FORUM RULES - READ BEFORE POSTING
We don't have a great many rules on this forum. The ones we do have are mostly common sense but there are a couple which you do need to pay close attention to. You can read the latest version of the rules here: viewtopic.php?t=5958

Another Intel Processor flaw

Kick back and talk about anything here. Music or non Music related..Anything goes....within reason!

Moderators: Derek, parametric, Saul

User avatar
Derek Wales
Global Moderator
Global Moderator
Posts: 6499
Joined: Fri Dec 07, 2007 12:00 am
16
Where Are You Located?: Wales, UK

Another Intel Processor flaw

Unread post by Derek »

I'm surprised this has not been more widely reported. I have only seen this from a Telegraph newsletter so far

Details on the Attack

From the Telegraph news letter...
Intel has revealed another potential security flaw in its products which could expose sensitive data, the third time it has had to disclose a vulnerability in its systems since the start of the year.

Intel said the flaw in its SGX technology, nicknamed Foreshadow, had been discovered by separate groups of researchers, and could be exploited to access data from a chip's memory.

The SGX feature, or Software Guard Extensions, was created to protect sensitive data, creating enclaves on the processor that it was thought could not be accessed if the main computer was compromised.

Intel said it was "not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices".

It urged users of its products to update their systems, although said a limited number of server computers were at risk.

"We are diligent in these efforts because we recognise bad actors continuously pursue increasingly sophisticated attacks, and it will take all of us working together to deliver solutions," it said.
It appears to circumvent the Software Guard eXtensions (SGX) feature that allows user-level code to allocate private regions of memory, called enclaves, that are protected from processes running at higher privilege levels. Intel designed SGX to be useful for implementing secure remote computation, secure web browsing, and digital rights management (DRM)
Regards
Derek Cook

http://www.carregddu.co.uk
http://www.echoes-music.co.uk
http://www.xfactory-librarians.co.uk
http://www.ex5tech.co.uk
User avatar
Saul Ukraine
Site Admin
Site Admin
Posts: 16556
Joined: Sun Feb 01, 2004 12:00 am
20
Where Are You Located?: Nr Brighton, UK

Re: Another Intel Processor flaw

Unread post by Saul »

Yeah I was reading about that on https://www.theregister.co.uk/ and like you Derek I am very surprised this is not getting more media attention. This is BIG! Makes you wonder what other flaws are yet to come to light?
Saul
Site Admin

If I have been able to help you in some way you can Buy Me A Coffee Here.

Image
Brand Ambassador For Dowina Guitars
Acoustic Guitar Reviews On Facebook
Subscribe To Our YouTube Channel!
Follow us on Twitter @YamahaMusicians
Follow Us On Facebook
Dowina Acoustic Guitars: Dowina Cabernet DC
Dowina Chardonnay GAC DS - Dowina Rustica GAC - Dowina Marus - Dowina Puella

LAG T88A, Breedlove Signature Concert Copper E, Breedlove Pursuit Exotic Concert CE Koa, Walden D640T, Tanglewood TRSJ-VS, Vintage VE2000GG.
User avatar
Derek Wales
Global Moderator
Global Moderator
Posts: 6499
Joined: Fri Dec 07, 2007 12:00 am
16
Where Are You Located?: Wales, UK

Re: Another Intel Processor flaw

Unread post by Derek »

And the irony is it is in the extensions that is meant to prevent such attacks!
Regards
Derek Cook

http://www.carregddu.co.uk
http://www.echoes-music.co.uk
http://www.xfactory-librarians.co.uk
http://www.ex5tech.co.uk
User avatar
Saul Ukraine
Site Admin
Site Admin
Posts: 16556
Joined: Sun Feb 01, 2004 12:00 am
20
Where Are You Located?: Nr Brighton, UK

Re: Another Intel Processor flaw

Unread post by Saul »

Yes indeed. So many things apparently out there to protect us that do pretty much the opposite. I think it would be safe to say a lot of the tech we rely on and think of as robust and secure either has hidden flaws in it or at some point a hacker will find a way through the protection. It's inevitable really
Saul
Site Admin

If I have been able to help you in some way you can Buy Me A Coffee Here.

