain according to one's narrative, it won't be easy to upset that narrative.

    The reality is that such hardware vulnerabilities need to be further tested, studied, and understood, and this takes time. Potential workarounds or fixes also have to be considered and studied. An embargo allows for this work to be done without having to worry about rogue actors trying to exploit the vulnerabilities. I don't see why this is a bad thing.

    Thanked by 1bikegremlin
  • @angstrom said:
    Software vulnerabilities are sometimes embargoed as well.

    Naturally, if Intel is already a villain according to one's narrative, it won't be easy to upset that narrative.

    The reality is that such hardware vulnerabilities need to be further tested, studied, and understood, and this takes time. Potential workarounds or fixes also have to be considered and studied. An embargo allows for this work to be done without having to worry about rogue actors trying to exploit the vulnerabilities. I don't see why this is a bad thing.

    It's not a bad thing; it depends on perspective. I think potential buyers need to evaluate the risk of rogue actors possibly exploiting the vulnerability in making a decision whether to buy the platform or not. It is one thing if the vulnerability has yet to be discovered; it is another thing when it is known and embargoed. Embargoing a known vulnerability does not mean that the risk is an insignificant factor. It still needs to be factored in for making purchases that are supposed to be in service for many years.

  • angstromangstrom Moderator
    edited November 2019

    @poisson said:

    @angstrom said:
    Software vulnerabilities are sometimes embargoed as well.

    Naturally, if Intel is already a villain according to one's narrative, it won't be easy to upset that narrative.

    The reality is that such hardware vulnerabilities need to be further tested, studied, and understood, and this takes time. Potential workarounds or fixes also have to be considered and studied. An embargo allows for this work to be done without having to worry about rogue actors trying to exploit the vulnerabilities. I don't see why this is a bad thing.

    It's not a bad thing; it depends on perspective. I think potential buyers need to evaluate the risk of rogue actors possibly exploiting the vulnerability in making a decision whether to buy the platform or not. It is one thing if the vulnerability has yet to be discovered; it is another thing when it is known and embargoed. Embargoing a known vulnerability does not mean that the risk is an insignificant factor. It still needs to be factored in for making purchases that are supposed to be in service for many years.

    The practical problem is that you can't have both an embargo and full disclosure at the same time, and the only temporal order that makes sense is first an embargo, then full disclosure.

    Yes, this means that if someone bought an Intel computer (server, desktop, laptop) over the past six months (and many people did), they didn't know about ZombieLoad due to the embargo even though Intel knew about ZombieLoad.

    A person who purchased an Intel computer in this period could then try to sue Intel, arguing that such an embargo is illegal, but as far as I'm aware, such an embargo isn't illegal. Or the person who try to sue Intel, arguing that they wouldn't have purchased the Intel computer if they had known about ZombieLoad. I doubt that this argument would succeed in court (because it would depend on the embargo being invalid), but who knows until someone tries to sue Intel on this basis. The person's case would also be weakened if there's a fix or workaround for ZombieLoad available (e.g., turn off hyperthreading).

  • poissonpoisson Member
    edited November 2019

    @angstrom said:
    A person who purchased an Intel computer in this period could then try to sue Intel, arguing that such an embargo is illegal, but as far as I'm aware, such an embargo isn't illegal. Or the person who try to sue Intel, arguing that they wouldn't have purchased the Intel computer if they had known about ZombieLoad. I doubt that this argument would succeed in court (because it would depend on the embargo being invalid), but who knows until someone tries to sue Intel on this basis. The person's case would also be weakened if there's a fix or workaround for ZombieLoad available (e.g., turn off hyperthreading).

    This is my point. If I need hyperthreading technology, I need to have all the information to evaluate which hyperthreading technology I would choose (Intel versus AMD). If Intel knowingly sold me something that had a vulnerability they knew but didn't tell me and something happens to me as a result during the time they were patching it, will Intel take full responsibility for the losses? I bet you Intel will fight and say that "oh, such issues are common".

