Are Twitter Employees Viewing Dick Picks and Naked Shots of Minor Users?

Twitter Engineer: “I’ve seen dozens of dick pics.”

Project Veritas set Twitter ablaze last week with back to back bombshell undercover videos exposing the social media giant for their ‘big brother’ practices and censorship of Trump supporters. 

New undercover footage reveals Twitter pays hundreds of employees to view everything you post in private messages including “sex messages” and nude photos.

 

On Friday, James O’Keefe put Twitter CEO Jack Dorsey on notice.

“Monday morning we are releasing more shocking undercover video from Twitter engineers exposing how they take your private information, share it, exploit it and abuse it,” O’Keefe said.

Via Project Veritas: New undercover video  footage of Twitter Engineers and employees admitting that Twitter employees view”everything you post” on their servers, including private “sex messages,” and “d*ck pics.” The engineers also admit that Twitter analyzes this information to create a “virtual profile” of you which they sell to advertisers.

VIDEO:

For the record– Twitter has a minimum age requirement of 13.

 

Our Services are not directed to persons under 13. If you become aware that your child has provided us with personal information without your consent, please contact us at privacy@twitter.com. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we take steps to remove such information and terminate the child’s account.

Twitter reportedly has 330 million monthly users.

Are Twitter technicians viewing pornographic messages of minors too?

Where do they store nude photos of underage teenagers? Can any pedophile and pervert at Twitter view these underage nude photos?

 

Yet Another Security Issue with Intel-Based Computers.

Misleading behavior within Intel’s technology allows any attacker to compromise and take control of Intel based computers.

Imagine someone having the capability to remotely access and operate your laptop at their whim, without you being able to do anything about it. Pretty scary thought, right? Luckily this couldn’t really happen – magic hacker tricks capable of bypassing strong passwords, firewalls and anti-malware software only exist in the movies.

It’s just that sometimes reality kicks fiction right in the teeth. In July 2017 Harry Sintonen, one of F-Secure’s Senior Security Consultants, discovered unsafe and misleading default behaviour within Intel’s Active Management Technology (AMT). AMT is Intel’s proprietary solution for remote access monitoring and maintenance of corporate-grade personal computers, created to allow IT departments or managed service providers to better control their device fleets.

AMT is no stranger to security weaknesses, with many other researchers finding multiple flaws within the system, but Sintonen’s discovery surprised even him. The security issue seems like something lifted straight from IT security officers’ worst nightmares.

“The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures,” Sintonen says.

 

So how can this be exploited in practice?

The issue allows a local intruder to backdoor almost any corporate laptop in a matter of seconds, even if the BIOS passwordTPM PinBitlocker and login credentials are in place. No, we’re not making this stuff up.

The setup is simple: an attacker starts by rebooting the target’s machine, after which they enter the boot menu. In a normal situation, an intruder would be stopped here; as they won’t know the BIOS password, they can’t really do anything harmful to the computer.

In this case, however, the attacker has a workaround: AMT. By selecting Intel’s Management Engine BIOS Extension (MEBx), they can log in using the default password “admin,” as this hasn’t most likely been changed by the user. By changing the default password, enabling remote access and setting AMT’s user opt-in to “None”, a quick-fingered cyber criminal has effectively compromised the machine. Now the attacker can gain access to the system remotely, as long as they’re able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps).

Although the successful exploitation of the security issue requires physical proximity, this might not be as difficult for skilled attackers to organize as you might think. Sintonen lays out one probable scenario, using techniques common to cyber criminals and red teamers alike.

“Attackers have identified and located a target they wish to exploit. They approach the target in a public place – an airport, a café or a hotel lobby – and engage in an ‘evil maid’ scenario. Essentially, one attacker distracts the mark, while the other briefly gains access to his or her laptop. The attack doesn’t require a lot of time – the whole operation can take well under a minute to complete,” Sintonen says.

