Intel svinjarija
(1 korsinik/a gleda/ju temu) (1) Gost

Intel svinjarija


MacPro5,1 | MacPro2,1 | MacMini2,1 | MacbookPro3,1 | iPhone 6S
04.01.2018 | 08:58
skineš update i imaš sporu kantu hahahahaha
04.01.2018 | 10:23
Vidio jučer u podne i odmah mi je pao mrak. Sada treba vidjeti kako će Apple to riješiti, da li će nuditi zamjenu proca (što sumnjam) ili će napraviti OS patch koji će nadam se imati što manji impact na brzinu. Ovih 30% mi je pre strašno. Kao da vozimo sa jednom jezgrom manje. Nabijem ih sve skupa.

UPDATE:
Hmm izgleda da je ovo u 10.13.2 već pokriveno - twitter.com/aionescu/status/948609809540046849

UPDATE 2:
sorry Super tek sam sada vidio da se tvoj post također referencira na istu vijest.
04.01.2018 | 12:03
OK, bez panike, Apple je to izgleda ipak elegantno odradio.

Usporenje je maleno, sada sam mjerio:

Relativno uobičajen i5 quad-core 3.2GHz: prije 52.4 gigaflopsa, a nakon patcha 52.1 gigaflopsa.

"Nothing to see here, move along, move along...'"
04.01.2018 | 13:41
Dobro, jel te informacijske tehnologije s godinama napreduju ili nazaduju? Pitam onako ko sirovi građevinar.
Ovakav scenarij je sličan onom kao od nedavno vezano za ajfone. Prevare za prevarom. Mislim, da su barem kreativniji u tome.
04.01.2018 | 19:51
dpasaric kaže:
"Nothing to see here, move along, move along...'"


05.01.2018 | 17:22
Cijela ova industrija je obična smijurija sa stanovišta sigurnosti. Al ozbiljno.

Ne volim bez veze to stano ponavljati jer djeluje ko ona klasična 'cry wolf' priča, ali svaki dan dolaze nova saznanja da 'naši uređaji' uopće nisu naši. U njih ulazi tko god si da malo truda kad god poželi.

Bilo je tu govora oko NAS uređaja i par puta su ljudi pitali za WD MyBook mrežne diskove i svaki put kad bih to vidio napisao bih da to jednostavno treba izbjegavat. Ja sam nasjeo jer su mi ih preporučili, a koliko vidim svi dućani ih prodaju. Meni su uvijek bili sumnjivi jer po cijele dane nešto roštaju po diskovima umjesto da spavaju kad ih nitko ne dira. Osobno sam se spajao na svoj iz terminala i ubijajo procese ili čak brisao neke stvari sa diskova da se ne pokreću.

E, pa danas nova vijest. Sve je zapravo puno gore nego što sam mislio: Critical Unpatched Flaws Disclosed In Western Digital 'My Cloud' Storage Devices.

Gomila problema, jedan od najbezobraznijih: Researchers also found the existence of a "classic backdoor"—with admin username "mydlinkBRionyg" and password "abc12345cba," which is hardcoded into the binary and cannot be changed.

Svašta.
05.01.2018 | 20:53
Ništa nije slučajno.
Kao diler i ovisnik. Dam ti skoro badava, pa te uzmem jer ti cijeli život ovisi o tome, pa ponekad misliš da je sve pod kontrolom. A u stvari ništa nije pod kontrolom, odnosno ti si pod kontrolom.
06.01.2018 | 00:23
Ma dobro, ali hardkodirani back door... pa to je stvarno - ono... potpuna arogancija... :/
06.01.2018 | 08:29
Kad je snimljen NET sa Sandrom Bullock? Prije 20 godina?... E pa....
06.01.2018 | 08:50
Lamentirate umjesto da date rjesenje.
Treba to i to napraviti.
Smrt komunizmu, fašizmu i antifašizmu.
06.01.2018 | 10:32
Mi maleni i nemamo problem, Apple je sigurnosno rješenje izdao, vozimo dalje. Pravi problem su naši podaci kod drugih koji bi na nedovoljno zaštićenim strojevima mogli lakše procuriti u nekom novom hakerskom skandalu, a tu pak malo možemo učiniti.

