News Xeon and Other Intel CPUs Hit by NetCAT Security Vulnerability

PC Tailor

Dignified
Herald
Thank heavens, AMD CPUs are safe for now.
You say that, they also have security flaws.

However I always take this with a bit of a pinch of salt, as ultimately, these flaws are being discovered by people being paid to find these flaws, and Intel still currently hold the mass market share, especially in commercial / business industry. So ultimately, its where you'd direct all of the funding and research of cyber security.

You'd also be directing a lot of that work into the working industry, which are still predominantly Intel.

I believe AMD will also have it's series of flaws, just there is less focus to find them. Not to say there is no focus, but less.
 
Reactions: Metal Messiah.

jimmysmitty

Polypheme
Moderator
You say that, they also have security flaws.

However I always take this with a bit of a pinch of salt, as ultimately, these flaws are being discovered by people being paid to find these flaws, and Intel still currently hold the mass market share, especially in commercial / business industry. So ultimately, its where you'd direct all of the funding and research of cyber security.

You'd also be directing a lot of that work into the working industry, which are still predominantly Intel.

I believe AMD will also have it's series of flaws, just there is less focus to find them. Not to say there is no focus, but less.
Agreed. Flaws are more often found in major market holders as they will target them first. It is like when they said "CMacs don't get viruses" yet there have been a few, especially in recent times. It just takes time for these to be found.

That said my favorite part is this:

limit direct access from untrusted networks
ANY IT admin would have a network designed to already do this. This is an issue that will only be seen by people who do not secure their networks properly.
 
Reactions: PC Tailor

PC Tailor

Dignified
Herald
"CMacs don't get viruses" yet there have been a few, especially in recent times. It just takes time for these to be found.
What do you mean?! Macs DON'T get Viruses ! ;)

No, because If I was a hacker trying to steal information, I'd definitely NOT go for the OS that holds around 80% of the market share :LOL:

Most of those security problems won't be aimed at the general home user anyway, if an advanced enough programmer wanted to do the research and exploit these, they wouldn't be desperate to get into Steve's from Liverpool home computer so they can look at his Ibiza photos.
 

setx

Reputable
Dec 10, 2014
22
11
4,515
0
Do you really think that there is the same difference in interest in finding bugs in Intel to AMD CPUs as the difference in bugs found? I'm sure Intel wouldn't mind paying for flaws found in AMD and maybe even more than in Intel (no matter officially or not).

Also, why just talk about AMD? Is there less interest in finding bugs in ARM? Do they have less market share or their market segments are less interesting? No they aren't.

The truth is Intel on deserved 1'st place of all major CPU vendors.
 

TJ Hooker

Illustrious
Herald
Do you really think that there is the same difference in interest in finding bugs in Intel to AMD CPUs as the difference in bugs found? I'm sure Intel wouldn't mind paying for flaws found in AMD and maybe even more than in Intel (no matter officially or not).

Also, why just talk about AMD? Is there less interest in finding bugs in ARM? Do they have less market share or their market segments are less interesting? No they aren't.
Look at where ARM CPUs are used compared to x86 CPUs are used. What do you think is a more appealing target, cell phones or data centers? And Intel still has the vast majority of data centre market share.

Edit: Well this is embarrassing, as pointed out below I forgot about the huge embedded market for ARM.
 
Last edited:
Reactions: PC Tailor

setx

Reputable
Dec 10, 2014
22
11
4,515
0
Look at where ARM CPUs are used compared to x86 CPUs are used. What do you think is a more appealing target, cell phones or data centers? And Intel still has the vast majority of data centre market share.
I think that all those embedded devices are way, way more appealing target than data centers. Because data centers will just roll out update next week and security hole is mitigated while majority of embedded devices won't have any updates until they are decommissioned several years later.
 

TJ Hooker

Illustrious
Herald
I think that all those embedded devices are way, way more appealing target than data centers. Because data centers will just roll out update next week and security hole is mitigated while majority of embedded devices won't have any updates until they are decommissioned several years later.
All or most of these side channel attacks seem to require you to already have malicious software running on the machine. For an embedded device that seems like it would be difficult (and if they succeed it's probably already game over at that point), but for cloud computing data centres a would-be hacker can simply rent a VM.