 

 

Combating the issue

Although solid operations security is the first step (don’t ever leave your laptop unwatched in an insecure location!), there are some basic safeguards all IT departments should implement. The system provisioning process needs to be updated to include setting a strong password for AMT, or disabling it completely if possible. IT should also go through all currently deployed machines, and organize the same procedure for them. Intel’s own recommendations for using AMT in a secure manner follow similar logic.

Now, this might be more difficult than it sounds. IT departments might find it increasingly tricky to remediate the issue on a large scale, as the required changes may be difficult to effect remotely (ironically enough). In most cases, a mass reconfiguration effort of affected devices is the only way to deal with AMT issues – not fun for a large, global organization. Our recommendation is to query the amount of affected assets remotely, and try to narrow the list down to a more manageable number. Organizations with Microsoft environments and domain connected devices can also take advantage of the System Center Configuration Manager to provision AMT.

Most importantly: if the AMT password has been set to an unknown value on a user’s laptop, consider the device suspect and initiate incident response. First rule of cyber security? Never take unnecessary risks.

My advice? When AMD-Ryzen based laptops are available, switch out of the Intel Eco-system as soon as possible. Intel had no problem sacrificing end-users privacy for performance, while AMD supported our privacy at the sake of performance years ago and learned from it and now have Secure and ultra-high performance processors in the Ryzen and EPYC series. Intel is stuck going back to the drawing board, just after the Pentium 4.

AMD reiterates Immunity to Meltdown after Fake-News Implies AMD CPUs Affected

Undoubtedly there has been some loose talk about Meltdown and Spectre and its impacts on AMD CPUs. AMD just sent this over as it wants to be perfectly clear on its position on these threats.

We have seen some initial stories with a couple of inaccuracies so want to make sure we are being perfectly clear.

* There is no change to AMD’s position on our susceptibility to GPZ Variant 1 or GPZ Variant 2 (collectively called Spectre in many news reports).

* The update in relation to Variant 2 is that even though Variant 2 has not been demonstrated to work on AMD products due to differences in our micro architecture, out of an abundance of caution we are making optional micro code updates available to further contain the threat.

Again, to make it perfectly clear we have not changed our statement erlated to our susceptibility to Variant 2. Let me know if you have questions or need additional details.

Article Image

These are Mark Papermaster’s previous statements to refresh your memory.

An Update on AMD Processor Security

The public disclosure on January 3rd that multiple research teams had discovered security issues related to how modern microprocessors handle speculative execution has brought to the forefront the constant vigilance needed to protect and secure data. These threats seek to circumvent the microprocessor architecture controls that preserve secure data.

At AMD, security is our top priority and we are continually working to ensure the safety of our users as new risks arise. As a part of that vigilance, I wanted to update the community on our actions to address the situation.

** Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.

* We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.

* Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week. For the latest details, please see Microsoft’s website.

* Linux vendors are also rolling out patches across AMD products now.

** GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.

*While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat. We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.

* AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.

*Linux vendors have begun to roll out OS patches for AMD systems, and we are working closely with Microsoft on the timing for distributing their patches. We are also engaging closely with the Linux community on development of “return trampoline” (Retpoline) software mitigations.

** GPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors.

* We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.

There have also been questions about GPU architectures. AMD Radeon GPU architectures do not use speculative execution and thus are not susceptible to these threats.

We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop mitigation solutions to protect users from these latest security threats.

Mark Papermaster,

Senior Vice President and Chief Technology Officer

Intel Under SEC Investigation?

Intel CEO Brian Krzanich’s massive stock sale last fall — which came as the company was privately trying to contend with a major security vulnerability in its chips — could spark a mess of legal trouble for the company.

Institutional investors are already consulting with lawyers about filing a shareholder suit against the company related to the stock sale, according to a person familiar with the talks. Meanwhile, Intel could also contend with an inquiry by the Securities and Exchange Commission, legal experts said.

“I certainly think it would be intriguing to the SEC and theoretically to the US Attorney’s office,” said Joshua Robbins, a white-collar defense attorney at Greenberg Gross and a former federal prosecutor. If the SEC does launch an inquiry, he continued, “it’s going to want to know what did [Krzanich] know and when did he know it.”

