a new intel-specific CPU vulnerability has been discovered: https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html
- can be used to leak data between processes, hyperthreads, SGX enclaves, etc
- effects core and xeon CPUs
- CPUs with meltdown mitigations are less effected, but still vulnerable
- this is a hardware issue - OS independent
- can be mitigated by disabling hyperthreading
- proof of concept - one thread is able to access URLs typed into firefox (a different thread)
@lynnesbian that the URL is heise.de is incredibly funny to me
@lynnesbian CPUs are just a bunch of sand we tricked into thinking
@lynnesbian Ubuntu released an update for their Intel microcode package yesterday, which I assume disables HyperThreading as per the recommended fix.
Also, I find it hilarious that Intel has had this fixed for two years as evidenced by the last two generations of their CPUs being unaffected, but only now decided to tell us for the older ones.
And by hilarious, I mean fucked up.
@lynnesbian Just as a source on this, since the article you linked makes no mention of it:
"The vulnerability affects most of the company’s processor SKUs, except the 8th and 9th generation chips, which Intel said includes hardware mitigations against this flaw."
@uint8_t @lynnesbian Yup. I 100% believe that they deliberately delayed it so they could use it for planned obsolescence purposes similar to Google's Play Services and Apple's iOS updates slowing down older systems for no reason other than to "encourage" users to buy new versions of the same hardware they bought 2 years ago.
But if Intel tells us about the problem when its current model line is already fixed, it's just an image loss, and does not necessarily steer revenue toward AMD.
@lynnesbian darn i guess i shud be worried about my cloud data being insecure
@lynnesbian is this the same or different than before?
@email@example.com's anti-chud pro-skub instance for funtimes