Weakness In Intel Chips Lets Researchers Steal Encrypted SSH Keystrokes

An anonymous reader quotes a report from Ars Technica: In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU's last-level cache, rather than following the standard (and significantly longer) path through the server's main memory. By avoiding system memory, Intel's DDIO -- short for Data-Direct I/O -- increased input/output bandwidth and reduced latency and power consumption.

Now, researchers are warning that, in certain scenarios, attackers can abuse DDIO to obtain keystrokes and possibly other types of sensitive data that flow through the memory of vulnerable servers. The most serious form of attack can take place in data centers and cloud environments that have both DDIO and remote direct memory access enabled to allow servers to exchange data. A server leased by a malicious hacker could abuse the vulnerability to attack other customers. To prove their point, the researchers devised an attack that allows a server to steal keystrokes typed into the protected SSH (or secure shell session) established between another server and an application server. "The researchers have named their attack NetCAT, short for Network Cache ATtack," the report adds. "Their research is prompting an advisory for Intel that effectively recommends turning off either DDIO or RDMA in untrusted networks."

"The researchers say future attacks may be able to steal other types of data, possibly even when RDMA isn't enabled. They are also advising hardware makers do a better job of securing microarchitectural enhancements before putting them into billions of real-world servers." The researchers published their paper about NetCAT on Tuesday.

Performance through shortcuts.

[Hylandr]

Is there any place Intel didn't cut corners to boost the speed of their garbage?

Re:Performance through shortcuts.

[DigitAl56K]

Really,

It seems like many of the performance boosts over the last decade are catching up to them now as security issues. AMD looks more and more attractive, not only for security but also for performance. If only Intel weren't slaughtering themselves...

Re:

[jwhyche]

I was waiting for something like this to pop up. Why is it every little flaw in Intel is brought up but nobody talks about the flaws that are currently plaguing AMD. Less than 6% of Ryzen 9 3990X are reaching boosted clock speeds.

https://www.emchat.net/emchat/... [emchat.net]

So why is AMD getting a free pass and Intel is constantly getting berated? Seems to be there is plenty of problems with both chips and they should be reported.

Re:Performance through shortcuts.

[jabuzz]

Oh I don't know maybe that AMD did are not cheating for performance by playing fast and loose with security. So you have AMD with chips not hitting their top boost speed, on the otherhand you have Intel chips that are a never ending security nightmare. I know which one I think is preferable and it's not the Intel problem.

Re:

[iggymanz]

you seem to be ignoring the various security flaws in AMD chips. yes, they have quite a few too

Re:

[iggymanz]

major and minor and how many don't matter.

What matters is real world exploits. Which security flaw will be exploited to break into systems or to destroy them? We may find out soon.

It could be a flaw common to both AMD or Intel, or something unique to one.

Definitely don't want chip with that flaw.

Re:

[jwhyche]

Well AMD is cheating. They lied about the top boost seed of the 3700X and the 3900X. If you have been building with AMD as long as I have, almost 2 decades, you know this isn't the first time that AMD has over spec'ed their parts. This is just as important of an issue as Intel's security problems.

Re:

[BroccoliKing]

Well AMD is cheating. They lied about the top boost seed of the 3700X and the 3900X. If you have been building with AMD as long as I have, almost 2 decades, you know this isn't the first time that AMD has over spec'ed their parts. This is just as important of an issue as Intel's security problems.

Already been fixed in firmware. https://www.extremetech.com/co... [extremetech.com]

Re:

[jwhyche]

Not completely. The firmware that just came out fixed some of the issues. Mostly on the 3700X but not all the 3900X are completely up to snuff yet. An if I read the article right, which I'm sure I did, these "fixes" do so at the expense of chip longevity. The alter some of the spects on the chip with regards to temperature. The fixed chips will run hotter and closer to TDP.

So there is a fix out. The fact still stands that AMD knowingly sold chips that they knew would not reach rated clock speed. T

Re:

[Aighearach]

Already been fixed in firmware

The fixed chips will run hotter and closer to TDP.