The SEC declined to say whether it is investigating Krzanich’s stock sale. An Intel representative told Business Insider last week that Krzanich’s stock sale was “unrelated” to the high-profile security vulnerability which affects chips made by Intel as well as those of rival chipmakers AMD and ARM. But the Intel spokesperson declined on Monday to comment any further on the matter, including whether the company’s board of directors is reviewing the stock transactions.

Krzanich saw a $24 million windfall in late November through a combination of exercising stock options and selling shares that he owned outright. The move raised eyebrows at the time, because he essentially sold all of the stock he could; he kept only the minimum 250,000 shares he’s required to hold under his contract with Intel.

But the stock sale garnered new attention last week after Intel publicly acknowledged a security vulnerability that has plagued nearly all of its chips dating back to 1995. Intel said it had known about the vulnerability, which could allow a hacker to gain access to passwords and other secret information on a computer, since June — months before it came to the public’s attention and months before Krzanich’s stock sales.

That timeline has raised questions about the motivation behind, the timing of, and the size of Krzanich’s stock sale. Although Intel’s CEO made the sales through a pre-arranged “10b5-1” plan that automatically sells shares on a set date, he didn’t put that plan into place until the end of October, nearly five months after Intel first learned about the vulnerability. 

“These are bad facts for him,” said Mercer Bullard, a securities law professor at the University of Mississippi’s School of Law.

The SEC has generally given corporate insiders wide latitude to buy and sell their companies’ stock under 10b5-1 plans. Those plans typically buy or sell a certain number of shares automatically on an executive’s behalf on a recurring, regular basis. That pre-scheduled, regular nature of 10b5-1 plans is designed to insulate corporate insiders from the charge that they are making trades based on non-public information.

 

But they don’t provide an absolute immunity to insider trading charges. Although insiders are generally allowed to change or replace their 10b5-1 plans, they’re forbidden from putting such plans in place or changing them when they are already in possession of material, or substantive, non-public information.

That’s why it’s going to be important to know when exactly Krzanich knew about the security vulnerability and how serious Intel believed it to be at the time. An Intel representative declined to comment on when Krzanich became aware of the vulnerability.

According to a Bloomberg story, security researchers have for years been looking for the type of vulnerability that was found in Intel’s chips and those of other chipmakers. They’ve also known for years — and publicized in research papers and at security conferences — just how dangerous such a vulnerability could be.

“You lose a lot of protections if you amend a [trading] plan when in possession of material non-public information,” said Robert Bartlett, a professor of law at the University of California-Berkeley’s School of Law.

The SEC has limited resources, doesn’t investigate every suspicious transaction, and is operating under the auspices of a pro-business, antiregulatory Trump administration. But the agency has indicated that it plans to make insider trading a priority. And Krzanich’s stock sale could make a tempting target for an investigation, especially because if the agency took action against such a high-profile figure, it could potentially serve as an object lesson for other executives, securities law experts said.

“I would anticipate given the attention this may receive that the government would feel compelled to analyze the factual data,” said Ron Geffner, a partner at Sadis & Goldberg, and a former SEC enforcement attorney.

Regardless of whether the SEC decides to take a closer look, Krzanich’s sale is already getting scrutinized by institutional investors, and that could lead to shareholder suits. The person familiar with the matter told Business Insider that there have been “multiple” inquiries to law firms from concerned investors about the CEO’s transactions, though no lawsuits have yet been filed.

If suits are filed, among the things that plaintiffs lawyers are going to look at closely is not only when Krzanich found out about the vulnerability, but whether he and Intel delayed public disclosure of it and whether there’s any evidence that such a delay was done to allow him to put his plan in place and sell his shares, said Greenberg Gross’ Joshua Robbins.

“I think investors are legitimately concerned in light of the timing,” said Darren Robbins, a partner at Robbins Geller Rudman & Dowd, a firm that represents plaintiffs in securities class action lawsuits. But even before shareholders’ attorneys or the SEC get involved, Intel’s board of directors is likely to give Krzanich’s stock sale a closer look, experts said. Boards are charged with overseeing corporate executives and frequently take the lead when questions are raised about executive actions and company management. They also can often investigate such matters and deal with them more quickly than could be done through shareholder lawsuits or through an SEC inquiry. Indeed, the SEC may well wait to see what Intel’s directors do before launching its own inquiry, experts said.