    Sure, such issues are normal but that's Intel's issue. As a customer, I should not be blindfolded and misled. It is another matter if Intel was blind to it as well. Intel wasn't blind, but they chose to pretend as if they were. Not sure how that is defensible.

  • jsgjsg Member, Resident Benchmarker
    edited November 2019

    Statements after angstrom's heinous and disgraceful personal attack:

    @angstrom said:

    jsg said: In other words: intel lied and betrayed everyone, their large customers as well as us the small end customers.

    Is the dramatic "lie and betrayal" account your personal spin on what happened, or is the "lie and betrayal" account also corroborated by others?

    Yes it is. And in fact I provided a link to the researchers web site so everyone could develop his own opinion.

    As you are obviously unwilling to get the evolution from the site of the researchers themselves, I'll break it down for you:

    • We are talking about a group of researchers that already discovered Meltdown and Spectre about a year earlier.

    • In April 2019 the researchers had access (not via intel) to some early Cascade Lake processors and found that those brand new processors were not immune against Zombieload.

    • The researchers contacted intel which lead to a (mutually agreed) embargo to provide the opportunity to intel to fix the problem.

    • intel however - well knowing about their new processors being vulnerable - went ahead one month later and publicly announced that their new processors were protected/immune against the known vulnerabilities.

    • At about the same time it became known that (at least) all earlier intel processors were vulnerable.

    • As soon as the embargo ended the researchers published the vulnerability of the new Cascade Lake processors.

    ==> ergo: Intel did lie and betray its customers.

    When intel publicly announced that Cascade Lake processors were immune they knew and did have concrete research information since about a month - yet they chose to lie.

    intel also knew about the horrific consequences of their lie. They knew that for example hosting providers would loose a very significant part of their income if they decided to apply the only mitigation left to them: to disable hyperthreading and to such loose 50% of the cores they purchased based on intels announcement.

    Note that some operating systems were taking that drastic route too. They disabled hyperthreading by default.

    @jsg said: Important: Note that even "MDS resistant" CPUs from intel do not protect against Zombieland.

    "Zombieland"? (It's Zombieload.)

    You are right, I somehow got the name confused - BUT I provided a link to the source so everyone could get the correct information and name.

    Unfortunately one single person chose to use my mistake for a cheap shot at myself.

    @angstrom said:
    Even @jsg doesn't object to the embargo ...

    That is correct. But there is a decisive but: An embargo is meant to provide the concerned company/group with some time to fix the problem and in effect to create the optimal outcome for all.
    intel however abused the embargo to establish their new processor generation, which was announced to be immune - but was not and intel knew that - on the market and to sell as many as possible in order to (next to other reasons) create a factual situation advantageous for them.

    That's why I do not criticise the embargo per se but intels gross and fraudulent abuse of it.

    Thanked by 2poisson bikegremlin
  • @jsg

    "intel however - well knowing about their new processors being vulnerable - went ahead one month later and publicly announced that their new processors were protected/immune against the known vulnerabilities."

    I can't speak to @angstrom's issue, but the zombieload website makes no such claim. I really wanted to see the quote from Intel to see what they specifically claimed. Since it was public a link or quote would have been nice. Since that is central to the "lie", I see it as basic requirement of your argument to hold water.

  • jsgjsg Member, Resident Benchmarker
    edited November 2019

    @TimboJones said:
    ... Since that is central to the "lie", I see it as basic requirement of your argument to hold water.

    No. You often mix that up. What you mean is that YOU want proof in order to consider my statement to "hold water".

    But as I'm very friendly and patient (actually too friendly and patient with some here ...), here you go -> https://mdsattacks.com/#ridl-ng
    Just scroll down to "Known Timeline". intels announcements are public and hence public knowledge.

    There are also other articles. But as we know by now, looking for information yourself is not your thing. You prefer to play games (like "your statement doesn't hold water") in order to push others to serve everything ready for your consumption.

  • zombie land 2 was p gud ngl

Sign In or Register to comment.