You don't seem to even realize that you're agreeing they "fixed" it.

Are you even aware that you're unsure if the minor discrepancy is a problem, or a wise improvement to the trade-off between heat and longevity?

"But whatabutt the Alamo?!"

Re:

[garyisabusyguy]

you name is now in the wiki article for whataboutism

it was hard to find a clear example that was not political, congratulations

Re:

[RightSaidFred99]

I'll put this is lame twitter meme format so you can understand..

Dude: OMG Intel sucks you should buy AMD.

Other Dude: But AMD also has plenty of flaws.

You: Wow, way to whattabout dude!

Or more concisely, pointing out AMDs flaws when someone specifically claimed AMD was a much better choice due to this finding is not whattaboutism. Nice try, though.

Re:

[DigitAl56K]

Oh come now. I can barely go a month or two without someone releasing a new security attack reliant on optimizations Intel has made. Some of which force major kernel changes to mitigate, if they can be fully mitigated.

You're comparing that to a CPU missing some peak performance numbers?

Re:

[jwhyche]

Not just reaching performance numbers. Only 6% of the chips AMD sold reached the stated boosted clock speed. That is a big deal. Now if only 6% didn't reach stated boost speed it wouldn't be a big deal. But most of the 3900X did not reach the speed that AMD stated they would.

The real issue here is AMD, again knowingly, sold chips they KNEW wouldn't reach the speed they advertised them at. An AMD has a history of doing this. Anyone who bought a FX chip knows this. I bought two of them. That is the

Re:Performance through shortcuts.

[bob4u2c]

Anyone who bought a FX chip knows this. I bought two of them. That is the real issue.

Wait, I'm confused. Anyone who bought the chip knows this, then why did you buy two of them? Pretty sure after the first one I would have returned it as a faulty product and not ordered a second.

The real issue is that you wanted the stated boosted clock speed. When you got the product and tested it and it didn't live up to what you expected instead of returning it or getting some kind of refund you wanted them to modify it to reach that speed. But wait, they did release a fix that does that, however it causes the chip to get hotter and eventually dies a short death. So what is it you want? Your money back, or a fix that degrades the life of the chip, or a magical chip that hasn't been released yet?

Just so I'm straight about all this, your talking about the Ryzen 9 3900X chip that was suppose to reach 4.6Ghz, but for all but a handful of users it only reaches about 4.5Ghz? Really, running about 3% slower makes you this mad?

Re:

[ArchieBunker]

Lol, that's what he's bitching about?

Re:

[Rockoon]

He isnt "bitching about it" .. what he is doing is "desperately trying to distract from the never ending avalanche of security flaws in intel hardware"

Re:

[zidium]

Paid operative confirmed.

Re:

[Rockoon]

Yes, jwhyche obviously works for Intel.

Re:

[Hylandr]

You're feeding the Intel PR control or a Fanboy. Logic has no power here.

Re:

[AmiMoJo]

While I agree with everything you say, I do want to add that returning the chip isn't all that easy when building your own computer.

You didn't just buy the CPU, you bought a motherboard and RAM to go with it, maybe more. So if you want to switch to Intel you have to return all those too.

In Europe you can return them if you bought them online and noticed the problem within a couple of weeks of receipt, and can send them back in good condition, paying shipping yourself. In other places you may be SOL.

Re:

[zidium]

What I discovered traveling a bunch internationally is that outside of the US, Canada, Western Europe and some parts of Central Europe, returning even the same day and you're SOL. (I've never been to Australia/NZ).

Re:

[bob4u2c]

That only makes it worse, both situations show lack of thought.

1. If he bought both chips at the same time without doing a bit of research into them (hint I found the article about the flaw from the fourth link on a google search for "3900x issue"), then it shows he really didn't look into them other than "ooh new shiny toy!"