“The first question is what is the board going to do, because the board will get to this faster than the SEC,” the University of Mississippi’s Bullard said.

Pre-2015 Intel Systems: Massive Performance Impacts from Spectre and Meltdown

There has been a lot of discussion about Spectre and Meltdown since last week and now Microsoft has something to say about Windows Systems performance after patching.

Article Image

In general, our experience is that Variant 1 and Variant 3 mitigations have minimal performance impact, while Variant 2 remediation, including OS and microcode, has a performance impact.

Here is the summary of what we have found so far:

* With Windows 10 on AMD (2007-era PCs with Phenom, Phenom II, FX, or Ryzen) or modern Intel silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.

* With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.

* With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.

* Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

So in summation, with processors older than Skylake (launched in August 2015) changed the way branch prediction is being handled so that it is not more specific to indirect branches. There will be some penalty but not like what we will see in previous Intel CPU architectures. Windows 7 and 8 is going to be a bigger loser than Windows 10, with the FX-8350 outperforming the i7-4790k in many tests.

Class Action Lawsuits Pouring Inside Intel

Sometimes lawyers just amaze me with how fast they can put a lawsuit together. As a matter of fact three different sets (so far) of lawyers have already filed suit against Intel since the news came out this week that their processors had significant vulnerabilities and the fix will slow them down. Anyway, this is going to be interesting over the next several months/years as these lawsuits make it through the court system. I wonder what the relief for consumers is going to be?

Article Image

Legal experts said consumers would have to prove concrete damages and harm to proceed with claims. But experts also expect that consumer class-action lawsuits may be just one cost Intel will face in the wake of the Meltdown revelations.

Info Regarding Meltdown and Spectre

Proof of concept source code for the Spectre and Meltdown attacks have surfaced on github today. Perusing through much of the code shows that the most egregious architecture bungle in the history of man can be accomplished with 122 lines of code according to security experts. Get ready folks. Things are about to get weird in 2018.

Quick Facts on Spectre & Meltdown

1: This is not just an Intel Architecture Problem. Spectre makes this is a general CPU architecture problem that affects all CPUs. Performance being prioritized over Security will no longer work. However, AMD is being vocal that the chances of its CPUs being heavily impacted on this is very unlikely.

Conversely, Intel has issued a warning that just about every server chip it has made in the last 10 years is open to these attacks.

Intel is saying that it will have updates issued by the end of the week for 90 percent of the processor products built in the last five years.

2: These flaws allow the entire contents of memory to be dumped for nearly any device that uses a CPU. Desktops, laptops, servers, mobile phones. Dumping memory exposes EVERYTHING.

3: Spectre affects ALL PROCESSORS. It exploits a fundamental design flaw in contemporary CPU architecture. There is no fix for current hardware.

4: Meltdown affects INTEL processors. It’s easier to pull off the attack than Spectre but has a mitigating patch. Unfortunately, the patch is expected to affect performance significantly in certain workloads.

5: The Meltdown patch still does not address Spectre, though the criticality is largely the same.

6: To reinforce the severity of the issues these attacks could present. Imagine a threat actor making their way onto an AWS cloud server and dumping / reading the entire contents of memory for everything on that server. Think about how many companies exist on a single cloud server. The amount of sensitive data present is staggering. Passwords, Log-Ins, Personal Info, Intellectual Property, Files, SSL Keys, Databases…The list goes on.

7: Vendors don’t understand the issue, with many stating Microsoft has already fixed this in an upcoming patch. Again, Meltdown can be patched. Spectre cannot. They both accomplish the same end result. Spectre is difficult to exploit, but in the hands of the right threat actor is easily doable. Once Spectre is streamlined and automated for ease of use, all bets are off.

