CPU bugs

What kind of nerdy shit is this, who even cares?

>>62190478
Nu/g/, everyone.

>>62190513

>>62190478
Go back to your techno consumerist containment threads

>>62190492
>>62190533
> oh noes my bits are not secure
I bet you hate Ubuntu for no reason

israel, china, and russia do not collude
secure yourself behind a router of each and there is no backdoor that can reach you from outside

whenever there is physical access, it's over, that has always been the case
do what you can to protect from outside threats, when the thread is inside it's already too late and it doesn't matter if there was a backdoor or not

You'd think there'd be a market for "open" processors.

>>62190675
you would think there would be more than two main x86 cpu manufacturers

>>62190591
So how would you know if the router isn't backdoor'ed what then? Aren't you also only assuming outbound attack vectors? What about inbound?

>>62190820
His theory is that Israel, China, and Russia would not share backdoors so even if all the routers were compromised by their individual nations no single router would be able to get information in or our because it has two other routers that it does not have backdoors for in it's way. This strategy hinges on the assumption that one of those nations hasn't compromised the other two's hardware backdoor intelligence gathering program which while unlikely, isn't impossible.

this is fucking amazing

>>62190675
Patents, unless you want to make a 486 clone you're going to run into trouble.

File: Israel1.jpg (2MB, 2103x1503px) Image search: [Google]

2MB, 2103x1503px

>>62190591
Israel provided Russia with instructions on how to hijack their drones so they could hijack Georgia's israeli made drones during the war. They also extradited a bunch of russian mob bosses that had ran away to Israel and had gained citizenship there.
They have way more cooperation than you'd think.

File: 1498460828192.gif (494KB, 646x466px) Image search: [Google]

494KB, 646x466px

>>62191034
>>62190591

Is this a joke?

Worst theory of the yeear.

did he ever disclose the processor that had instructions lock up in unprivileged mode?

>> 62190555
Yes goyim, don't worry about us having the ability to completely freeze a PC with a specific x86 CPU using a generic program executed by a normal user. And the other literal millions of undocumented instructions found on a variety of processors? Yes, you can safely ignore them all.

File: securityplusequals.png (550KB, 1122x690px) Image search: [Google]

550KB, 1122x690px

What the fuck.

>>62191141
I'm pretty sure MMX patents have expired by now, so you could create a P2 equivalent

>>62191226
This kills the IoT

So what about the millions of undocumented instructions?
Are there weird versions of normal stuff?

>>62190447
I stopped watching when, in 2017 ( current year ), he claimed we blindly trust our CPU. The same CPus that have advertised kill switches in them.

>>62191226
>panel starts
>woman complains about how women and minorities don't want to work in security
>statistics literally have not changed in years
>women and minorities who do get security jobs, quit right away
For the next hour they talk about how to waste money on programs. Because "surely it will work this time."

>>62191226
11:40
old jew points at the crowd
>"this is YOUR fault"

>>62190447
Having actually watched the talk, the conclusion was that the only interesting hardware bug he had found was in a really esoteric processor that noone uses. Cool program and approach, and interesting disassembler and hypervisor bugs were found, but nothing of real concern.

>>62191258
Basically what you should understand is that as long as processors are proprietary, you will never be free. You can full autism OpSec your setup and even use retrogear. But at the end of the day, the processor is locked away. You will never ever know what it really does.

BH is sponsored by NSA hell two years ago they had a talk there.

>>62191348
thankfully no significant hardware bugs.
But he found many undocumented instructions. Not saying they're backdoors necessarily, but it's still a bit worrying that they're not properly documented.

>>62191149
What is wrong with a country sending criminals back to their native countries? Israel has suffered from Russian immigration because they lie about being Jewish when the western world refuses to let in Russians into Europe, USA and Canada.

>>62191431
Where in my post did i say it was wrong?

>>62191348
>the conclusion was that the only interesting hardware bug he had found was in a really esoteric processor that noone uses.
I was under the impression that he didn't actually test the millions of working undocumented opcodes (that didn't result in a crash)

>>62191226
Christ.

We cannot let the left ruin tech/STEM anymore than they already have.

>>62191727
modern society has already ruined the west
all that's left to do is exact revenge

>>62190447
I wish more def con 25 talks would get posted.

>>62191738
>2016 revenge
Check
>2020 revenge
In progress

>>62191636
There's work remaining to be done, for sure, but there didn't seem to be any particular reason to outright expect exploitable behavior.