2. Or he bought one, it was bad, returned it and got a second one that was bad. After the first one was flawed I would definitely had done a google search, found the article and sa

Re:

[jezwel]

The real issue here is ...

that Intel yet again have a security issue found in their CPUs. AMD not meeting their advertised boost speed is a strawman - take it to it's own discussion (I do agree it is a major issue, that's consumer fraud where I live.

Now, if AMD implemented this functionality in their CPUs I'd be interested, and also whether their implementation is/is not vulnerable.

Re:

[AmiMoJo]

Reading up on the issue it sounds more like they just made a genuine screw-up with the clocking parameters of the chip compared to production yields and needed to issue a patch after release. Not uncommon for new products of this nature.

Warranty is unaffected, the small increase in heat generation is unlikely to have any significant affect on the chip, and now it performs as advertised.

Re:

[Khyber]

"Anyone who bought a FX chip knows this"

Every FX chip I have reaches max freq. Every Ryzen generation I've used has reached maximum clock speed when you disable power optimizations.

Your fucking 'test' above is bunk and suspect because the variables are too numerous. Motherboard, RAM type, RAM speed, etc. And Cinebench is a shit benchmark tester for hardware anyways. You do direct low-level testing, ALWAYS. Funky software that introduces a shit-ton of its own overhead is fucking USELESS.

Re:

[sexconker]

My 3900X boosts to 3650 MHz peak very briefly.

I don't care either way, because the performance is what matters. And AMD is shitting all over Intel for everything besides pure high FPS 1080p and under gaming with nothing in the background.

Re:

[ThurstonMoore]

I think the majority are reaching the levels they are supposed to but the hardware monitoring softwares that people are using aren't reading the values frequently enough to see the peaks.

Re:

[ArchieBunker]

You keep spouting this over and over again. Any data to back up your claims?

Re:

[ThurstonMoore]

My understanding is that a lot of the issue is with the software trying to measure the speed.

Re:

[RightSaidFred99]

So silly that you imagine AMD chips do not have numerous security flaws. I bet 5 years ago before Android started getting hardened you were just _sure_ Android was more secure than "windoze" as I'm sure you call it.

Re:

[jwhyche]

I think it's safe to say the AMD fan boys have circled the wagons, climbing in their safe spaces, and putting their fingers in their ears. All rational discussions at this point are lost.

So we are going to sum this up and call it a day.

AMD lied, again, about their performance of their chips. That is the main issue. Yes, this is a big deal. No, you saying it isn't doesn't change that.

Re:

[gweihir]

  Yes, this is a big deal. No, you saying it isn't doesn't change that.

It is not. It is massively less critical than the Intel issues. At best, the current (and in the process of being fixed) AMD issues are a minor annoyance, while the Intel issues are basically a catastrophe.

Re:

[jwhyche]

I really hate it when I have to correct someone and finalize it with a hammer. Defeats the purpose of trying to have a debate. But then again some people are so thick that a hammer is what it takes. So here it is.

It is not.

Yes, it is a big deal. End of discussion.

Re:

[gweihir]

I really hate it when I have to correct someone and finalize it with a hammer. Defeats the purpose of trying to have a debate. But then again some people are so thick that a hammer is what it takes. So here it is.

It is not.

Yes, it is a big deal. End of discussion.

Nope. Neither a big deal nor end of discussion. You are wrong. But I should add that you are an arrogant idiot that cannot estimate severity of issues.

Re:

[jwhyche]

You shouldn't be calling anyone a idiot when you seem to be to god damn stupid to understand the basic fucking issue. It is not about a fucking minor cpu clocking issues. It about the fact that AMD fucking lied about the performance on their god damn processors. The have done it fucking twice. Not once, but twice.

God damn, I hate having to explain things to stupid people over and over.

Re:

[zidium]

jwhyche, You're the fucking idiot.

I never ever overclock my CPUs. Especially not server ones.

I don't give a FUCK in a server environment whether AMD was mistaken about a hypothetical max overclocking speed.

It's such a strawman argument and you know it!! And your "hammer" is puny as fuck.