The Bottom Line

I wish I could really say right now, but considering that most of the world is run on Intel CPUs when it comes to servers, the simple suggestion to “Replace CPU hardware,” is a bit daunting, except to probably AMD and possibly Qualcomm and its new Centriq processors. As for a current anti-virus list, you can follow this well laid out spreadsheet from @GossiTheDog.

What to do with the information we have today:

Average Desktop User (Intel): At this point your best and only option is to apply the Microsoft KAISER patch when they become available. As this attack is also reported to have delivery via web-browser via .js, it may be plausible to block .js execution from the browser as well.

Average Desktop User (AMD): Your CPU is mostly immune, as AMD is adamant that these exploits do not affect their architecture. If anything changes, I am actively tracking and will alert you.

The Gamer (Intel): Early reports are stating 5-35% performance loss with some going as high as 50%, however, thorough performance impact benchmarks have not been widely done yet, so we really have no idea how massive of performance hit gaming on Intel CPUs will take. You could risk it and keep Windows from updating, but we would not recommend that currently.

The Gamer (AMD): Current Patches are only for Meltdown and will not affect performance, but when Spectre is patched the performance loss may be 0-2%, per AMD. Feel free to keep your computer updated and secure with no concern for the possible performance collapse Intel processors will experience.

The Admin: This is going to boil down to company policy. You will have to weigh the unknown vs. the known. Are the patches compatible with your AV suites? Will they cause an adverse business impact when deployed? Will performance impacts cause issues and what could they affect specifically? If it was me, I’d look at critical systems and start there. Sensitive data being protected is a priority. When upgrade time comes around, I would pressure the higher ups to switch to AMD EPYC based servers ASAP.

Analysis of Spectre & Meltdown by a Computer Guy

This has been a very interesting New Year – and I have something technical to wax lyrical about again. There’s a lot of flak and misinformation flying around, and it’s hard for most people to see what, precisely, is going on. That’s understandable, since what is going on is pretty weird.

So here’s a brief summary of what, exactly, the three security vulnerabilities are:


Spectre v1: “Bounds-Check Bypass”.

The CPU is tricked into speculatively loading data from outside the bounds of an array which is bounds-checked, ie. at a virtual address chosen by the attacker. The bounds-check means that the data is never actually loaded into registers visible to the program. However, the data can be passed through several subsequent speculative instructions, including loads from dependent addresses, so cache-timing effects can be used as a side-channel to exfiltrate the data. The data, however, must legitimately be readable by the same process.

This vulnerability is difficult to exploit usefully. In most cases where it’s possible to inject code to perform the attack, you can simply inject code to read the data directly, instead. Proofs of concept use JIT compilers (eBPF and Javascript) to implement the attack.

Vulnerable CPUs: Potentially anything with branch-prediction and a sufficiently deep pipeline. This is not an x86-specific exploit. The newer the CPU, the more likely it is vulnerable. In particular on the AMD side, Piledriver, Excavator and Ryzen are confirmed to be vulnerable – but this is nothing special. Potentially even K6 and Pentium Pro are vulnerable, but early Atoms and the Pentium-MMX are not.

Software Mitigation: Bounds-checked array accesses in untrusted JIT-compiled code should be associated with a memory barrier, so that the array access itself is not speculatively executed with respect to the bounds check. This has a small performance impact on JIT-compiled code.


Spectre v2: “Branch Target Injection”.

The CPU is tricked into mispredicting an indirect branch (commonly used to implement ‘virtual’ functions in C++, or jump tables in the kernel) to speculatively execute program code chosen by the attacker. This code can directly read data visible to the process executing the branch, then perform a dependent read to permit exfiltration over the same cache-timing side-channel as Spectre v1. The exfiltrated data may reside in a privileged address space, if the targeted branch happens to be in privileged code.

The architectural results of this speculative execution are cancelled when the true branch target becomes known to the CPU, and true execution resumes from the correct address; it is therefore difficult to detect that the attack has taken place. The branch-target injection can be performed by another process or thread executing on the same CPU core as the target process, since the Branch Target Buffer (BTB) is shared between them.

