“Meltdown” and “Spectre”: Every modern processor has unfixable security flaws

Spectre

Windows, Linux, and macOS have all received security patches that significantly alter how the operating systems handle virtual memory in order to protect against a hitherto undisclosed flaw. This is more than a little notable; it’s be…

Windows, Linux, and macOS have all received security patches that significantly alter how the operating systems handle virtual memory in order to protect against a hitherto undisclosed flaw. This is more than a little notable; it's been clear that Microsoft and the Linux kernel developers have been informed of some non-public security issue and have been rushing to fix it. But nobody knew quite what the problem was, leading to lots of speculation and experimentation based on pre-releases of the patches.

Now we know what the flaw is. And it's not great news, because there are in fact two related families of flaws with similar impact, and only one of them has any easy fix.

The flaws have been named Meltdown and Spectre. Meltdown was independently discovered by three groups—researchers from the Technical University of Graz in Austria, German security firm Cerberus Security, and Google's Project Zero. Spectre was discovered independently by Project Zero and independent researcher Paul Kocher.

Read 14 remaining paragraphs | Comments

Ryzen Pro: AMD takes on Intel on the corporate desktop, with one key omission

AMD

AMD today launched Ryzen Pro (styled “PRO” in AMD’s branding, but we’re not going to do that here), a series of processors designed for the corporate desktop. C…

AMD

AMD today launched Ryzen Pro (styled "PRO" in AMD's branding, but we're not going to do that here), a series of processors designed for the corporate desktop. Close counterparts to the existing line of consumer-oriented Ryzen chips, the Pro parts are aimed at Intel's vPro-compatible processors, which enable a number of additional administrative, security, and management capabilities.

Most of the regular Ryzen models have corresponding Pro versions, albeit topping out at a 1700X rather than the 1800 and 1800X of the consumer parts. This means that at the high end, there's a couple of eight core, 16 thread parts, which is twice the number of cores and threads of comparable Intel chips.

Read 5 remaining paragraphs | Comments

Ryzen Pro: AMD takes on Intel on the corporate desktop, with one key omission

AMD

AMD today launched Ryzen Pro (styled “PRO” in AMD’s branding, but we’re not going to do that here), a series of processors designed for the corporate desktop. C…

AMD

AMD today launched Ryzen Pro (styled "PRO" in AMD's branding, but we're not going to do that here), a series of processors designed for the corporate desktop. Close counterparts to the existing line of consumer-oriented Ryzen chips, the Pro parts are aimed at Intel's vPro-compatible processors, which enable a number of additional administrative, security, and management capabilities.

Most of the regular Ryzen models have corresponding Pro versions, albeit topping out at a 1700X rather than the 1800 and 1800X of the consumer parts. This means that at the high end, there's a couple of eight core, 16 thread parts, which is twice the number of cores and threads of comparable Intel chips.

Read 5 remaining paragraphs | Comments

Password crackers go green by immersing their GPUs in mineral oil

Dunking a powered-on PC in cooling liquid may seem crazy, but not for KoreLogic.

From a YouTube video showing KoreLogic's GPU-powered password cracker being dropped into a tank of mineral oil.

Going where few password crackers have gone before, a team of security consultants has deployed a cracking-optimized computer that's completely submerged in mineral oil. Members say the setup offers significant cost savings compared with the same machine that uses air to stay cool.

The rig contains two AMD Radeon 6990 graphics cards, long considered a workhorse for password crackers. While the parallel processing in just one of these $800 cards can make as many as 9 billion password guesses each second (see PC3 in the graph at the bottom of this page), the performance comes at a price. GPUs run extremely hot, particularly when combined with other graphics cards, which drives up the cost of keeping them cool enough to run without burning out. The dedicated fans normally used to keep them cool also generate plenty of noise.

Employees of security consultancy KoreLogic recently deployed the password cracker at Midas Green Tech, an Austin, Texas-based data center that specializes in so-called immersion-cooled server hosting. Unlike the other air-cooled systems KoreLogic uses to test the strength of clients' password policies, the cost of hosting it is less than $60 per month, compared to about $100 for an air-cooled system, said Rick Redman, one of the KoreLogic penetration testers who deployed the new machine.

Read 17 remaining paragraphs | Comments