Image
Brand Ambassador For Dowina Guitars
Acoustic Guitar Reviews On Facebook
Subscribe To Our YouTube Channel!
Follow us on Twitter @YamahaMusicians
Follow Us On Facebook
Dowina Acoustic Guitars: Dowina Cabernet DC
Dowina Chardonnay GAC DS - Dowina Rustica GAC - Dowina Marus - Dowina Puella

LAG T88A, Breedlove Signature Concert Copper E, Breedlove Pursuit Exotic Concert CE Koa, Walden D640T, Tanglewood TRSJ-VS, Vintage VE2000GG.
User avatar
tux Kiribati
Senior Member
Senior Member
Posts: 1303
Joined: Wed Oct 10, 2012 1:42 am
11
Where Are You Located?: Europe

Re: Another Intel Processor flaw

Unread post by tux »

I wouldn't call them flaws, these are backdoors that were added on purpose to make life easier for the various 3 letter agencies.
Remember the Snowden Documents?
All key US Tech companies collaborate with the 3 letter agencies by providing backdoors in their products, so this is no longer a conspiracy theory but rather a proven fact.

Furthermore basically all Intel cpus of the last 15 years (since the Centrino) have been designed in Israel and the Israelis are well known for putting backdoors for their own security services in their tech products.
RM50 Manager - Yamaha RM50 patch editor
My Yamaha synths: RM50, TG77, TG500, CS6R (with PLG150-AN)
User avatar
Derek Wales
Global Moderator
Global Moderator
Posts: 6499
Joined: Fri Dec 07, 2007 12:00 am
16
Where Are You Located?: Wales, UK

Re: Another Intel Processor flaw

Unread post by Derek »

I’m not convinced that a speculative execution attack is a deliberate backdoor. what makes you say that? That does sound like conspiracy theory to me.....
Regards
Derek Cook

http://www.carregddu.co.uk
http://www.echoes-music.co.uk
http://www.xfactory-librarians.co.uk
http://www.ex5tech.co.uk
User avatar
tux Kiribati
Senior Member
Senior Member
Posts: 1303
Joined: Wed Oct 10, 2012 1:42 am
11
Where Are You Located?: Europe

Re: Another Intel Processor flaw

Unread post by tux »

Of course I have no proof that this specific flaw is a deliberate back door, but given that we know as a fact thanks to the Snowden documents that back doors have been placed deliberately into US IT products, it's reasonable to assume so, especially when it's a flaw that allows you to circumvent a security feature.
RM50 Manager - Yamaha RM50 patch editor
My Yamaha synths: RM50, TG77, TG500, CS6R (with PLG150-AN)
User avatar
Derek Wales
Global Moderator
Global Moderator
Posts: 6499
Joined: Fri Dec 07, 2007 12:00 am
16
Where Are You Located?: Wales, UK

Re: Another Intel Processor flaw

Unread post by Derek »

I guess just because you’re paranoid it doesn’t mean to say that they are not out to get you. ;)

I still don’t buy this as a deliberate back door, there are much easier ways to circumvent security and it usually revolves around people’s poor security habits (which I have been guilty of in the past as well). Humans are the weakest link in the security chain.
Regards
Derek Cook

http://www.carregddu.co.uk
http://www.echoes-music.co.uk
http://www.xfactory-librarians.co.uk
http://www.ex5tech.co.uk
User avatar
jima Cayman Islands
Global Moderator
Global Moderator
Posts: 518
Joined: Tue Oct 18, 2011 11:54 pm
12
Where Are You Located?: Sunny West Midlands, UK

Re: Another Intel Processor flaw

Unread post by jima »

Derek wrote: Wed Aug 22, 2018 6:27 pm Humans are the weakest link in the security chain.
Nah, you're quite wrong there, Derek. You just can't get a better password than Fr1ght3nedCh1cken666 which I use for all my computers and bank accounts :)

