I strongly belives that this news should have been exposed more. Not only it could potentially affect PC performance but it could also exposing crucial data, such as passwords and encryption keys.
BLOOMBERG
BLOOMBERG
-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
Intel chip Vulnerable to exposing crucial data (passwords and encryption keys)
- Thread starter Nightwing
- Start date
We've had a ton of threads about Meltdown and Spectre in the last few days, here's the main one in Etcetera.
OP
OP
I read those threads but I didn't realize or understand how fuck up these vulnerability. This article helps.
I also made one for specifically discussing the vulnerabilities with game consoles: https://www.resetera.com/threads/game-consoles-likely-vulnerable-to-meltdown-and-spectre.14204/
short answer: none of the major three console makers except for a tweet from the Xbox gaming chief has even made a statement about it yet. but you can assume that all consoles are vulnerable, especially the web browser.
short answer: none of the major three console makers except for a tweet from the Xbox gaming chief has even made a statement about it yet. but you can assume that all consoles are vulnerable, especially the web browser.
Very interesting article, and a huge mess up for security... I think not only about all our personal data that are now possibly exposed, but also industry machines that are connected to the internet.... :\
This is super bad, I hope a real solution is found soon enough to really patch everything before they release new, hopefully, secure hardware in the future
This is super bad, I hope a real solution is found soon enough to really patch everything before they release new, hopefully, secure hardware in the future
I'm on Windows 8.1 and I still haven't received any patch yet....
And with thread title called meltdown and spectre....didn't click any of those thread
Tldr; I have no idea about this security flaw
No. They (well I don't know about Switch) have layers upon layers of security that prevents that. Even if the browser itself is vulnerable, it's impossible to gain access to the critical data because of the Hypervisor.
Well I'm not a security expert, but these vulnerabilities can grab data straight out of protected memory. It skirts past virtual machines like VMWare. I would be very surprised if these consoles were airtight.
Switch should be pretty airtight, since it has no user-controllable browser, which means that the only feasible way to run code that uses these vulnerabilities is by throwing a binary through Nintendo and into the eShop. Even in that case the CPU will probably be only running that game and nothing else except the OS, and even in those circumstances it's going to be close to impossible to get any sensitive info out of the CPU.
I guess you could do a DNS attack and swap the Facebook/Twitter sharing pages with something else, but then it would be way more efficient to just use phishing to get the user's password in a more direct manner.
Puyo Puyo Tetris's in game manual accidentally contains an external link you can access the native browser with. It's an extremely outdated version of WebKit that has already been used to run code on the system. There was a presentation about it very recently.
Forgetting about SSL here.
Wow, there's nothing like, I don't know, an URL whitelist? Still, extremely limited application for exploiting Meltdown/Spectre to attack random users.
Oh yeah, duh, that's going to happen over https and if they can somehow break that or add trusted root certs then Meltdown/Spectre is the least of our problems. Brain fart.
https://www.youtube.com/watch?v=gzngEqL6vnI
A prominent hacking group has been teasing the Switch being hacked.
The initial thread and news were always emphasis on the drop of performance. I didn't realize there were this huge vulnerabilities in securities. Not to mention that the thread were moved to Etcetera with names like Spectre and Meltdown.
So good job on Intel PR department?
So good job on Intel PR department?
Well, yes, and it's a good thread, but it was moved from gaming - and I didn't really understand why, as this definitely affects gaming, and we don't even know how far this'll go, not only are lower powered, older PC's affected most it seems, what about gaming consoles?
At least the browsers of current gen consoles should be exploitable right now.
I agree with the OP, this needs more exposure, hopefully with little to no fearmongering or downplaying of the issues. I don't even understand half of this and the implications.
I guess foremost I have to wait and hope my laptop manufacturer (Lenovo) puts up updates for my laptop that fix most of this mess without fucking the performance up too much ...
OP
OP