All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Listen to your VPS Neighbours on intel Servers
Ever wondered what those noisy Neighbours are doing on your VPS Host?
Now you can find out using intels latest vulnerability "Zombieload". It allows processes to listen to other processes on the same core, which is maybe not so problematic on PCs but more so on shared servers like VPS hosts.
_
"While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys."_
It was discovered by the guys who uncovered Spectre:
https://zombieloadattack.com/
https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html
Comments
Just adding another reference:
https://www.wired.com/story/intel-mds-attack-speculative-execution-buffer/
I like the names they give them, I'd like the next few to be called crustexploder and honeybottom
That looks bad, well now we are fucked.
The safest workaround to prevent this extremely powerful attack is running trusted and untrusted applications on different physical machines.
If this is not feasible in given contexts, disabling Hyperthreading completely represents the safest mitigation. This does not, however, close the door on attacks on system call return paths that leak data from kernel space to user space.
Just get yourself cheap ARM box, for small stuff.
Now that's gross... :-/
It would be best to just disable hyperthreading altogether on sensitive hypervisors at this point. I did this on my Qubes OS workstation when Foreshadow was revealed. Hypervisors are still vulnerable to Foreshadow with SMT (hyperthreading) enabled.
I guess my plan to migrate everything to VPS is gone.
Lmao Intel, thank god last time i used an Intel processor was in 2007
Turn up the Eagles
RedHat article https://access.redhat.com/security/vulnerabilities/mds
Qemu/libvirt/microcode/kernel patches are in repos. Reboot is required.
Anyone ran benchmarks on these?
How much %% is that gonna cost?
Some low end boxes will perform badly
How does AMD's SMT differ from Intel's HT?
Some different sorcery!
Virtualization is going to be affected a lot. For one, disabling hyper threading actually brings quite a bit of performance penalty on systems with many VMs. Note that this is mainly true for KVM and doesn't matter that much for OpenVZ. Performance hit from disabling HT alone can be as much as… 50% in cloud KVM environments (those numbers are from Red Hat).
RedHat:
ˆˆ So basically virtualization and network stuff.
That's it - from now on I'm only buying CPUs with reprogrammable microcode.
It's more like we need to move on from x86.
Well, Raspberry Pi Zero costs 5$, W costs 10$ and you can order already cheap ARM boards from china for about 10$.
They draw you like 5$/y on power, for small applications.
Can hacker program microcode remotely?
But, but, but...
damn..., Intel, you are such a disappointment.
AMD stock, will keep rising.
No, it'll have to be loaded in from 8" floppy disk (like on the Dec Vax 11/780).
For Fucks Sake....
Well that is that then, I will not stand up another intel server in the short to medium term, probably long term.
I am tired of your shit intel.
Will AMD have another hidden bomb(s) waiting to go off?
Really hard to make investment decision. May have to strike deal with supplier that if these kinds of flaws (require major slow down because of patching) were to be discovered, they need to recall or provide relief on new purchases. So, Intel/AMD will know it is serious.
Its not that hard, intel = for sure swiss cheese, amd = might be but with less holes (so far) and not a lot of difference for end user real world performance.
Still Intel > AMD lol
oh ok then, when you put it like that, i had not considered the greater than+lol perspective!
@Hetzner_OL You installed MDS patch?
I'm not a provider
So work around would be to disable Hyper Threading on all Intel CPUs to mitigate this?
Apply patches?
Is it really a serious issue for cloud hosting?
In the section "Cross-VM Covert Channel" of their paper, they used a highly optimized "sender" that repeatedly loads specially crafted messages from L1 cache to registers, yet they only achieved 1.99kbit/s transmission rate. In a realistic cloud hosting environment, you have to actively "listen" (sample) for very long and filter out lots of noises to have anything remotely interesting.