This vulnerability is potentially useful to a local attacker. It can obtain secret data from a privileged address space, such as cryptographic tokens or the location of a viable Rowhammer target.

Vulnerable CPUs: This attack requires poisoning the CPU’s BTB. This is easy on at least Intel Haswell CPUs (and probably some other Intel CPUs), because BTB entries are aliased in a very predictable way. Some recent ARM Cortex-A series CPU cores are reportedly vulnerable too, for the same reason. It is much more difficult on all AMD CPUs, because BTB entries are not aliased – the attacker must know (and be able to execute arbitrary code at) the exact address of the targeted branch instruction.

Software Mitigation: Indirect branches that can be mispredicted should be removed from privileged code. This is apparently being done in the Linux kernel on vulnerable CPUs. It’s not yet clear what the performance impact is, but it should be small.


Meltdown: “Rogue Data Cache Load”.

The CPU is tricked into speculatively loading data which is in the L1 D-cache, but which is marked as unreadable in the page tables. Such data is typically accessible to privileged code running in the same process (eg. upon executing a syscall), and is left mapped but unreadable as a performance optimisation. As with the Spectre attacks, the attack relies on passing the data through further speculatively-executed instructions to perform side-channel exfiltration, and normal execution resumes with no obvious side-effects once the speculation window closes.

This vulnerability is potentially useful to a local attacker. It can obtain secret data from a privileged address space, such as cryptographic tokens or the location of a viable Rowhammer target.

Vulnerable CPUs: This attack requires that the CPU fails to promptly check security flags while performing L1 D-cache loads for a speculatively-executed instruction. Various Intel CPUs (the full extent is not yet clear) are vulnerable. AMD CPUs are not vulnerable.

Software Mitigation: Operating Systems can fully unmap privileged address spaces, instead of merely marking them as inaccessible, when kernel-mode code is not being executed. This means that the rogue load in the attack code will not find the target data. This carries a significant overhead for each syscall, because switching to the alternative page tables and back requires flushing the TLBs twice. Most workloads could see a 30% slowdown, but over 50% performance loss has been reported on newer Intel CPUs, such as the i7 8700k. 

Linus Torvalds “(Intel) CPU’s are crap”

rom Linus Torvalds <>
Date Wed, 3 Jan 2018 15:51:35 -0800
Subject Re: Avoid speculative indirect calls in kernel
share 0
share 129
On Wed, Jan 3, 2018 at 3:09 PM, Andi Kleen wrote:
> This is a fix for Variant 2 in
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
>
> Any speculative indirect calls in the kernel can be tricked
> to execute any kernel code, which may allow side channel
> attacks that can leak arbitrary kernel data.

Why is this all done without any configuration options?

A *competent* CPU engineer would fix this by making sure speculation
doesn’t happen across protection domains. Maybe even a L1 I$ that is
keyed by CPL.

I think somebody inside of Intel needs to really take a long hard look
at their CPU’s, and actually admit that they have issues instead of
writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be
written with “not all CPU’s are crap” in mind.

Or is Intel basically saying “we are committed to selling you ****
forever and ever, and never fixing anything”?

Because if that’s the case, maybe we should start looking towards the
ARM64 people more.

Please talk to management. Because I really see exactly two possibibilities:

– Intel never intends to fix anything

OR

– these workarounds should have a way to disable them.

Which of the two is it?

Linus

https://lkml.org/lkml/2018/1/3/797

Lisa’s(AMD) Commitment to CPU security backed up by Linus Torvalds(father of Linux)

Linus Torvalds on Github has posted a few urgent fixes for PTI to address Intel’s gaping security hole that we covered earlier today. Of note in his post is that he is confident in excluding AMD processors from the update as the company has been confident that they are not affected by the bug. Here is what Lisa Su said (auto-start video warning). Also, the official statement from AMD…

Article Image

Exclude AMD from the PTI enforcement. Not necessarily a fix, but if AMD is so confident that they are not affected, then we should not burden users with the overhead – x86/cpu, x86/pti: Do not enable PTI on AMD processor.

Tom Lendacky has made a BIG call!

AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.