I don't believe it for a second.

Owned. Intel is owned. Owned!

oxidizedI don't believe it for a second.

I believe it, it kinda sorta happens all the time sooo yeah.
Hackers inform a company of a weak spot, they get paid for their find and they give the company a deadline to fix it or else they reveal the information.

This is really no different so whats your problem?

Oh that's not good PR. Ouch Intel.

It was discovered in September and they notified Intel. Intel even paid the bounty. There usually is a 90 day period before the info goes public. We are well passed double the time and Intel wanted another 6 months.

Man, Intel needs a new PR department.

GoldenXMan, Intel needs a new PR department.

No, they need a new security head. Clearly this guy isn't "working" so well :ohwell:


They should also hire a new lawyer :mad:

ZoneDymoI believe it, it kinda sorta happens all the time sooo yeah.
Hackers inform a company of a weak spot, they get paid for their find and they give the company a deadline to fix it or else they reveal the information.

This is really no different so whats your problem?

He's a known hardcore Intel fanboy, of course he's gonna defend them tooth and nail. You're preaching to the wrong choir.

GoldenXMan, Intel needs a new PR department.

Intel needs some serious restructuring from the ground up. IMO PR is least of their concern at the moment.

GoldenXMan, Intel needs a new PR department.

better engineers would be more beneficial imo

oxidizedI don't believe it for a second.

lol.
i believe it 1000%

Intel seriously need medics here..

Intel needs an entire new re-structuring, and I think they are getting that now with the new CEO, sadly the new CEO doesn't care about consumer, he only cares about big data centers moving forward because that is where the money is. Luckily, AMD EPYC Rome 7nm is going to smoke Intel in that area too, so Intel will be forced to diversify and improve very fast to appease the stock holders. Free markets work as long as there is competition, AMD is bae.

Dang cheap ass amateurs! $40,000 or $80,000? This is what you get for your cheapness......FAIL!

These things require "brute force"......Next time Intel throw a million on their face in one go and wipe the floor. But $40k? Come one I would also tell you to shove it off!

btarunrWith public knowledge withheld...

you don't need to worry about wasting money on security :laugh:

classic intel
and to think they've been doing this for almost two decades now and people still buy their CPUs... jesus christ

I'm not part of Intel's bandwagon, but this article seems really confusing and kind of misleading... the title says Intel wanted to pay them to "suppress knowledge of MDS vulnerability", but then the article itself says instead they wanted them "to downplay the severity of the vulnerability". The first part implies the Dutch to don't say a thing (possibly until they fix the problem), the second part implies the information would be public but the severity and details to be "softened".
So after reading this, one may ask... "well, which one was it?" and why is the "bribe" word being used when there's a public bounty program in place by Intel to reward people that discover these kind of issues with their products?

Going to the source/reddit article to find some extra details doesn't exactly make things 100% clear, but it seems to me that it went like this:
- among several researcher groups taking a look at said vulnerabilities, the Dutch Uni was the one that found the major part of it
- Intel paid the Dutch Uni research group around $100,000 (89,000 euros) as part of their public bounty program (explained on their own press release also linked in this TPU article). They would reveal Intel the details and not publicly, so that Intel could investigate and work a security fix. (so nothing really shady here (as in bribe), seems normal procedure in these cases)
- the group said they would give Intel until May, then they would release the infos/leaks themselves
- apparently Intel wanted to wait another six months so they could get more time to fix it
- the group refused
- Intel then made them an additional offer of 40k , then another 80k on top, to convince them to downplay the severity /level of vulnerability of the problem, since sh/t would hit the fan anyway (probably to make things a bit less interesting for hackers and to avoid another public PR snowball)
- the group refused this additional offer to soften the exploit severity, and then released the vulnerability infos in May as planned.

So, basically, seems things went normal according to the usual Intel bounty/reward program, until Intel wanted another 6 months of time to work on the issue. The group didn't want to wait any longer than the initial program deal they made, and in response Intel wanted to at least make things look publicly less "worrying", by asking them to publicly say the vulnerability it wasn't really that of a big deal, offering them another $40k + $80k. They refused the offer and released the research untouched.

Considering it's a security problem, one can see why Intel wanted to at least try some "damage control". Even if the group accepted the "downplay" offer, eventually with time, the real severity would come out and that would make the group and Intel look bad. Difference is, Intel can afford to look bad in that situation, specially if the reasons were based on "customer's security".

