ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. meltdown
    Log in to post
    • All categories
    • Dashrender

      laptop slow after installing Spectre/Meltdown mitigations
      IT Discussion • slowness amd spectre meltdown • • Dashrender

      8
      0
      Votes
      8
      Posts
      222
      Views

      Dashrender

      @Pete-S said in laptop slow after installing Spectre/Meltdown mitigations:

      Wasn't the bios also involved in these mitigations?

      In so much as a micro-code patches for the processors are concerned - yes. My processor is updated to the most current, Oct 2019. Doesn't matter - performance still sucks!

      I applied these reg changes, rebooted - then applied a script I've done many times before. It was amazing how slow the script ran compared to other machines. I took a video, I'll see about posting it later.

    • mlnews

      Spectre, Meltdown researchers unveil 7 more speculative execution attacks
      News • intel cpu security ars technica meltdown spectre • • mlnews

      1
      1
      Votes
      1
      Posts
      224
      Views

      No one has replied

    • IRJ

      Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical
      IT Discussion • spectre meltdown intel amd • • IRJ

      7
      3
      Votes
      7
      Posts
      710
      Views

      scottalanmiller

      @kelly said in Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical:

      @tim_g said in Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical:

      Wow....

      But how practical is it to not only first exploit the Spectre vulnerability, but then to get any useful data from most likely other unknown shared VMs on the same box? (really, only on a shared hosting provider host is where 99.9% of the threat is)

      This stuff is discarded speculative cached data... maybe a thumbnail you won't be viewing (if it goes that big), or maybe a few bits leading in that direction... maybe credentials (that are encrypted anyways)...

      It seems like all you can do is "fish" for unknown discarded speculative data... it doesn't really sound like a huge practical threat, however, I do see the severity and horrible potential of it, just not the practicality.

      Here is how I see it playing out in the larger world. Bad actors will be spinning up VMs on hosting providers' hardware, and then trolling for data of cohosted VMs. It isn't a large problem in a secure environment where the list of people who can spin up VMs also have the credentials necessary to make a Spectre-ng attack a waste of time and energy.

      Also worth noting, in a cloud environment the data that can be caught this way is essentially random and ephemeral. What works today won't work tomorrow, and whose data you are getting is normally unknown. The scale and anonymity of cloud computing makes these attacks more possible, but less effective, almost to the point of useless.

    • steve

      ML May 2 Planned Downtime
      Announcements • spectre meltdown patching mangolassi • • steve

      9
      7
      Votes
      9
      Posts
      918
      Views

      BRRABill

      FFS that is when I was planning to tag all my old threads.

    • mlnews

      Windows 7 "Total Meltdown" from MS Meltdown Patch, Major Security Vulnerability
      IT Discussion • windows 7 windows security meltdown microsoft patch toms hardware • • mlnews

      7
      3
      Votes
      7
      Posts
      879
      Views

      Obsolesce

      You see! This is why you shouldn't patch!

    • scottalanmiller

      Meltdown Shows Why to Avoid LTS Releases
      IT Discussion • linux meltdown zdnet security patching centos fedora ubuntu long term support • • scottalanmiller

      5
      2
      Votes
      5
      Posts
      655
      Views

      scottalanmiller

      @black3dynamite said in Meltdown Shows Why to Avoid LTS Releases:

      What makes Red Hat and SUSE exempt compare to CentOS and OpenSUSE leap? Because we are paying for the support?

      Nothing makes them exempt, they ARE CentOS and Leap, just paid for instead of free. They suffer just the same.

    • mlnews

      Spectre and Meltdown Patches Causing Trouble as Realistic Attacks Approach
      News • ars technica meltdown intel spectre security • • mlnews

      1
      0
      Votes
      1
      Posts
      517
      Views

      No one has replied

    • mlnews

      Basics of Spectre and Meltdown Video
      News • spectre intel meltdown cpu video • • mlnews

      20
      2
      Votes
      20
      Posts
      1430
      Views

      stacksofplates

      @scottalanmiller said in Basics of Spectre and Meltdown Video:

      or not on Intel,

      Spectre is everyone. So my point still stands here.

    • scale

      Intel Meltdown and Spectre Vulnerabilities and the Scale HC3
      Scale Legion • meltdown spectre intel scale scale hc3 • • scale

      1
      3
      Votes
      1
      Posts
      463
      Views

      No one has replied

    • scale

      Spectre and Meltdown fixes: How will they affect storage?
      News • meltdown spectre storage el reg • • scale

      1
      2
      Votes
      1
      Posts
      590
      Views

      No one has replied