Meni je u cijeloj priči bilo zadovoljstvo da je Apple tako super-brzo reagirao i potpuno tiho sredio stvar, dok Microsoftov službeni support nije *niti znao* što se događa!

06.01.2018 | 11:56
A sto je sa starijim OSX-ima? Recimo 10.11 ili sa iOS-m 10.3.3?
Smrt komunizmu, fašizmu i antifašizmu.
06.01.2018 | 11:58
To je dobro pitanje, ali nitko ništa ne spominje o tome, barem ne za sada.
06.01.2018 | 12:29
WTF, ljudi, ajmo malo s razumijevanjem... Dakle, taj problem s intel procesorima mora biti zlonamjerno i ciljano iskorišten, ne može se dogoditi slučajno. To mora biti program koji se izvodi lokalno, jer mora biti napisan low level (ne može to biti neka java skripta s neke web stranice), dakle moraš ga sam na svoj komp staviti i pokrenuti. Također, čim treba takav pristup procesoru, mora biti napisan tako da prilikom pokretanja traži administratorsku ovlast (ili sudo iz terminala).
Dakle, moraš skinuti s neta neki program iz neprovjerenog izvora, pokrenuti ga i passwordom odobriti da napravi rusvaj. Dosta stepenica. Ne postoji bolja zaštita od malo zdrave pameti...
06.01.2018 | 16:08
Ni da ni ne

> Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques.

support.apple.com/en-us/HT208394
06.01.2018 | 23:12
Morao bi vidjeti daleko precizniju i detaljniju tehničku podlogu pa da povjerujem u to.
07.01.2018 | 00:26
Imaš tu sve što možeš poželjet: spectreattack.com ali mislim da to razumiju samo oni koji dizajniraju procesore za plaću.

A tu imaš nešto za normalne ljude
07.01.2018 | 15:03
Hvala, ali drugi link je broken, a u prvom ne iščitavam ništa na temu toga kako bi malware mogao biti izveden iz javascripta
07.01.2018 | 16:07
Meni drugi link otvara normalno

Evo;



What are Meltdown and Spectre? Here’s what you need to know.
January 5, 2018 Jon Masters, chief ARM architect, Red Hat

Recent press reports talk about a newly discovered form of security threat that involves attackers exploiting common features of modern microprocessors (aka chips) that power our computers, tablets, smartphones, and other gadgets. These attacks, known as “Meltdown” and “Spectre”, are getting a lot of attention. People are (rightly) concerned, and it’s of course very important to apply all of the necessary software updates that have been carefully produced and made available. Technology leaders, including Red Hat, are working together to address these exploits and minimize the risk of potential attacks.

At Red Hat, we’ve been working on mitigations for potential attacks under standard industry security embargos, deploying small, targeted teams operating on a “need to know” basis in order to prepare ahead of public disclosure. I was fortunate enough to be co-leading our efforts at mitigation of Meltdown and Spectre, alternatively known as variants 1, 2, and 3 of a family of similar attacks disclosed by Google Project Zero in a blog post on January 3rd. In the course of our efforts, we reproduced Meltdown (variant 3) in our labs, and examined other variants, while working alongside many of our trusted hardware partners on mitigations.

While we have a solid understanding of these vulnerabilities and the current analysis of the contributing factors as well as patches to mitigate their potential impact, we will continue to collaborate with our partners, customers and researchers on this situation. Additionally, we would like to help others to understand these complex issues, ideally using language and terms that don’t require the reader to be in the chip design business. For those who want in-depth technical details, the original research papers and associated publications are available at meltdownattack.com/ and spectreattack.com/, but it’s worth also keeping in mind that many of those involved in identifying these exploits have extensive backgrounds in academic computer architecture research. At least one of them received a Ph.D. in a related area last year. So don’t feel bad if it takes a few passes to really dig into the technical details - this is very complex and detailed stuff.