Re:

[Khyber]

"You shouldn't be calling anyone a idiot when you seem to be to god damn stupid to understand the basic fucking issue"

The basic fucking issue is that *PERFORMANCE ISSUE* != SECURITY ISSUES. AMD' Issues != intels Issues. You disingenuous shill.

And then your cited test is wholly suspect with a shit sample size, notwithstanding the lack of control for numerous variables.

Get the fuck outta here with your scientific method failures. Come back when you have REAL hard fucking evidence so we can get a true heat map

Re:

[gweihir]

God damn, I hate having to explain things to stupid people over and over.

This is easily explained because the actual stupid person here is you. Because of extreme arrogance, grossly inflated self-image and high aggressiveness you just perceive people with an actual clue as stupid and never notice that said clue is lacking on your side.

I am not "calling" you an idiot. It is the result of an analysis of what you are posting here. And you are just delivering more and more evidence that this analysis is correct.

Re:

[gweihir]

So why is AMD getting a free pass and Intel is constantly getting berated?

Because AMD has some minor issues with a new CPU they are in the process of correcting (which Intel also did several times), but Intel gets caught playing fast and lose with system security time and again.

Re:

[Khyber]

That entire 'test' in that shitty blogspam post on a craptocurrency site has so many fucking flaws that it simply doesn't hold water. Try that test again with every system being the EXACT SAME and get back to me afterwards.

Cinebench isn't a worthwhile fucking benchmark with every system differing in RAM/GPU/other components.

Re:

[RightSaidFred99]

Does it [cnet.com], now. Does it really?

Re:

[BroccoliKing]

Does it [cnet.com], now. Does it really?

https://hexus.net/tech/news/cp... [hexus.net] Patches sent out in May of 2018.

Re:Performance through shortcuts.

[BroccoliKing]

Chill out and stop having a temper tantrum. It's an article link, not a dick, you don't have to take it so hard.

Re:

[iggymanz]

would be fine for applications such as compute nodes in some high performance cluster with a lot of interconnect I/O... for finances and confidential business apps.... not good

Re:

[AHuxley]

Games need that speed.
To keep up with the GPU and 4K.
What was the other option?
To design and test a CPU?
Make it faster was what the user wanted.
Fun for a nations security services. The user decrypts on their own computer for them.
All they have to do is collect and read along :)

Re:

[gweihir]

Intel had to get their performance advantage from somewhere. It is no accident that Meltdown is not possible on AMD CPUs and Spectre is massively more complicated (enough that it may be impractical) on AMD. I expect we will hear about even more screw-ups with regards to security from Intel.

Re:

[Rockoon]

What we wont hear about, is the people complaining about AMD chips not quite reaching their advertised boost speed, also complaining about the very severe performance impacts associated with "patching" intels security flaws.

Re:

[gweihir]

Indeed. Intel fanbois with no rationality. Classical dangerous morons that will always cheer for the ones where they see more power and ignore any and all misdeeds on their side.

Incidentally, my 3600X is running at 3% clock (probably 1.5% overall performance) below advertised maximum boost, but with 2 cores at 100%. Looks like an excellent deal to me.

Re:

[Rockoon]

My understanding is that the cooling is everything when it comes to achieving boost clocks, so even a bad choice of case or bad case fan setup can have an impact.

Intel slowsdown even more. need more amd!

[Joe_Dragon]

Intel slowsdown even more. need more amd!

Newegg and amazon need to start stocking more amd server hardware now!

thats it, game over for PCs

[FudRucker]

everybody abandon your computers, shutdown the network, the routers, unplug all the ethernet cables & wifi routers, we all have to go back to math and code on paper and store them those many rows of those tall metal filing cabinets

Perfect Timing

[thegreatbob]

This is just a somewhat fancy timing attack, so my erratic typing rates should render this ineffective.

Intel management seems insufficient.

[Futurepower(R)]

The Intel CEO, Robert Swan [intel.com], apparently has little or no technical knowledge. Quoting: "Swan, 58, who has been serving as Intel’s interim CEO for seven months and as chief financial officer since 2016, is the seventh CEO in Intel’s 50-year history."

