New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Ahh for fucks saks, Intel. What s time to be AMD..
Those names
I wonder who gives those attack names.
P.S. Again, non-real-world exploitable 'attack'. Ignored.
its @Gam3over for Intel
The paper doesn't mention thunderbolt once smh.
"Plundervolt needs to run from an app on an infected host with root or admin privileges. This is not an impossible attack scenario, but this will require some social engineering and additional exploits -- if Plundervolt is to be used in the wild.
Additionally, Plundervolt doesn't work from within virtualized environments, such as virtual machines and cloud computing services, where the host OS usually restricts the guest OS from accessing the interface that manages the CPU's voltage and frequency."
"Nonetheless, Plundervolt is a serious issue. The research team said it notified Intel in June, and the vendor has worked tirelessly to prepare patches."
Will we trash AMD once it is the target of security researcher?
I really don't get why vulnerabilities that require root/admin privileges are even worth mentioning? If something malicious already has root/admin-level privileges, then it's a done deal at that point.
Just more "security researchers" trying to make a name for themselves in my eyes.
No doubt. Not even single slightest doubt.
I guess Intel will refuse to refound like @Gam3over?
Sounds like it is because SGX is supposed to prevent exposing data in exactly this scenario (where another app has root privilege). Some kind of hardware-level isolation according to the zdnet article.
@dfroe no refounds
If you ask me, this is like herpes: the stigma (of being Intel) is actually worse than the condition (the security vulnerability) itself.
funniest thing is the intel fix:
so the fix is to disable the service, great
^ That'll work. :-|
Sounds familiar: hyperthreading
Yes, AMD Epyc is more secure for servers than intels SGX. Does that mean intel is all but dead ("Game over")? I have doubts.
More details and a better explanation/primer -> https://www.lowendtalk.com/discussion/162043/amd-vs-intel-security-primer
It is still better than "security researchers being killed to mitigate security issues".
Feels good to finally be able to go AMD, even if this isn't the worst exploit to date for Intel. Watching my Intel CPU slowly lose performance with all of the mitigations was sad. It's nice to finally be rid of a company that doesn't even try to keep backwards compatibility for new CPU generations.
Is there a list of impacted CPUs are just everything (for consumers) between 6th gen to 10th gen?