To get going, let’s understand a bit about “speculative execution” by looking at an everyday analogy.

Suppose a regular customer visits the same coffee shop and orders the same caffeinated beverage every morning. Over time, the customer gets to know the baristas, who become familiar with the customer’s order. Seeking to offer good service (and save their valued customer some time standing in line) the baristas eventually decide to begin preparing the customer’s order when they wave at them as they enter through the front door. But one day, the customer changes their order. Now the barista has to throw away the previously prepared coffee and make a new one while the customer waits.

Taking the analogy one step further, suppose the baristas know the customer’s name, and they like to write that name using a permanent marker on their cup. When they speculatively prepare the usual beverage, they write the customer’s name on the cup. If the customer comes in with a different order, the speculated cup is thrown away along with its contents. But in so doing, the cup’s personally identifiable information is briefly visible to anyone watching.

This coffee shop scenario involves speculation. The staff doesn’t know for sure when the customer comes in that they’re going to order a latte or an Americano, but they know from historical data what the customer usually orders and they make an educated guess to save the customer waiting. Similar speculation happens throughout our everyday lives because such guesses often turn out to be true, and we can get more done in the same amount of time as a result. It’s like this with our computers. They use a technique known as “speculative execution” to perform certain processing operations before it is known for certain that those operations will be required, on the premise that these guesses often turn out to save time.

In the case of computers, speculative execution is used to decide what to do when confronted by a test like “if A, do this; otherwise, do that”. We call these tests conditions, and the code that executes as a result is part of what we term a conditional branch. A branch just means a section of the program that we choose to run in response to whatever the result of the condition turns out to be. Modern computer chips have sophisticated “branch predictors” that use fancy algorithms to determine what the result of the conditional test is likely to be while that test is still being calculated. In the interim, they speculatively execute code in the branch that seems to be most likely to run. If the guess turns out to be right, the chip appears to run faster than waiting for the test to complete. If the guess is wrong, the chip has to throw away any speculative results and run the other branch. Branch predictors are often over 99% accurate at guessing.

As you can see, the potential performance benefit from a chip speculatively executing the correct branch of code is significant. Indeed, speculative execution is one of the many optimizations that have helped to dramatically speed up our computers over the past couple of decades. When implemented correctly, the resulting performance benefit is substantial. The source of the newly discovered problems come from the chip design attempts to further optimize by assuming that speculation process is a black box that is completely invisible to outside observers (or bad guys).

Conventional industry wisdom was that whatever happened during the process of speculation (known as a “speculative execution window”) was either later confirmed and the results were used by the program, or it was not used and completely discarded. But it turns out that there are ways attackers can view what happened within the speculation window and manipulate the system as a result. An attacker can also steer the behavior of branch predictors to cause certain code sequences to run speculatively that should never normally have been executed. We expect these vulnerabilities and other similar flaws which could exploit speculative execution to lead to fundamental changes in the way that future chips are designed so that we can have speculative execution without security risks.

Let’s dive a bit deeper into the attacks, starting with Meltdown (variant 3) which received a lot of attention because of its broad impact. In this form of attack, the chip is fooled into loading secured data during a speculation window in such a way that it can later be viewed by an unauthorized attacker. The attack relies upon a commonly-used, industry-wide practice that separates loading in-memory data from the process of checking permissions. Again, the industry’s conventional wisdom operated under the assumption that the entire speculative execution process was invisible, so separating these pieces wasn’t seen as a risk.

In Meltdown, a carefully crafted branch of code first arranges to execute some attack code speculatively. This code loads some secure data to which the program doesn’t ordinarily have access. Because it’s happening speculatively, the permission check on that access will happen in parallel (and not fail until the end of the speculation window), and as a consequence special internal chip memory known as a cache becomes loaded with the privileged data. Then, a carefully constructed code sequence is used to perform other memory operations based upon the value of the privileged data. While the normally observable results of these operations aren’t visible following the speculation (which ultimately is discarded), a technique known as cache side-channel analysis can be used to determine the value of the secure data.