I'd have absolutly loved to have a room like this (at his age, not now, hahahah) (Taken from the news source NRC)

MAXLDI'm not part of Intel's bandwagon, but this article seems really confusing and kind of misleading... the title says Intel wanted to pay them to "suppress knowledge of MDS vulnerability", but then the article itself says instead they wanted them "to downplay the severity of the vulnerability". The first part implies the Dutch to don't say a thing (possibly until they fix the problem), the second part implies the information would be public but the severity and details to be "softened".
So after reading this, one may ask... "well, which one was it?" and why is the "bribe" word being used when there's a public bounty program in place by Intel to reward people that discover these kind of issues with their products?

Going to the source/reddit article to find some extra details doesn't exactly make things 100% clear, but it seems to me that it went like this:
- among several researcher groups taking a look and said vulnerabilities, the Dutch Uni was the one that found the major part of it
- Intel paid the Dutch Uni research group around $100,000 (89,000 euros) as part of their public bounty program (explained on their own press release also linked in this TPU article). They would reveal Intel the details and not publicly so that Intel could investigate and work a security fix. (so nothing really shady here (as in bribe), seems normal procedure in these cases)
- the group said they would give Intel until May, then they would release the infos/leaks themselves
- apparently Intel wanted to wait another six months so they could get more time to fix it
- the group refused
- Intel then made them an additional offer of 40k , then another 80k on top, to convince them to downplay the severity /level of vulnerability of the problem, since sh/t would hit the fan anyway (probably to make things a bit less interesting for hackers and to avoid another public PR snowball)
- the group refused this additional offer to soften the exploit severity, and then released the vulnerability infos in May as planned.

So, basically, seems things went normal according to the usual Intel bounty/reward program, until Intel wanted another 6 months of time to work on the issue. The group didn't want to wait any longer than the initial program deal they made, and in response Intel wanted to at least make things look publicly less "worrying" but asking them to publicly say the vulnerability it wasn't really that of a big deal, offering them another $40k + $80k. They refused the offer and released the research untouched.

Considering it's a security problem, one can see why Intel wanted to at least try some "damage control". Even if the group accepted the "downplay" offer, eventually with time, the real severity would come out and that would make the group and Intel look bad. Difference is, Intel can afford to look bad in that situation, specially if the reasons were based on "customer's security".

Nice background work! What we have here is one of the only responders who bothered to do some source work, instead of just responding to the sensationalist headline.

erixxI'd have absolutly loved to have a room like this (at his age, not now, hahahah) (Taken from the news source NRC)

Best part about, his Uni probably paid for most of it :D Dream deal.

Vrije Universiteit Amsterdam (Free University Amsterdam) whouldn´t be free if under NDA.

So Intel whould have to buy the whole and not make a joke of its self.

queue Intel fanboy damage control

I'd have took the $40k no lie

Wouldn't we want Intel and AMD paying rewards for these discoveries and suppressing the discovery until a patch is issued? Why do these groups want to discover vulnerabilities and immediately expose everyone? I would think these groups would be on the side of consumers but it seems they are on the side of attackers if they intend to release info and expose everyone before fixes are available.

I am a not a fanboy of anyone, currently running AMD in my desktop and Intel in a notebook. Common sense isn't a fanboy.

40k or 80k is nothing to them, now if it was around 5 million then it might have achieved success.

ssdproWouldn't we want Intel and AMD paying rewards for these discoveries and suppressing the discovery until a patch is issued? Why do these groups want to discover vulnerabilities and immediately expose everyone? I would think these groups would be on the side of consumers but it seems they are on the side of attackers if they intend to release info and expose everyone before fixes are available.

I am a not a fanboy of anyone, currently running AMD in my desktop and Intel in a notebook. Common sense isn't a fanboy.

The standard 90 days deadline forces them to react and work on fixes instead of dragging their feet and hoping people will just buy their (probably also vulnerable) 10k series in a few months.

Intel is a crooked company, only few websites dont go along with their evil tactics, here at techpowerup we see a neutral take on both, amd or intel, websites for example like anantech there is only intel and their products, I mean amd name and products or news are rarely published there, just for the sake of an unbiased view, I challenge you right now to go to anantech and check their main page, is 100% filled with intel marketing things. It's sad. We need more neutral tech websites like techpowerup. Intel buys everything in order to keep its name and products high priority.