I think you were on the money in one of your earlier comments, DRM and IP theft protection is far more likely to be the driver (pun intended) behind what appears to be poor design.
Jim
Yamaha EX5, AN1X, TG500, MU100R, A3000, Moog Werkstatt, Korg Wavestation SR, Sigma, Legacy Digital, nanoKontrol v2, Nord Modular G2, G2 Engine, Focusrite PRO 40, MIDISPORT 8x8/s & Uno, Behringer DEQ2496, Arturia Keylab 49 MkII, BeatStep, V Collection, Pigments | Love keyboards but so little time :(
User avatar
Derek Wales
Global Moderator
Global Moderator
Posts: 6499
Joined: Fri Dec 07, 2007 12:00 am
16
Where Are You Located?: Wales, UK

Re: Another Intel Processor flaw

Unread post by Derek »

Right, I'm off to checkout Jima's accounts.

I'll next be posting from a beach in the Bahamas, loaded and surrounded by a host of beauties..... ;)
Regards
Derek Cook

http://www.carregddu.co.uk
http://www.echoes-music.co.uk
http://www.xfactory-librarians.co.uk
http://www.ex5tech.co.uk
User avatar
Miks Germany
Specialist Moderator
Specialist Moderator
Posts: 2530
Joined: Fri Oct 31, 2008 12:00 am
15
Where Are You Located?: Germany

VIP

Re: Another Intel Processor flaw

Unread post by Miks »

Derek wrote: Thu Aug 23, 2018 3:01 pmI'll next be posting from a beach in the Bahamas, loaded and surrounded by a host of beauties..... ;)
Woe betide ...! :wink:
My (key related) gear (in alphabetical order):
Ferrofish: B4000+
Kawai: K1 II
Korg: M1 (up'd to EX, w/ 'Cool Blue'), M1REX (w/ 'Cool Blue'), Poly-800
Roland: D-50, D-110, D-550, PG-1000
Yamaha: AW1600, DX7IID (w/ 'Cool Blue'), EX5R, RM50, RX5, SY99 (w/ 'Cool Blue'), TG500, TX-802, YMM2
Sector101: SYEMB05 (5x), SYEMB06 (3x), EXFLM2 (1kit), MCD Sweet16 (1x), DataBlade32 (1x), WaveBlade 8MB Card (1x) & 1x Programmer Unit for WaveBlade
User avatar
tux Kiribati
Senior Member
Senior Member
Posts: 1303
Joined: Wed Oct 10, 2012 1:42 am
11
Where Are You Located?: Europe

Re: Another Intel Processor flaw

Unread post by tux »

Derek wrote: Wed Aug 22, 2018 6:27 pmthere are much easier ways to circumvent security and it usually revolves around people’s poor security habits
Well in that case I guess you are calling Snowden a liar and all his papers fabrications... :roll:

Of course humans are the weakest link when you don't have knowledge of back doors, but you can hardly argue that back doors aren't even easier by far, especially when you have designed them and therefore know exactly how to make use of them.

By the way don't bother about clearing out Jimas accounts, how do you think I'm financing my idle beach life on Kiribati? :wink:

Here's a picture I took this morning:
Image
RM50 Manager - Yamaha RM50 patch editor
My Yamaha synths: RM50, TG77, TG500, CS6R (with PLG150-AN)
User avatar
Miks Germany
Specialist Moderator
Specialist Moderator
Posts: 2530
Joined: Fri Oct 31, 2008 12:00 am
15
Where Are You Located?: Germany

VIP

Re: Another Intel Processor flaw

Unread post by Miks »

Too much action... 8)
My (key related) gear (in alphabetical order):
Ferrofish: B4000+
Kawai: K1 II
Korg: M1 (up'd to EX, w/ 'Cool Blue'), M1REX (w/ 'Cool Blue'), Poly-800
Roland: D-50, D-110, D-550, PG-1000
Yamaha: AW1600, DX7IID (w/ 'Cool Blue'), EX5R, RM50, RX5, SY99 (w/ 'Cool Blue'), TG500, TX-802, YMM2
Sector101: SYEMB05 (5x), SYEMB06 (3x), EXFLM2 (1kit), MCD Sweet16 (1x), DataBlade32 (1x), WaveBlade 8MB Card (1x) & 1x Programmer Unit for WaveBlade
Post Reply