Mitigating Meltdown involves changing how memory is managed between application software and the operating system. We introduce a new technology, known as KPTI (Kernel Page Table Isolation), which separates memory such that secure data cannot be loaded into the chip’s internal caches while running user code. Taking extra steps every time application software asks the operating system to do something on its behalf (we call these “system calls”) results in a performance hit. The degree of performance hit varies roughly in line with how frequently an application needs to use such operating system services.

The Spectre attack has two parts. The first (variant 1) has to do with “bounds check” violation. Once again, when speculatively executing code, the chip might load some data that is later used to locate a second piece of data. As part of a performance optimization, the chip might attempt to speculatively load the second piece of data before it has validated that the first is within a defined range of values. If this happens, it is possible to arrange for code to execute speculatively and read data it should not into the system caches, from where it can be extracted using a side-channel attack similar to the one discussed before.

Mitigating the first part of Spectre involves adding what we call “load fences” throughout the kernel. They prevent the speculation hardware from attempting to perform a second load based upon a first load. These require small, trivial, and not particularly performance-impacting changes throughout the kernel source. Our toolchain team has developed some tooling and worked with others to help determine where these load fences should be located.

The second part of Spectre (variant 2) is in some ways the most interesting. It has to do with “training” the branch predictor hardware to favor speculatively executing pieces of code over those it should be executing. A common hardware optimization is to base the behavior of a given branch choice upon the location in memory of the branch code itself. Unfortunately, the way in which this memory location is stored isn’t unique between an application and the operating system kernel. This allows for the predictor to be trained to speculatively run whatever code the attacker would like. By carefully choosing a “gadget” (existing code in the kernel that has access to privileged data) the attacker can load sensitive data in the chip caches, where the same kind of side-channel attack once again serves to extract it.

One of the biggest problems posed by this second part of Spectre is its potential to exploit the boundary between the operating system kernel and a hypervisor, or between different virtual machines running on the same underlying hardware. The branch predictor can be trained by one virtual machine to cause privileged code in the hypervisor (or another virtual machine instance) to access trusted hypervisor data which can be extracted using a side channel. This poses a significant risk to private and public cloud environments running unpatched servers.

Mitigating this second part of Spectre requires that the operating system (selectively) disable branch prediction hardware whenever a program requests operating system (system call) or hypervisor services, so that any attempt by malicious code to train the predictor won’t carry over into the operating system kernel, the hypervisor, or between untrusted virtual machines running on the same server. This approach works well, but it comes at a performance penalty that is not insignificant. Red Hat’s patches will default to implementing the security change and accepting the performance impact, but we’ve also added system administrators the ability to toggle this (and all the implemented settings) on or off. We are also working with the larger Linux community to reduce this impact over time by examining alternatives to disabling branch prediction. One possible alternative is known as a “retpoline”, a specially contrived way to run operating system kernel code the prevents incorrect branch speculation.

Hopefully, this post has given a little more insight into these highly sophisticated attacks. Exploiting them is far from trivial, mitigations are possible, and while some examples are now available online for Meltdown (variant 3), patches are available via updates shipping from major vendors like Red Hat. Over time, additional, related vulnerabilities may be discovered, and example code to exploit them posted online, so it’s important to keep up to date with security fixes as they become available.

It’s important to bear in mind that these are early days following the discovery of an entirely new class of system security vulnerabilities, and, as a result, mitigations and associated best practice advice may change over time. We will continue to work with industry leaders and the open source communities to protect our customers from these and other known vulnerabilities and make Linux even more robust against attacks like Meltdown and Spectre. Over the coming months, we will post more about this work and keep customers updated on any guidance relating to our products. To learn more, visit access.redhat.com/security/vulnerabilities/speculativeexecution


i video iz članka:

07.01.2018 | 19:13
Je, sad s kompa i meni otvara. S iPhonea je bilo 404.
Hvala!
07.01.2018 | 19:51
IgorD kaže:
Imaš tu sve što možeš poželjet: spectreattack.com ali mislim da to razumiju samo oni koji dizajniraju procesore za plaću.

