/tech/ - Technology

A Technical Place

Posting mode: Reply

Check to confirm you're not a robot
Drawing x size canvas

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Catalog | Bottom

Expand All Images

Anyone following the Intel vulnerability? Anonymous 01/05/2018 (Fri) 00:57:21 [Preview] No. 12159
The "Meltdown" and "Spectre" thing. Here:

Does it have any connection with the Sandsifter research?

Anonymous 01/05/2018 (Fri) 06:43:58 [Preview] No.12160 del
(113.34 KB 436x404 ac9.png)
From what I can tell, meltdown and spectre are problems involving the order in which the CPU's implement instructions due to speed optimizations.
Sandsifters is checking for unknown instructions, not the order of the instructions.

Also, I think Spectre affects both AMD and ARM as well, while Meltdown affects mainly Intel.

Anonymous 01/05/2018 (Fri) 23:54:44 [Preview] No.12161 del
(59.19 KB 736x825 feels.jpg)
Ok, thanks.

Anonymous 01/06/2018 (Sat) 09:49:37 [Preview] No.12163 del
Yeah but spectre is basically nothing, it's come out at the same time as meltdown to soften the blow to Intels' image but it takes months to achieve and even then it's theory. It's pretty much an NSA only level attack and still it's apparently hit or miss.
The real news is meltdown which is a huge fuck up from Intel and the fact the CEO sold off all that stock which is insider trading.

Anonymous 01/06/2018 (Sat) 11:00:53 [Preview] No.12164 del


>Intel Hit With Class Action Lawsuits Over ‘Meltdown’ Security Flaw

Anonymous 01/07/2018 (Sun) 16:52:18 [Preview] No.12166 del

Anonymous 01/07/2018 (Sun) 16:55:17 [Preview] No.12167 del
(53.27 MB 9999x9999 intel_collage.jpg)
The picture isn't going through. Maybe jpeg will work.

Anonymous 01/07/2018 (Sun) 17:11:18 [Preview] No.12168 del
Maybe because it's a 55MB jpeg. Resize and compress this thing, please.
Also, for graphics use png (pngquant), not jpg.

Anonymous 01/07/2018 (Sun) 20:43:40 [Preview] No.12169 del
Well fuck me. I have been hoarding old IBM ThinkPads, thinking they were secure machines. There were also some sayings that even MIPS, POWER 8 and POWER 9 were affected.

If you wanted to be safe, airgapping your machines would be the best bet or having a ARM-based computer work as a strict firewall and share internet via a LibreWRT powered router. Pinebook64 sure does look tempting since it has ARM A53 and it wasn't affected by any of these apparantely.

https://archive.is/bkQeh (link to ARM website giving information about affected chips) (pic2)

Anonymous 01/08/2018 (Mon) 09:21:13 [Preview] No.12171 del
Throw the guts, design a MIPS board, put the board inside and you are good to go.

>64-bit ARM

Anonymous 01/08/2018 (Mon) 11:08:39 [Preview] No.12172 del
This shit list is ancient, many advice noe defunct tks to Spectre. MMU needs needs to be rethought, if not completely removed.
>>>/os/ iirc is gone

Anonymous 01/08/2018 (Mon) 18:58:53 [Preview] No.12174 del
Mips or risc-v?

Anonymous 01/08/2018 (Mon) 22:58:23 [Preview] No.12175 del
>many advice noe defunct tks to Spectre
Such as...

Anonymous 01/10/2018 (Wed) 01:16:45 [Preview] No.12179 del
"Intel engineers attended the same conferences as other company engineers, and read the same papers about performance enhancing strategies – so it is hard to believe they ignored the risky aspects. I bet they were instructed to ignore the risk," - deraadt

Holy smokes. He also thinks that way.
It's one of the (possibly) many backdoors from some security agency.


Anonymous 01/17/2018 (Wed) 03:11:42 [Preview] No.12209 del
Doesn't this mean we now have a reliable way to hack just about any computer back to 1997? That is good news if there are any video game consoles that haven't been hacked yet. They should use this to crack all of the latest systems and get around any patches made to the PS3 or other old systems.

Anonymous 01/17/2018 (Wed) 08:00:10 [Preview] No.12213 del
Spectre is kind of a big nothing. Meltdown is the real bug, which doesn't affect risc systems like game consoles.

Anonymous 01/17/2018 (Wed) 20:35:43 [Preview] No.12214 del
Not the same guy, but, PS4 is not RISC, it's CISC, from what I know. I think xBox is CISC too.
Only PS3 used a Cell processor...
But Meltdown would only allow to get the memory, not to take over the "anti-cracking" system, because it probably needs a Sony server authentication.

Anonymous 01/23/2018 (Tue) 00:09:33 [Preview] No.12266 del
Linus wrote: "So somebody isn't telling the truth here. Somebody is pushing complete garbage for unclear reasons. Sorry for having to point that out. [...] As it is, the patches are COMPLETE AND UTTER GARBAGE. [...] WHAT THE F*CK IS GOING ON?"


I think it's pretty obvious, but: don't buy Intel.

