If you're worried about this patch, just don't install it...

It's a top secret kike programm to slow down your computer and sell you new parts to gain as many shekels as possible

By isolating kernel memory in its own address space, the overhead of context switching increases drastically as you essentially flush the TLB and start page-faulting on memory accesses from kernel space.

For your every day use, this overhead is negligible, but for hypervisors running a bunch of VMs or IO intensive workloads needing to drop to kernel mode in order to set up mappings, this overhead drastically affects performance.

This. It's probably already added to a bunch of attack vectors.

>"Update and/or get new hardware"
>JEWS
>"Don't update and use the same hardware"
>JEWS

well my next pc will be amd after all dis years

Is there any hint at all this exists outside of the lab?

No one knows, but seeing how these flaws stretch back to at least ten year old architectures and even possibly as far back as 1995, it's highly probable that they have been both detected and used.

Yes.

Its actually extremely easy

twitter.com/lavados/status/948716579801493506

twitter.com/misc0110/status/948706387491786752

It's always the jews.

t. Sup Forums

That makes no sense, especially your pic related. People will still write exploitative software about any vulnerability, especially this one since only the newest OSes will be patched. Not the old ones, which still will result into a lot of possible gains for the malware writers. You're retarded to think that staying insecure in this situation will be okay because other people won't stay insecure. This is not a virus that goes from an infected guy over to the next guy. This is like, you open a site which has a javascript file that exploits this vulnerability and your memory gets dumped to a server, next you see that people have accessed some of your accounts, maybe even devices on your network, or worse.

>gee we "found" an exploit that was probably used by the NSA until now
>but don't worry! Kike controlled USA suggests you to install this update for saften'sheeit

pic related

I'm assuming he meant before it was discovered.

>before real-world exploits have been made

cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/amp/

Its been known for atleast half a year publicly and accessible since the 90's.

It's a used attack vector.

Sure this is fake news meant to beat down Intel's share price by short sellers.... right?

How does this browser exploit supposedly work?

It literally doesnt need to be a browser exploit bud.

I can listen in on Firefox's address space with any other program by accessing Kernel space. This renders programs like KeePass effectively useless.

>Sure this is fake news meant to beat down Intel's share price by short sellers.... right?
Actually, Intel's stock price went up yesterday and AMD's went down when it was discovered that there was a second side-channeling bug that affected AMD processors.

>How does this browser exploit supposedly work?
It can be ANY userspace process.

Why is her mouth a vagina?

Just remove your front door as well. Front doors are a jewish plot to slow down your movement because you'll have to use your key all the time.

Nobody bothers entering houses because almost anyone has front doors anyways. You'll be fine being "vulnerable". Don't forget herd immunity as well. Because of your neighbors having front doors it prevents the spreading of thieves in your neighborhood.

Cool now show us an implementation that's not just on a specific textbox

Can it dump the whole cache, or just a random snippet around the preemptive execution fail?

Also is it realistic to exploit via javascript, since as I understand it you're measuring tiny changed in execution speed.

The logic would seem to apply to locking doors, since if 99/100 attempts to check for an unlocked door fail, and there's cost to the thief to check (time, potential for getting caught) they won't bother.

>Can it dump the whole cache
Seeing how you can use it to access other userspace process' memory (as proven by this example: ), you can use the speculative prefetching to your advantage and essentially leak any memory.

>Also is it realistic to exploit via javascript
The JavaScript engine also must be exploitable. But protip: they are often riddled with security flaws.

Would injecting a random cache fail every once in a while work to block this exploit?

>It literally doesnt need to be a browser exploit bud.
so are you seriously telling me browser javascript is not isolated at all? it can access winapi and memory just like any other program? cause that sure as fuck sounds like the most severe design flaw in the history of languages

cloud providers are gonna be pissed, that's for sure

>so are you seriously telling me browser javascript is not isolated at all?

It should be but browsers are buggy and vulnerable dozens of MB pieces of shit primarily build to collect and monetize your behavior, preferences and data. Offering a secure web browsing experience isn't even a priority. Because of this browsers are riddled with holes in their JS isolation. Not on purpose but neglect.

kek as if hackers haven't figured out brainlets have this logic

It depends what sort of "mitigations" can be implemented and how quickly they come. I think they mean that they think they can implement fixes with less of a performance hit.

But yeah.

wonder how long it will take for my work laptop to be patched.
The HP keylogger, where simply a file needed to be deleted or removed from autosstart, took them almost half a year to fix

And then the whole cloud infractructure and VM images we use... i bet its all gonna be ignored because "we have a firewall so its all fine, right?"

Yes.

Browsers neglect this kind of exploits because they trust the OS to protect userspace.. only to get fucked even harder by a CPU of all things.

Pre-Quantum Firefox had JS code with full userspace access.

>It should be but browsers are buggy and vulnerable
then it literally does need to be a browser exploit

Forgot to add pic related.

>Pre-Quantum Firefox had JS code with full userspace access.
if that isn't the poorest fucking design, i don't know what is

any browser that runs JS in a VM rather than compiling to native bytecode?

Not sure, I think V8 but its not really relevant since JS code can break out and the VM wont know any better.

Yes, and it's a near given that you are exposed to those. It's important to have multiple layers of security. It's MOST important that your CPU actually does what it claims to do when separating user and kernel data.

they said the same thing about EternalBlue too, but wannacry still did a pretty decent amount of destruction

BTW an immediate work around for the average Joe is to not allow your browser to store anything personal, i.e. clear your browser caches immediately and turn off all browser cache features

Time to start memorizing your passwords

>Time to start memorizing your passwords
A time existed were this wasn't a necessity?

You know, brainlets

That doesn't work. Just typing your password is enough to get them stolen. Your best course of action is to enable two-factor authorization and pray that your phone is still safe.

Wouldn't the offending js need to be running in that case

Well, the OS, the compiler and the compiled browser all rely on the implicit assumption that the underlying CPU is trustworthy. Otherwise all bets are off, they have to trust the CPU. The CPU turned out to be not trustworthy.

Yes. But if its not running ehy care st all? This is all conjecture based on the assumption you are infected.

Friendly reminder to you faggots: wannacry used an exploit which was patched three months earlier

Can these exploits actually inject malware, i.e. ransomware or btc miner, to my system or is it all about accessing data in memory, i.e. 'Looks like user has password manager running and his gmail password is x' ?

As people said before I assume some still use older Firefox versions (access to whole user space apparently), so I assume it would be possible for an attack to take place from visiting a site?

Also, this reminds me of the Microsoft keylogger stuff that was going on. They won't need that anymore it seems

Yes. Thats literally the worst offender for this bug aside from Cloud servicing that can theoretically break out of its VM and infect the hypervisor.

New info from benchmarks coming in from all over. Cloud services and databases expected to take the biggest hits. Gaming is minimal to noticeable depending on setup ( Intel + nVidia are double combo'd since nVidia relies on CPU cycles for draw calls)

I personally know certain giant orgs I worked in all use Xeon tech and VMs and lots of In-memory databases.

Everyone is out for Intel's blood. The fact its very easy to exploit, combined with the fact it existed for two decades and cannot be fixed without killing server performance makes this one of the biggest fuckups in computation history.

Intel's new lines are also infected. The CEO bailed. They are finished.

AMD has got to own fabs again
this is too good to pass up on

>>/d/