A tu imaš nešto za normalne ljude


Onaj tko je opisao taj problem za obične ljude, je vjerovatno profesor, jer sam i ja, koji o tome nemam pojma stekao dobar uvid kako to funkcionira. Osobno bi uvjek bio za to da pričekam koju sekundu ili milisekundu i bio siguran da ću dobiti to što sam tražio, nego da mi procesor bude baba vanga.
Odmah sam se sjetio tropskih krajeva, kad sam tražio kakav starbuck coffee, da popijem normalnu kavu, a ne onu njihovu od dva decilitra. Uvjek me je iritiralo kad sam morao reći kako se zovem, pa da mi napiše ime na šalici...daj mi kavu i pusti me da živim.
07.01.2018 | 20:04
U kojem je to svemiru Starbuck's kava - normalna?
07.01.2018 | 20:12
smayoo kaže:
U kojem je to svemiru Starbuck's kava - normalna?

Pa tamo ima i espresso kave...ustvari jedino tamo ili u nekom Hiltonu i sl.
07.01.2018 | 20:44
A, to...? Misliš - imaju espresso makinu pa je onda to što oni iscijede iz nje - kobajagi normalna kava?
07.01.2018 | 20:56
Neznam jel zaebavaš ili ne, ali imaju kratki espresso. Ustvari meni je najbolji espresso doma, imam ovaj aparat www.elipso.hr/mali-kucanski/aparati-za-k...LONGHI-ECAM22.360.S/ i kupim si kilu kave za 250 kn i guštam
07.01.2018 | 21:15
cariblanco kaže:

Onaj tko je opisao taj problem za obične ljude, je vjerovatno profesor, jer...


Nije profesor
Mislim da trenutno radi kao kernel developer u RedHatu, a inače je prije pisao za LinuxMagazine pa je stekao iskustvo pisanja jednostavnim jezikom da ga narod razumije
09.01.2018 | 11:56
I koji je onda zaključak na kraju? Napraviti IOS update na 11.2.2!
09.01.2018 | 16:27
Ja sam napravio update na 11.2.2. i ne primjećujem neke probleme. Neka tako i ostane.
13.01.2018 | 01:41
Ovo sa Intelom iz dana u dan postaje sve gore i nekako mi se čini da su u Intelu dobro znali što su napravili

thehackernews.com/2018/01/intel-amt-vulnerability.html

... i onda pogledate malo širu sliku oko Intela i naletitie na ovo: www.fool.com/investing/2017/12/19/intels...-a-lot-of-stock.aspx

Sad malo teorije urote, ali možda nije bez vraga Apple još 2010. godine počeo petljati oko kombinacije OSX-a + ARM.
  • Stranica:
  • 1
  • 2