Anonymous 01/23/2018 (Tue) 00:27:01 [Preview] No.12267 del
I doubt this is a "security flaw"... it looks like another newly discovered BACKDOOR!

Anonymous 01/23/2018 (Tue) 00:34:27 [Preview] No.12268 del
>I think it's pretty obvious, but: don't buy Intel.

Its way beyond worse than that. EVERYTHING - EVERY-FUCKING-COMPUTER manufactured has mandated physical backdoors enabled for intelligence agencies. Multiple layers, built in 3G chips within the motherboard, etc. You can't get away from it.

I will tell you a tip: your computer is your enemy, not your friend. It is a gateway to spy on everything you do. Start treating it like one. Cover up the camera. Rip out the microphone. Unplug the Wifi & Bluetooth cards. Don't put personal info into the computer. Use a trusted private VPN service, always. Store shit on flashdrives or discs and unplug them when not being used. Forward secrecy 100%. When you don't use the internet, unplug your modem, unplug your computer, turn it off and faraday cage that fucking thing below ground, in a separate room. There. That's security.

Anonymous 01/23/2018 (Tue) 03:04:40 [Preview] No.12270 del
>Me is on a separate CPU
From what I know it's just microcode running minix, there's no physical separation.

You should not trust a random anon. It's most probably fake, although it's true that most of the hardware today is backdoored. I personally think Meltdown is a backdoor. I imagine how many others is there, looking to be discovered and being used now to crack into China/Russia billionary transactions and watch Putin drinking a good vodka with NK military agents.

>your computer is your enemy
It's not. People are the enemy, not a machine.

You forgot to add that internet itself is also fucked. The billions the spend on submarine cables now companies owned by CenturyLink, Verizon, GCX and Zayo Group is not free from charges. IBM, DXC (HP) and Atos Origin are doing deep packet inspection on all connections these days.
Amazon, Akamai and Alphabet owns the first level interation (where the information is extracted) and then it's analysed by the companies above.

It's sad the capacity humans have to destroy beautiful things.

Anonymous 01/23/2018 (Tue) 18:42:38 [Preview] No.12271 del
If that turns image out to be true, I will get my ribs removed and suck my won dick.

Although Linus makes a good point here, something is very off here, they either aren't coming clean that this is worse than they make out or this is actually a huge fucking backdoor.

Anonymous 01/23/2018 (Tue) 18:47:20 [Preview] No.12272 del
We knew that Intel imbedded 3G in their processors since 2011. Any computer you use that has been manufactures post 2011 has built-in WiFi (which you CANNOT takeout) and cannot be air-gapped properly. This was mandated by the govt, supposedly, because they did not want "criminals" air-gapping their systems.

Anonymous 01/23/2018 (Tue) 19:01:30 [Preview] No.12273 del
(60.73 KB 630x473 WE WATCH YOU.jpg)
>It's not. People are the enemy, not a machine.

True. But these evil creeps have compromised the machines we use and therefore we are stuck with enemy-compromised machinery (unless we build our own from scratch).

That said, yes the whole internet is completely unsecure. To simply air-gap a computer now you need to still be using a computer tower built from the '90s with a physical modem and ethernet connection. You need to physically remove (or cover up) cameras and microphones that are built-in. You should always be using a private encrypted VPN service, with browser safety features like spoofing the browser agent string with blender, using noscript to block third parties, routinely wiping out browser history/cookies (now all stored in sqlite db), HTTPS only, disabling all the other unsecure chrome features in about:config and so an and so forth... disc encryption to forward secrecy.

This is the only way we can defeat this today unless we can build our own machines, and then obfuscate / encrypt the communications which would take a lot of tech savvy work, time and money.

If you use a newer machine, anything new, expect to be compromised right off the bat.

Anonymous 01/24/2018 (Wed) 02:15:50 [Preview] No.12276 del
>Intel imbedded 3G in their processors since 2011
No, they don't. The AMT and vPRO system documents says it can only *access* the 3G device, it does not have an receptor inside the processor, at least from what I know there's proof of it. Also, the IHS is made of cooper, they would not be able to receive the signal as a normal smartphone does.
tl;dr citation needed. You're not in 8ch to spread these false news fearmongering here.

>other unsecure chrome features
Are you kidding, right? I hope so.
Also, if your browser has support to javascript you're already fucked.
>private encrypted VPN service
You mean your own VPN using OpenIKED on a secure server, right? If you don't control the VPN, then it's not private.
>routinely wiping out browser history/cookies
You should not have those too.
>HTTPS only
Not needed for sites you only do GET requests, if you're already using IPsec and DNScrypt or Tor (with TorDNS enabled).
>disc encryption to forward secrecy
Forward secrecy has no use for full disk encryption, unless it's a shared encryption (like for encrypted RAID backups). You should instead suggest a good OTP device, like NitroKey. Also, use LUKS or OpenBSD's FDE, not just some random software.

Our list has all the good practices: http://hjvx7xg3n4ejezmh.onion/

I'm biased, but I really suggest you point to this list next time you make some recommendations about security/privacy...

Top | Return | Catalog | Post a reply