Spectre and Meltdown on Core 2 Duo CPU

You mean not browsing the Internet, because I don’t get what “buying locally” has to do with it…

3 Likes

Thanks for the info.
Still interesting to know.

The point of Spectre / Meltdown and what makes it scary is the ability to pull info like passwords or bank information. Since 2fac exists, and people who are paranoid use it, banking information / SSN’s are the scary stealy spoop part. Otherwise its just “oh windows got a virus from drive by downloads, what a surprise”

Well, in my opinion there is more at stake than just passwords and bank information. Reading the your entire RAM yields a lot of information about the user himself. Furthermore, some keys that are not directly bank related might be stolen as well. (Ofc virtualisation providers a re a much more interesting target than a singular user, but then again, lots of individual single user are often easier to attack).
To be honest, I generally dislike the notion that anything not banking related is of less concern, just because the user instantaneously and directly loses money. Nowadays, there are many ways to cause harm, without actually stealing banking information. Also, I do believe that private keys are of a greater concern, due to the fact that all (please let it be all) banks employ 2FA, which makes an actual exploitation much more difficult.

But thanks for clarifying what you meant. I was under the impression that you thought ads were only displayed on shopping sites. Which didn’t make much sense. (Even more so, considering that you are on this forum).

Kind of hard to buy local when the items you want/need can’t be found local, like if you live in a small town…

Yea Doctor told me the same thing…:slightly_frowning_face:

I thought I heard that it can pull passwords even from encrypted password managers like keypass?

The list of vulnerabilities in C2D are extensive, not the least of which is probably unpatchable Intel management engine vulnerabilities on those older business class systems which is probably a larger concern for pfSense.

I live in the middle of buttfuck nowhere and I still have a RX580. Its not impossible.

What low cost cpu would you suggest then.
Not a lot to choose from at $50 Canadian, for the whole machine (cpu ram case power supply)

What are the concerns, saying there could be problems and stating them in a form anyone can understand, would be more helpful.

I think it is would be better if you stated the problems and the fixes.

The picture with all the info is interesting, but only helpful to someone who understands what it means. With all the vulnerabilities listed, how could someone get into the pfsense pc and compromise the security. And the attach would have to be from the internet, and not someone who had access to the machine and my home to get control of the pfsense pc.

I would like to learn things about my pcs that are in my home, the more info you have the better you can make a dissension on what computer parts to purchase and use.

I am thankful for the info you provided. It is not in a format I make use of to further educate myself.

Thanks
Have a day

The primary issue is using older used hardware that, while attractively priced, does carry some security risk to what you are planning on using as your main line of defense to your network. As someone who recently upgraded my pfSense box because my old Dell Optiplex C2D system could not be patched, I’ve done a little looking into this.

Most of these vulnerabilities we’ve mentioned can only be patched through bios updates from the vendor. Unfortunately in my case, Dell has flat out stated they are not providing any bios updates for such an old system and has started dropping just about any info about similar systems from their support sites at about the same time most of this came to light.

First and probably worst is IME (Intel management engine). This is built into most Intel chipsets under various names (Vpro under business machines). It allows remote, full access to a computer’s most basic systems including the ability to update a bios, contents of RAM, HD etc. even when the system is off but plugged into power and network. This was sold by Intel to large companies to help them maintain large fleets of computers remotely. Unfortunately, most of this wasn’t secured very well or properly implemented and the result is that most older systems placed on a network can be compromised in a very deep way (independent of the operating system) and therefore its possible for malware to continue to affect a system even when changing out the hard drive for example.

Many vendors have provided a way to disable this or at least supposedly fix the poor implementation in models released in the last few years but something as old as a C2D is unlikely to see this kind of love.

I’ve been told that avoiding using any built in NIC ports on such systems goes a long ways towards getting around this vulnerability. I did this for a few months, however it never really sit well with me that this could still possibly be exploited in some other way as IME exploits appear to be coming out regularly that surprise experts in its capabilities and add new attack vectors (USB was one such exploit, which isn’t as big a deal if you have physical security).

Now we have Meltdown and Spectre on top of other issues with the C2D and it was the final straw for me, knowing that this old system will never see another patch from the vendor.

We must all come to terms with the risks we are willing to take. For me the C2D is done and not worth it anymore.

On a final note, it may also be worth looking at your power costs as many C2D systems aren’t very efficient when compared to newer hardware. You might find that your savings by buying older hardware could be eaten up with higher costs in operating it.

If you are simply tinkering and learning, there probably isn’t anything wrong with playing around with a C2D for a PFS box but there are potential risks to putting it out on the internet as your primary firewall.

Thanks for the info.

For power cost, that is included in rent, so not really a problem.

Have you found any attacks that can be done from the internet that could get past a C2D box with pfsense.

No matter where you look Dlink and all other companies that make routers for the masses have the same problem older machines do not get updates and have holes in them.

Now intel and amd with the spectre and meltdown have big problems.

Everyday there is a new attach a new opening to get through.

Just some thoughts on the internet and its problems.

This is the day and age when we have to live with the mess. Or not go online.

Thanks
Have a day

I prefer my 1080ti but I hate to bust your bubble, where I live there is nowhere to buy up-to-date high end components without either driving 4 hours east or ordering online. Glad to know you can walk around the corner and buy whatever you want, but not everybody is as fortunate as you. People outside of your sphere of existence do live under different circumstances.

Oh no I still have to drive, its just not impossible.

@FLD @FaunCB:

I would kindly ask If comments would be on the topic Spectre and Meltdown on a core 2 duo cpu.

Buying local vs online, is a interesting topic, please open up a new topic, I would gladly put my two cents on it.

Thanks have a day

I don’t know if @RissViss would be interested in what I have to say, but I thought I might as well add my two cents worth. There are things you can do to mitigate the threat of Meltdown and Spectre. One of them would be to segregate your network into different security zones (meaning you would have a very secure zone, a less secure zone, and a zone were you just assume is going to be controlled by some else). Ok once you have segregated your network into three different zones and make sure no device on a zone can talk to another device, you go ahead and connect a router/firewall to each zone. For example, In the aforementioned situation, you would need three router/firewall devices on for each zone. Then you would attach those 3 routers/firewall to your internet gateway( main modem/router). The idea is if someone were to gain access to your modem/router from the outside, they would only be able to see the 3 router/firewall devices and would have to compromise and take over any of the other router/firewall devices before they would be able to do anything on your network. This idea is a modified idea that was first proposed by Steve Gibbons from Security Now. It basically, in my opinion, a more secure version of his 3 dumb routers idea.

I would be interested in what you have to say.
Any info on better security in this day and age would be appreciated.

Thanks Have a day

Hehe, this topic is old but I’m looking into it now for my own purposes. I’m honestly a little surprised to hear that Q6600 are affected because of how much they were lampooned, back when they were released, for just being 2 E6600’s glued together.

I’m resurrecting my Q6600 for testing reasons. Looking it over again, it doesn’t seem to have vPro anywhere on it but it does say VIIV. Does this mean I’m banana republic free, for once in the last 10 years? The chip is old, but I’ll take any win’s I can get, lol.

Necro, please make a new thread.