>Intel x86 ignores 66e9 and 66e8 opcodes while AMD honors them

INTEL FAGS BTFO

>>62190447
I've been watching this so far

>AMD and Intel have the same undocumented instructions

that really makes you think don't it? I really wonder what they are... *cough* backdoor, NSA shit *cough*

>>62192643
But AMD honoring those instructions caused an exploit between the two.

>>62190478
The phone thread's where you should be.

>>62191226
Hahahaha oh we're fucked.

>>62192601
Yes there does. One should assume that these undocumented instructions are malicious these days.

>>62193474
Nah, they put that shit in the IME. There isn't even a need to compromise the CPU itself.

>>62193592
Sure there is, what if some autists were to figure out how to disable the ME? Also, we know Intel will disable it for certain customers.

There is every reason to backdoor the CPU and we should assume this has been done until we learn more. If there's one thing these past few years have taught us is that you can't be too paranoid.

>>62190447
Good stuff. I remember reading about undocumented instructions on the 6502 used in the NES, this is several times more in-depth ..

>>62193429
They infect the HR department the same way during the USSR had a communist party liason in every damn building/operation/business

>>62192943
Some of it could just be a unintended byproduct result of the manufacturing process / artitecture layout ; but that probably doesn't explain all of it...

>>62190591
you could always build your own out of an old desktop box with older hardware, not sure id pay for the electricity to let it run 24/7 but it would work for inbound requests at least

File: 1503752963947.jpg (132KB, 1024x789px) Image search: [Google]

132KB, 1024x789px

>>62193786
Yep, this.

Still sooner or later businesses will realize that their HR departments are cucking them BIGLY, or competitors will emerge staffed largely by white and asian males and we'll see a rennaisance.

>>62193936
Right now businesses only put up with HR due to DOJ civil rights bullshit and possible lawsuits from former employees.

>>62190675
risc v

>>62193951
Yep, government cucking businesses again.

>>62192943
This really caused some neurons to fire and psionic emissions to exude from my third eye.

>>62191149
international arms traders typically don't give out their best shit to people who might one day use those arms against them.

Now this is what /g/ should be discussing about, but alas this is /g/... God help us

Great presentation

>>62192601
if there are millions of undocumented instructions that can have an effect on registers / memory it can throw off disassemblers completely, and there's no way anyone could write anything that could decode everything successfully since there's so many of them

>>62193026
That's like saying since AMD locks it's front door, it's responsible for burglaries in Intel homes.

>>62191226
READ the comments!

https://www.youtube.com/watch?v=rM81Ir0sF9A

>>62192943
or maybe AMD has a license of Intels instruction set and get the inside info on secret instructions.


Yeah, a backdoor shouldn't require already being executing on the system in the first place, that's more of an exploit for higher privilege.

>>62196363
honestly i did not expect the comment section to become so aggressive about it.

>>62191258
I've done work with the 8080 processor and it's clones. They can have a lot of undocumented instructions. And the reason is simple. Most undocumented instructions are just duplicates of documented instructions.

This happens because decoding often uses shortcuts. So say if byte 0xFD starts an instruction, it maps to an extended instruction set that does a specific purpose. Some times that extended set doesn't use 256 instructions for the next byte in the instruction. So you have some unmapped instruction left over in the set. You have 3 options, flag an error, map to NOP or let it fall through as if 0xFD wasn't there. The later tends to be cheaper.

>>62196534
ppl are sick of this shit but they're afraid to say anything at work.

File: banner.png (21KB, 846x293px) Image search: [Google]

21KB, 846x293px

>>62196586
This is true* and I wouldn't say that there are backdoors in all CPUs just in the ones where the Agencies infiltrated the foundry.
*For the sceptic just build an ALU on pic related

>>62197095
Never heard of pic related before. I would have loved a class like that back when I was in college.

>>62191348
hypervisor bugs are not a real concern? what fucking drugs are you on?

the research is on how to approach the issue of trusting hardware and he showed good examples in his research on how the design of the x86 is,was and always will be broken. his tiny examples are a prove enough that with just a tiny bit of fuzzing just shows what kind of cluster fuck tech architecture is and how much impact it can potentially have. let aside the undocumented shit that we have no idea what purpose they serve.

the design flaws are the biggest concern which can lead to things lead to privilege escalation because of different implementation of the instructions on intel/amd. that is fucking scary and should concern you

>>62198501
>hypervisor bugs are not a real concern?
Sure they are, but the ones he demonstrated were really quite minor. I don't see how not tripping the trap flag directly after a cpuid instruction would cause any major issues.