To me, it's understandable that Intel management seems insufficient. The CEO doesn't need to understand the business of the company???

I posted a comment 12 1/2 years ago about Intel CEO Otellini. [slashdot.org]

Re:

[RightSaidFred99]

Yes, Bob Swan who was named CEO in early 2019 is responsible for a flaw in a product what was probably developed 2 years ago. Sounds like legit, in-the-know-criticism to me!

Intel: Long history of unacceptable leadership

[Futurepower(R)]

You have not considered the point I made. Intel has a long history of unacceptable leadership, it appears to me. Read my entire comment, and the comment to which I linked.

Putting a financial manager in charge as CEO is just one of Intel's most recent mistakes. The kind of thinking behind that is the kind of insufficient thinking that has caused many of Intel's problems, it appears to me.

Re:

[iggymanz]

no the CEO doesn't need to know tech and can be business person, concerned mainly with marketing, sales, supply chain and PR.

Look at all the vice presidents Intel has with various tech responsiblities.

Managers must understand what they manage.

[Futurepower(R)]

"... the CEO doesn't need to know tech..."

The CEO can be ignorant about the main business of the company?

Re:

[iggymanz]

You seem to be confused what the main business of Intel is. Their main business is to make money. A CEO has to have that as his main purpose. Intel makes money. Making money involves a whole bunch of things other than making chips which are a fraction of the story.

A CEO does NOT have to be a tech wizard nor engineer. He has executives under him that handle that.

CEO must find technically-knowledgeable executives

[Futurepower(R)]

Quote from the above parent comment:

"A CEO does NOT have to be a tech wizard nor engineer. He has executives under him that handle that."

How does the CEO know how to choose technically-knowledgeable executives, if he has no technical knowledge?

Last Intel CPU not screwed up?

[Required Snark]

What is the last Intel Xeon CPU model that is not Broken Out Of Box (BOOB)?

If you are not so concerned with current specs it might be useful to get a pre-2011 Xeon and mobo and have a secure system. It would be somewhat slower and use more power but it could be really cheap and cost effective.

Pay less, have more security. Truly a once in a lifetime opportunity.

Re:

[iggymanz]

Sad news for you, the vulnerabilities go back to 1990s. A 1995 IEEE paper on it was called "The Intel 80x86 Processor Architecture: Pitfalls for Secure Systems" which you can find online.

So lotsa luck getting something not "broken out of the box" as far as x86 instruction set.

Security services

[AHuxley]

Its just like ENIGMA.
Get to read it all for free.
The user still thinks they are doing crypto.
NSA inside.

The bar for 'weakness' is low...

[Junta]

The only data they are getting is how frequently *some* packet is coming over the network. This requires an otherwise quiescent system to even get the timing of the keystrokes (it has no way to distinguish cache drops induced by the target activity or other activity occurring on the system..

The demo is a neat bit of work, but it probably took a lot of training for a particular person's 'fist' on seemingly very stilted typing to extrapolate a pattern of delays to likely matches from some dictionary (on top

Remote DMA?

[Dwedit]

If you have Remote DMA, you have the system already. No difference at that point.

Re:

[_merlin]

Not really - RDMA only allows read/write to specific regions marked as message buffers. A proper RDMA implementation won't allow access to arbitrary memory locations.

BAH Humbug!!

[gx5000]

I for one am sick of all these scare pieces about impractical attack vectors.
For all these weaknesses to be available you'd already have other means to attack a system.
Enough is enough, keep it to the weekly TechNotes, this isn't the Guardian FFS.

Düler Vadisi Riva Beykoz’da yüksel

[EmlakbultenCom]

stanbul iline bal olan Beykoz ilçesinde Düler Vadisi Riva stanbul projesi hayata geçiriliyor. Bahsi geçen proje Ylmaz naat firmasnn imzas ile yaama kazandrlyor. https://www.tasinmazhaber.com/... [tasinmazhaber.com]