I was planning on getting a Synology
NASshould I be concerned about security? I
assumed that they would have this problem locked
down on their new hardware...but I am not sure.
At 07:01 PM 7/6/2018, you wrote:
Thus far, AMD's story has been more compelling
than Intel's. AMD is immune
The CTS Labs vulnerabilities were poorly disclosed and over-hyped, but there
*were* legitimate issues. Reasonable people can disagree about the criticality,
but they were not fake.
Plus, ASSmedia sucks, and it would not unreasonable to question AMD's decision
making if they were to use them to
*puzzled expression*
Are you referring to the CTS Labs hatchet job? Or has there actually been a
legit security issue with the chipsets?
-JB
From: Brian Weeden
Sent: 07 July 2018 02:04
To: hardware
Subject: Re: [H] Should I rebuild my machine now or wait until the next gen
ofCPUs?
Agree with
Agree with all of that, although as I mentioned earlier AMD's utter
failure in screening their motherboard chipset vendor also gives me pause.
Hard to tell if that's a one-off mistake, or a sign that they don't really
care that much about security.
-
Brian
On Fri, Jul 6, 2018 at 9:01
Thus far, AMD's story has been more compelling than Intel's. AMD is immune to
meltdown, and is broadly speaking less vulnerable to the Sceptre variants.
However, it would be naïve to believe that AMD is in the clear, as additional
vulnerabilities are slowly coming out in this new and novel
For meltdown, my feeling is that the risk is real. Code running in
unprivileged user space can pull memory contents from anything, including
the kernel. That's bad. It's not unauthenticated RCE bad, but it could make
other RCE vulnerabilities worse.
Spectre is a bit tougher. The CVSS (v3) is
I use a Ubiquiti Airmax Pro for wifi. I have devices that refuse to
connect to it. Newer AC devices connect and operate great but older N devices
either don't even see it or connect to it poorly. I have updated
drivers fully patched OS confirmed and re configured network settings
countless
I can see getting a new laptop from Dell or the like, but a home made
workstation? I wouldn't do it unless I was forced to. I would wait
until all this is resolved.
At 02:42 PM 7/6/2018, you wrote:
Winter, that is exactly the situation I'm in and the question I'm asking. I
have not
Winter, that is exactly the situation I'm in and the question I'm asking. I
have not applied any patches to my system because a) they're only partially
effective and b) they have a performance hit.
So I'm trying to see if it makes sense to upgrade to a new machine now, or
whether I should stick
This has been an interesting thread. So Greg the Ivy Bridge patch
that you posted will be delivered by Windows 10 ...eventually...
maybe? I am still running a P9X79 WS with my six core Ivy Bridge with
Win10. InSpectre tells me Spectre is not protected and performance is
slower. Just how much
The chipset vulnerabilities were ugly, yes, but for their part AMD did ensure
they were resolved quickly despite the research firm not following industry
best-practices regarding vulnerability disclosure. My bigger beef is that AMD
would use ASSmedia (not a typo) at all, given their fairly
Thanks, Greg. That pretty much aligns with my thought process on this, so
I guess it's good at least one other person is coming to the same
conclusions I am :)
Didn't know about the Ivy Bridge patches - will look into that more. But
one of the reasons I haven't patched at all is that all the
Actually, your Ivy Bridge CPU had new microcode revision with additional
Spectre defenses released just this past Monday. While it's a long-shot for
your motherboard manufacturer to release a new FW update, it *is* likely to
appear in an OS patch. CPU microcode can and is loaded via multiple
13 matches
Mail list logo