Vikalica™

Zadnja poruka: pred 1 dan, 15 sati
  • gladhr2: evo jedan misterij pa znalci prihvatite se izazova haha [link] :D
  • Ljut k0 Ri5: neznam zašto ali ne objavljuje mi odgovor na- brzom odgovoru- nego sam morao na -odgovor-
  • cariblanco: Zato kaj si ljut kao ris, da si normalno ljut, valjda bi objavilo :)
  • Riba: Što se dogodi? Ništa?
  • Ljut k0 Ri5: zašto ne želi objavit brzi odgovor u forumu?
  • Soffoklo: [link]
  • Soffoklo: OS X-ovi zadnjih 13 godina su imali prilicnu rupu koja je tek nedavno pokrpana i to samo u novijim OS-ovima
  • Miro Spiro: Znaci moram prebaciti cijeli kontroler sa razbijenog na novi da bi radio
  • big_mac: [link]
  • smayoo: Ne, konektori za osvjetljenje su isti, ali za panel nisu...
  • stefanjos: steta da nema vise, vidit cemo onda cemo morati rucno
  • robee: Tesko...poznavajuci Apple, moguce da se radi o potpuno istim panelima ali sa drugacijim konektorima cisto zato da sew ne moze kombinirati :)
  • Miro Spiro: Koliko vidim konektori su razliciti za osvjetljenje ili grijesim?
  • Miro Spiro: [link]
  • smayoo: Da... Vjerojatno je jedini način za doznati - da se proba...
  • Miro Spiro: Smayoo: Gledao jesam ali se i oni raspravljaju oko oznake SDB1 i SDB3 na kraju serijskog broja!
  • robee: login
  • robee: Ili prije kupnje napraviti loigin na svoj iCloud pa ako ti dozvoli onda je FMiP iskljucen.
  • songoku: Jedini nacin za saznati je li FMiP ukljucen je zvati AppleCare
  • songoku: @stefanjos Nema ti tog odavno, Kinezi zlorabili za laziranje sn na FMiP zakljucane telefone, pa je Apple ukinuo skroz
  • stefanjos: Ne mogu naci activation lock check, gdje je to nestalo? Frend kupuje iphone a trebo bi provjerit serijski
  • smayoo: Vjerojatno. Jesi gledao na ifixit? Ako ima decidiranog odgovora negdje na netu, to je tamo
  • Miro Spiro: Da li bi se onda mogao jedan zamijeniti sa drugim?
  • zabac: Fali plus u zagradi
  • zabac: @Riba misliš kao 2*2*2*2*(2 2/2)-2 :)
  • Riba: Ma nabadam bezveze, znat će se već, iako nije ni bitno.
  • smayoo: Sve je moguće, ali nije imala neki kaotičan i neuredan život kao Whitney Houston ili Michael Jackson...
  • Riba: Samo zbrajam dva i dva :)
  • Riba: Pa ono, 46 godina, nagla smrt u hotelskoj sobi, poznata osoba.
  • smayoo: Bob Rock kaže - bolje živjeti 100 godina kao bogataš, nego 1 dan kao siromah! :D
  • smayoo: Ne zna se o čemu se radi. Zašto bi bilo samoubojstvo?
  • Riba: Grunf bi rekao, bolje imati sve i imati problema, nego nemati ništa i imati problema! :)
  • cariblanco: R.I.P. i onda netko kaže da oni koji imaju sve nemaju problema, sve je to relativno
  • DrAle: ;(
  • Riba: Malo smrdi na suicid.
  • zabac: Vršnjakinja. Shit. :-( RIP
  • Riba: :(
  • smayoo: R.I.P. Dolores O'Riordan :(
  • smayoo: ja ih ne znam
  • VanjusOS: stavljaju li dobre ekrane na iphone, "original" ili..?
  • VanjusOS: znali netko iService servis iz Rijeke, kakvi su?
  • robee: Koliko ja znam je. Cinema trosi i znatno manje struje.
  • Miro Spiro: Da li je panel thunderbolt display-a i cineme 27" isti?
  • stefanjos: Lol
  • smayoo: Savršeno nemaš pojma o čemu pričaš. MacKeeper je najgori malware koji za Maca postoji.
  • Mate22: Ja imam MacKeeper na svim mac računalima u kući i meni radi savršeno to ti je savršena stvar za održavat MAC u životnoj formi.
  • stefanjos: Big mac. Nemam stream on
  • rusty: kako su jaki ovi spam postovi panike... vrh
  • smayoo: NE instaliraj MacKeeper i piši u forum
  • igorio: ili ovo piše lažnjak virus virus a ustvari ne dira procesor nikako ni os

Za vikanje moraš biti prijavljen.

Prijava

Prisutni jabučari

Novo na Jabučnjaku

Teme

Poruke

Anketa

Kupujete li neku od Apple novosti?

Page Speed 5.33 Seconds

Provided by iJoomla SEO