Conversation
Notices
-
Embed this notice
inference (inference@plr.inferencium.net)'s status on Wednesday, 17-Aug-2022 00:39:04 JST 
inference
AMD Zen, Zen+, and Zen 2, are affected by Retbleed and cannot be fully mitigated via patches. SMT must be disabled, or a newer CPU used. This marks the end of older Ryzen/Zen-based chips being safe via microcode and security updates. The newer chips have hardware mitigations which the older ones lack, thus software cannot fix it. -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 17-Aug-2022 00:39:03 JST 
@inference Retbleed and all that other CPU attacks are spooks with zero usage in the wild, intended to scaremonger consoomers into buying newer processors with ME/PSP and Microsoft Pluton spyware deeply embedded on the die. Wrongthink likes this. -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 17-Aug-2022 00:43:56 JST
@inference Might as well switch to Windows 11 at this point. -
Embed this notice
inference (inference@plr.inferencium.net)'s status on Wednesday, 17-Aug-2022 00:43:58 JST
inference
@mint There will be open source code available for this soon (if not now), just like previous vulnerabilities. JS is an easy way to exploit a system remotely.
Take as many blue pills as you want, I'll keep taking red. -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 17-Aug-2022 01:04:00 JST
@inference @Hyolobrika As opposed to nigger cattle like you who welcome corporate overlords with open hands to lock their code and data under the "cloud". Hang yourself on your programming socks, please. -
Embed this notice
Hyolobrikator (hyolobrika@gleasonator.com)'s status on Wednesday, 17-Aug-2022 01:04:01 JST 
Hyolobrikator
That's the thing though. How do you avoid these attacks while simultaneously avoiding things like Pluton?
Yes, it doesn't seem to do the bad stuff outside of Windows currently. But it's only a matter of time. -
Embed this notice
inference (inference@plr.inferencium.net)'s status on Wednesday, 17-Aug-2022 01:04:01 JST
inference
@Hyolobrika @mint This is completely unrelated to Pluton or TPMs. It's a CPU issue, which is not at all related to Pluton.
I don't know why this person even mentioned that. They just wanted to make a FOSS cultist statement. -
Embed this notice
(mint@ryona.agency)'s status on Wednesday, 17-Aug-2022 01:07:17 JST
@inference @Hyolobrika Nigger, you were advocating for normalfag IM apps requiring phone numbers like ten posts before. -
Embed this notice
inference (inference@plr.inferencium.net)'s status on Wednesday, 17-Aug-2022 01:07:18 JST
inference
@mint @Hyolobrika That's funny; I'm against the cloud, and I use my own keys. Hahahaha... -
Embed this notice
Hyolobrikator (hyolobrika@gleasonator.com)'s status on Wednesday, 17-Aug-2022 01:15:43 JST
Hyolobrikator
Some TPMs are built into the CPU though. Right? -
Embed this notice
inference (inference@plr.inferencium.net)'s status on Wednesday, 17-Aug-2022 01:15:43 JST
inference
@Hyolobrika @mint Since around 2016, yes, and you should be using them if you care about security.
AMD PSP has fTPM.
Intel has PTT.
The alternative is use insecure and easily exploitable EoL chips for which there are many exploits available online for any website to use, or applications to inject into their code.
Oh, look, there's already one available:
https://github.com/comsec-group/retbleed
And don't forget Meltdown:
https://github.com/paboldin/meltdown-exploit
https://github.com/IAIK/meltdown
https://github.com/Frichetten/meltdown-spectre-poc
https://github.com/deeptechlabs/meltdown
https://github.com/paboldin/meltdown-exploit/blob/master/meltdown.c
And Spectre:
https://github.com/crozone/SpectrePoC
https://github.com/Eugnis/spectre-attack -
Embed this notice
Hyolobrikator (hyolobrika@gleasonator.com)'s status on Wednesday, 17-Aug-2022 01:15:45 JST
Hyolobrikator
> What's stopping the government from taking everyone to a camp and executing them?
In countries such as the USA, guns.
Also, they wouldn't want to kill *everyone* (assuming they'd want to kill anyone). That would mean no-one to work for them or pay taxes.
If they do that, it'll just be "undesirables". likes this. -
Embed this notice
inference (inference@plr.inferencium.net)'s status on Wednesday, 17-Aug-2022 01:15:46 JST
inference
@Hyolobrika @mint What's stopping the government from taking everyone to a camp and executing them?
This level of paranoia is what curses the security and privacy communities. No one is rational about it.
Even RISC-V and POWER etc won't save you, because you never know if they have stuff like this built in, either.
"But muh open source hardware!"
Were you in the fabrication plant when they manufactured the chip? There could be hidden APIs or anything. -
Embed this notice
Hyolobrikator (hyolobrika@gleasonator.com)'s status on Wednesday, 17-Aug-2022 01:15:47 JST
Hyolobrikator
Yes. And what's stopping those chips from being cloud-TPMs like Pluton that do the same scummy shit? -
Embed this notice
Wrongthink (wrongthink@cdrom.tokyo)'s status on Tuesday, 23-Aug-2022 02:03:05 JST 
Wrongthink
@mint @inference The authors of those papers do state that it would be difficult to replicate outside of a lab environment. I don’t think the goal is to scaremonger average buyers as most people have never and will never hear of spectre, meltdown, retbleed or any other CPU execution vulnerability. The real target is probably corporate clients with their obsessive compliance strategies who need to perpetually check all the boxes of arbitrary “security” checklists.
-
Embed this notice
All GNU social JP content and data are available under the