Return to Level1Techs.com

Intel FUBAR ... again - Kernel memory leak in nearly every Intel CPU of the last decade (Spectre hits everyone, Meltdown still Intel exclusive)

intel
mega_thread
bug

#752

I have to agree…avoid the rag mag and get to the technical in the case of presenting something to your employer.


#753

Whilst i agree with the articles sentiment, it doesn’t stop the fact that an extremely hard to pull off remote exploit isn’t still serious.


#754

To use spectre you first need to get local code exec anyway. Usually there are far easier targets and attack vectors to achieve this.

Treat meltdown and spectre as more of a last resort system reconnaissance action. To extract tertiary information (passwords,ssh keys etc) that will then allow you to pivot further into a system / network.


#755

I know, i read the article. I agree with the sentiment but saying. Doesn’t stop it from being just as serious. I know, you know that. I can see it’s a call for calm but it still is serious. More and more things are going IoT they could run the most secure hardened OS going but if your physical hardware has built in exploits then were going to have a bad time.


#756

athlons ? really


#757

The S in IoT stands for security. :wink:

That said, I’m relatively positive about things. As long as we keep proding and poking into technologies as we did with what lead to this revelation. Then we are doing OK, we’re raising attention to this and bringing an awareness to the industry, an industry composed of many individual people.

People that have learned from this , that are now looking out for such problems more than ever before. We are already better off then we were a year ago. And while the path may seem long and littered with approaching problems, we shall tackle them each as we encounter them.

But no matter the odds we shall continue, we never give up or become complacent to it.

To a better future! May your hardware be trustworthy and your software free!


#758

NSA… but we are going dark…


#759

Not sure if it’s been posted already, but there are claims Intel released Coffee Lake anyways KNOWING this vulnerability existed:


#760

By that time the chips where essentially already made.

To fix it would be a disaster.
To silently release it would be less of a disaster.

Intel is a business.
Intel chose.


#761

Still doesn’t protect them from anti trust lawsuits. It may just be mostly the US right now, but the EU might fine them hard. VERY HARD.


#763

They can go right ahead.
My prediction: It will be a slap on the wrist at best.

And the consumer will get the worst of it regardless. :smiley:

Also future prediction:

Intel will make a crazy redesigned security oriented CPU and then claim the high ground , that they have the most secure computing platform of anyone.

Then they will find issues with that CPU again :wink:

You’ve heard of Moore’s law.
But have you heard of the unwritten rule of computing?

There are always more problems.


#764

The problem is that intel knew about this 6 months ago. They put aside funds at that point for the legal fallout.

By the time these lawsuits close, 10 years from now, the fines will be a rounding error of a line item in their budget.

The problem isn’t so much the lawsuits/fines, but how long it takes them to execute. These companies need to be decimated every time they do shit like this.

I propose the CDP, Corporate Decimation Policy. Every time a large company makes a stupid move to cause lawsuits, the fine must be, at minimum, 10% of their earnings for the year.


#765

Can we also include putting the CEO and the board in stocks and throwing rotten vegetables at their face ?

j/k


#766

As much as that’s amusing, the 8th amendment of the US constitution prohibits cruel or unusual punishment, so no.


#767

Cruel i get … but unusual ? How do we dress people up as clowns and launch people out of catapults into Jelly if that’s a thing !?


#768

Because that’s not a punishment. Apparently, some people are into that sort of thing.


#769

it’s lime jelly.


#770

maybe not to you but it certainly sounds like a punishment to me.


#771

Please just try not to derail the thread too much :slight_smile:

Getting launched into jelly sounds like fun though.


#772

That was a major risk predicted for this year, a technological cold war between Asia and North America. It’s looking very likely now.