Edit: But yeah, I did somehow manage to forget about embedded systems when I thought about where ARM is used, derp...
 
Last edited:
Reactions: Keviny Oliveira

joeblowsmynose

Distinguished
Jun 14, 2011
203
72
18,760
0
You say that, they also have security flaws.

However I always take this with a bit of a pinch of salt, as ultimately, these flaws are being discovered by people being paid to find these flaws, and Intel still currently hold the mass market share, especially in commercial / business industry. So ultimately, its where you'd direct all of the funding and research of cyber security.

You'd also be directing a lot of that work into the working industry, which are still predominantly Intel.

I believe AMD will also have it's series of flaws, just there is less focus to find them. Not to say there is no focus, but less.


But at the same time, its not like nobody has been trying to target AMD specifically to find flaws in their architecture -- do you not recall the shortsellers, "Viceroy" and their AMD scandal with that Israeli "IT" company? Millions and millions of dollars were on the line there, and I'm pretty sure with that potential purse, they didn't do a half-assed job in trying to find vulnerabilities. (the issue for them was that the risk of the vulnerability was relatively low and proper mitigations were very easily and quickly applied - well that and everyone started to see the scam for what it was).

You are right in sentiment, but I don't think the disparity is too terribly major. I am fairly confident that the people finding these flaws are testing for them on both AMD and Intel -- Intel certainly would have interest/benefit and resources to make it so.

That said, I also believe that AMD is pretty quiet on Intel vulnerabilities, because if they start marketing for that, it could easily turn around and bite them at some point in the future.
 
Last edited:
Reactions: bit_user
Sep 12, 2019
2
1
15
0
No, because If I was a hacker trying to steal information, I'd definitely NOT go for the OS that holds around 80% of the market share :LOL:
In fact, no, Windows has more vulnerabilities because it is important to the anti-virus market, one example is Android, you will only get a virus (although Google services works like Spyware) if you download something outside your store (I mean virus appears in the Play Store, as it already had in the Ubuntu Snap Store there will always be vulnerability and someone wanting to exploit it after all is part of life with the technology level today).
 

PC Tailor

Dignified
Herald
In fact, no, Windows has more vulnerabilities because it is important to the anti-virus market, one example is Android, you will only get a virus (although Google services works like Spyware) if you download something outside your store (I mean virus appears in the Play Store, as it already had in the Ubuntu Snap Store there will always be vulnerability and someone wanting to exploit it after all is part of life with the technology level today).
I wasn't referring to vulnerabilities, it's logical that if you are attempting to infiltrate a market, you will naturally aim for the one that holds a huge market share, where the most common people are using it, easy information, plenty of stupid people using the software without adequate protection, easy picking :)
 

bit_user

Splendid
Herald
Most of those security problems won't be aimed at the general home user anyway, if an advanced enough programmer wanted to do the research and exploit these, they wouldn't be desperate to get into Steve's from Liverpool home computer so they can look at his Ibiza photos.
What about installing a keylogger, so you can steal his online banking password and empty out his bank account? Or get enough info to steal his identity and take out a big loan in his name? Or encrypt his hard drive and charge him $1k to unlock it? After succeeding at one of those, a few times, poorly-secured home users start to become much more attractive targets.

While you're not as big a target as a multinational corporation, the average home user also isn't nearly as well secured. Don't be complacent.
 

bit_user

Splendid
Herald
I am fairly confident that the people finding these flaws are testing for them on both AMD and Intel -- Intel certainly would have interest/benefit and resources to make it so.

That said, I also believe that AMD is pretty quiet on Intel vulnerabilities, because if they start marketing for that, it could easily turn around and bite them at some point in the future.
When you are one step ahead of the crowd, they see you as a genius. Two steps ahead and you are deemed a crackpot.
You, sir, are a crackpot.
 

ASK THE COMMUNITY

TRENDING THREADS