Does anyone else think that Meltdown and Spectre are overhyped? Don't get me wrong, exploits with that much versitality are dangerous, but why should we give a shit if we have good computer practices.
PS: I'm speaking from the perspective of a consumer using a personal computer
Meltdown requires the ability to execute code to be activated, so as long as you don't run suspicious binaries you're fine.
Spectre can get in through your browser and shit, but it still needs to get past ASLR with code execution, again, as long as we don't run suspicious binaries we're fine
IK both exploits are important for cloud computing companies and other high priority targets, but they've already had time to prepare for this.
Carson Wood
Fuck off, intel
Hudson Rivera
>but why should we give a shit if we have good computer practices. >PS: I'm speaking from the perspective of a consumer using a personal computer
if both of these are true, you are the minority. You should know people are retarded. And on top of that, nobody is perfect.
Ian Jackson
Oy gevalt yes, just yesterday I was talking about this with my good friend Schlomo. He totally agreed that the goyim are overreacting. It's like another shoah! It's like "Germans, fight back! Don't buy from Jews!" all over again! Those filthy dumb goyim! Don't you agree?
Isaac Parker
>so as long as you don't run suspicious binaries you're fine. I was under the impression that any code written to exploit this, could. So, for instance, something hidden in a webpage, or literally, anything you may use and trust. Am I wrong, here? I don't know what the hell to think anymore.
Juan Cruz
Meltdown seems real serious, especially on a shared cloud server. Specter looks more wide spread but way harder to exploit.
Jayden Mitchell
>every datacenter on the planet using an Intel chip has to roll out hacked together software patches and mitigate unexpected performance drops >intel can't do a fucking thing about it until their next architecture is ready later this year >overhyped
From a consumer perspective, this is actually pretty OK news since it means the Intel/AMD playing field will be leveled.
Ethan Bennett
>>intel can't do a fucking thing about it until their next architecture is ready later this year wont it take a lot longer than that for them to redesign their entire chip arch?
Ian Butler
>NSA/Mossad: People won't update to a mandatory W10 processor? >NSA/Mossad: Well fuck them, FORCE them off it Literally all this is
Elijah Ross
>Intel ME cracked >some hardware resellers start offering option of option of ME disabled out of the box >oy vey >within months.. front page news: this is the end of the world!!11 >all processors bugged, flawed, finished and bankrupt!!11 >a few more months.. >here's your new processor, goy, we fixd for you! >undetectable and irremovable LTE botnet built right into the chip its not raining, someone is just pissing on you. problem, solution. same as it ever was
Luis Edwards
>n-nothing to w-worry here a-anons Fuck off, shill
Jordan Nelson
Because Spectre exploits branch prediction and affects almost all processors with branch prediction today, that might be a very hard fix. Meltdown, on the other hand, is probably much simpler to fix since it's exploiting some feature of the Intel chip that Intel can modify, replace, or remove. I heard about an exploit a few months back that used a legacy feature on Intel chips released before Skylake. In that case, the feature was essentially useless but had been left in chip designs more or less because it had just been overlooked for quite some time.
Gavin Scott
How about this? someone targets a cloud service which relies on vulnerable software and boom. I hope you don't use dropbox or stuff like that.
Aaron Anderson
(meant to say vulnerable hardware*)
Ethan Baker
This is a huge fucking flaw from a business POV.
Also, what if your purse (because you're a fag) was see through and the maker of the purse said "lol just put a piece of cloth over it" instead of making opaque purses, and then forced you to buy them because their market share was so huge and that was the only convenient purse you could get?
Matthew Diaz
Meltdown could be exploited from a malicious ad or script on a website to gain higher than root/admin privileges and basically do whatever it wants with your computer, including using your camera/microphone, running a keylogger, grabbing stored passwords/keys, reading sensitive information stored on the computer, and lots of other really bad shit. This also applies to VMs with Amazon/Google/other VM hosts to gain this kind of access to OTHER VMs running on the same host. This is possibly the biggest fuck-up in the history of computing.
Cooper Hughes
go back to fucking your sister, cletus
Jackson Bell
Both Meltdown and Spectre can be done through Javascript so long as they have access to precise enough timers.
Benjamin Morris
Also, this.
It's not only a matter of not running malicious code, a malicious actor could purchase hosting on a service and use the malicious code to break out of the virtual machine and gain access to the server and potentially many other machines on the network.
Think about that for a second. Getting access to any website on a host you desire just by paying for a basic hosting plan.
Michael Hughes
Ultimately, none of the fears are confirmed or disproof yet, so you dont know how far reaching the problems are as well as ramifications from inaction. Or it could be nothing. Point is [eople just simply dont know what the fuck is gonna happen next, and they dont wanna find out - cant afford it - thats why they react the way they did. Yeah both options are shitty, but one is not as shitty as the other so it will do until further. Not knowing fucking suck, especially when your sole purpose is to know.
James Wright
Thats what i thought until i got the update and all my games are unplayable stutterfests now
Jaxon Barnes
>Intel flaws allow drive-by JavaScript to read anything from ram such as passwords, SSH and encryption keys >allows any VM to read memory of every other instance on the host >Intel sat on this for six months and didn't tell anyone >only became public knowledge when Intel tried to sneak in Linux patches over xmas
Aiden Mitchell
>some hardware resellers start offering option of option of ME disabled out of the box No, they're not. They say they're going to do that, but they haven't done it yet.
Jacob Hall
>>Intel sat on this for six months and didn't tell anyone Other players were told about it, including Microsoft and Apple, and possibly some Linux devs, because they were working on patches, if not already implementing them, before it became public knowledge. >>only became public knowledge when Intel tried to sneak in Linux patches over xmas This is hardly a problem. As soon as you start putting mitigations into an open source project it's only a matter of time before it becomes public knowledge. They probably waited on Linux until Microsoft and Apple were done or close to done with their patches so that when it did explode into the public arena there would be little delay between that and most platforms getting their patches.
Colton Wright
Yes, Dell has the option. System 76 also announced firmware update plans disabling Intel ME and having it disabled by default in future.
Plus there's always just doing it yourself by flashing the EEPROM. But that won't matter much going forward since all Intel processors are deprecated now.
Hunter Cruz
Buy superior CPUs like Intel Atom and Raspberry Pies, Obama!
