New vulnerabilities are published for AMD and Intel Processors, and we get an early look at the performance of Amazon’s Graviton2 processor. Join Rich Stroffolino and Tom Hollingsworth as they discuss all the IT news of the week!
This week on the Rundown:
Anthos for Telecom
JEDI Judge Says Amazon Lawsuit has Merit
Nvidia Buys SwiftStack
TensorFlow Quantum
Google launched TensorFlow Quantum, an open-source library for prototyping quantum machine learning models, desinged to let developers create hybrid AI algorithms that use both classical computing techniques and quantum computer circuit simulations. Google says that TFQ works by taking quantum data contained in quantum bits, or qubits, and processing it with “hybrid-classical AI modelling,” to generate predictions about quantum algorithms. Microsoft’s Azure Quantum and IBM’s Q both offer similar services.
AMD CDNA
At AMD’s Financial Analyst Day, the company announced Compute DNA, a new GPU archtecture otpimized for data center compute workloads. CDNA will include the second-gen AMD Infinity Architecture to provide a high-bandwidth, low-latency interconnect between GPUs and CPUs, with unified memory across both, optimized for machine learning and high performance computing workloads. AMD expects to launch the new architecture in the summer.
Intel CSME Flaw Is Back
A vulnerability that impacts the Intel Converged Security and Management Engine (CSME) is worse than originally thought and a patch from May 2019 does not fully fix the issue. The CSME cryptographically verifies and authenticates all firmware running on a system. Mark Ermolov from Positive Technologies found the bug can be exploited by malware with root privileges to recover the chipset key and grant an attacker access to everything on a device. Previously it was thought physical access was needed to exploit the vulnerability. For sensitive systems the only recourse is to replace the hardware. Only Intel 10th-generation chips are free of the vulnerability.
Intel LVI Attack
Researchers at Bitdefender and a team of academics published details about a new class of vulnerabilities for Intel processors, called Load Value Injection, or LVI. This essentially is a reverse process of the speculative execution attacks like Meltdown. LVI attacks allow the attacker to inject code inside the CPU and have it executed as a transient “temporary” operation. The exploit was discovered independently by two sets of researchers who were able to demonstrate it attacking cloud environments and leak an encryption key from Intel’s secure enclave, and the researchers say a JavaScript exploit is possible. LVI seems to bypass many Meltdown partial fixes, with the researchers saying only a hardware fix can full address. The exploit has only been demonstrated on Intel processors.
AMD Side Channel Attack
A new paper from security researchers at Graz University of Technology in Austria claims that all AMD processors made from 2011 to 2019 are vulnerable to a side channel attack that could leak otherwise protected information. The researchers reverse-engineered AMD’s L1D cache way predictor, resulting in two types of attacks, Collide+Probe which can monitor a victim’s memory accesses on a time shared logical core, and Load+Reload, which can obtain highly-accurate memory-access traces on a physical core. The researchers were able to run the exploit in JavaScript run on Chrome and Firefox browsers, and also gained access to AES encryption keys. Compared to similar architectural vulnerabilities like Spectre and Meltdown, the ones disclosed only leak a “few bits of metadata,” rather than provide full access. The researchers notified AMD of their findings on August 23, 2019, and AMD said it believed these were “not new speculation-based attacks.”
Amazon’s Graviton Pull
Anandtech published a performance preview of Amazon’s Graviton2 processor, it’s 2nd generation ARM server chip that they’ll offer in EC2 instances. I though this was an interesting comparison to our conversation about Ampere’s recently announced 80-core ARM CPU. Graviton2 will offer up to 64-cores per socket, but with slower clock speeds and using less than half of the power of Ampere’s Altra. Anandtech points out that Graviton2 is essentially a reference ARM Neoverse N1 platform, and offers 40% cheaper performance compared to existing x86 offerings. This may change as AMD’s Rome platform begins rolling out.
The Gestalt IT Rundown is a live weekly look at the IT news of the week. It broadcasts live on YouTube every Wednesday at 12:30pm ET. Be sure to subscribe to Gestalt IT on YouTube for the show each week.