Intel CPU Security Alert For Millions Of Users As ‘Unfixable’ Crypto Flaw Revealed An "unfixable" crypto vulnerability with impossible to detect exploits has been confirmed. [forbes.com...]
iamlost
5:38 pm on Mar 9, 2020 (gmt 0)
On the bright side it requires (to date ) local physical access so don’t let your server wander unattended. Note: it’s a second-fractional timing attack so even with access not a script kiddie target.
On the other hand if enough enterprise IT departments freak and the choice is latest Intel or AMD Epyc...
Disclaimer: my servers run (Naples, 1st generation) Epyc 7551P and they are awesome :)
Dimitri
6:47 pm on Mar 9, 2020 (gmt 0)
As web hosts will renew their servers, I am sure they'll massively move to AMD.
Very long ago, my first "big" dedicated server was an Opteron and it was amazing, but then I always ended rending Intel, because this is what was mostly available.
lammert
11:51 pm on Mar 9, 2020 (gmt 0)
"To fully compromise EPID," Ermolov said, "hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS)." This is not trivial by any means, and there is no evidence that anyone has figured out how to obtain the hard-coded hardware key component directly.
"We believe that extracting this key is only a matter of time," Ermolov warned, adding that when this does happen, then "hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."
One word: FUD
graeme_p
5:38 pm on Mar 10, 2020 (gmt 0)
So this compromises some DRM and some encryption.
How it works IMO confirms that it is bad to have an OS in firmware running everything else. Most of us never wanted or needed more than a simple old style BIOS.