File: Screenshot from 2017-09-01 15-02-25.png (25KB, 633x141px) Image search: [Google]

25KB, 633x141px

hmmmmmmm

Really makes you think why we still use shitty CISC.

>>62198501
>which can lead to things lead to privilege escalation
There was no indication that was actually the case, though.

I mean, I don't disagree with the idea that the x86 ISA is needlessly complex, that its complexity almost inevitably leads to divergent implementation, and that that's a bad thing. The size override prefix on the jump instruction was particularly interesting, and is a strong argument for a simpler, more provable ISA. However, that being said, it is arguable that the fact that he didn't seem to find any actual serious bugs using this approach is a testament to how well current processors, emulators and hypervisors are, in fact, implemented, even in spite of such a crappy ISA.

>>62198603
It's a simple and not exactly obvious way of making malware VM-aware.

>>62198761
Yes, well, it's completely naive to think that it wouldn't be easy to make software able of distinguishing between different CPU models anyway, physical or emulated. That would be the case on any architecture.

>>62196534
most people on the internet hate SJW now even normie sick of their shit and jewtube comments section is a shitstorm no matter the discussion

>>62198698
Because commonly used instructions can take 1 byte instead of 4?

>>62196363
Blacked Hat !!!
KEK top comment

>>62198716
he did mention that there are millions of results per cpu. i would think it needs some time to rule out that none of them are issues

>>62191226
Oh wow they are in every facet.

>>62199028
Certainly, there's more work to be done. Nevertheless, nothing has been found yet.

File: no-value-1.jpg (41KB, 180x365px) Image search: [Google]

41KB, 180x365px

>>62191251

File: blackedSecurity.png (2MB, 1664x8235px) Image search: [Google]

2MB, 1664x8235px

>>62196363

>>62191226
time to hack them

>>62199119
They are sponsored by NSA.

>>62199115
this should be an indicator for blackhat to never attempt to shill again. but since half of the community are closet faggots and mentally ill im sure this will be not the last to influence it.

the organization should get some shit for this garbage. if i look at the CCCongress, it is already on a level with tons of off topic pseudo politics garbage and far less about technology as it was like .... 10 years ago. quality overall has decreased a lot and i'd hate to see that happen to blackhat and defcon

>>62196363
>>62199115

Fucking kek

>>62190555
You mean Ubuntu nsa developed linux

>>62191141
Time to create a new and better desktop arch usable by all

>>62199181
>this should be an indicator for blackhat to never attempt to shill again

The video opens with her saying that it's the third annual diversity panel. I'm not sure a handful of Youtube comments will stop them.

>>62199243
>mfw xkcd-standards.jpg

What was the processor that halted?

>>62191226
>3rd annual

>>62191636
this.

>>62199327
hasn't disclosed yet

>processor that almost no one uses
>"halt and catch fire"
i9-7980XE confirmed for having userland exploitable bug that crashes execution




:^)

>>62190675
https://secure.raptorcs.com/

>>62191805
they tend to drop the last half of the year if 25 was this year

>>62190447
great talk, although most way over my head

>cyber
defcon would have asked him take some shots for that

>>62201683
Defcon is dead.

>>62202145
what?

>>62202363
>goons
>noobs (literally kids) in large numbers
Trust me its been dead for a while

>>62192943
>*cough* *cough*
did your mouth get filed with semen and you gagged?

>>62202379
What's wrong with the noobs as long as they're not being fags about it? That's only a good thing, as a larger and wider audience is being reached. You're not one of those sekrit klub faggots, are you?

The main attractions of Defcon are still the bleeding edge talks and the competitions. I don't see why the more people is a bad thing to you.

>>62202441
>What's wrong with the noobs as long as they're not being fags about it?
Because they cant even name things pre C2D era,it is especially embarrassing when senior talkers ask simple questions and there is dead silence in the audience because they are so young.
Fuck every talker that gets on stage comments how many young people there.

>>62202486
well no shit that's going to happen, people die and leave and new ones take their place. But would you rather that defcon die entirely, as opposed to allowing the new generation to take the torch? That's fucking retarded. If you want old defcon, just stay inside the skytalks.

>>62196363
Arzoo Singh literally can't even.

Why are Sikhs so shit tier?

>>62202417
u mad Intel shill?

we're on to you

>>62190675
you have j-core, which is based on the expired patents on the SuperH Hitachi processors that were in Dreamcasts, and Risc-v, which plans on being the all-in-one linux-for-processors ISA.

>>62190447
Definitive proof that RISC > CISC.

>>62199008
Apex kek