• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

US Lawmakers to Pull Up Intel, ARM, Microsoft, and Amazon for Spectre Secrecy

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,311 (7.52/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
In the wake of reports surrounding the secrecy and selective disclosure of information related to the Meltdown and Spectre vulnerabilities leading up to the eventual January 3 public release, US lawmakers are unhappy with leading tech firms Intel, Microsoft, ARM, Apple, and Amazon. The five companies, among a few unnamed others, are being pulled up by a house committee over allegations of selective access of vital information that caught many American companies off guard on the January 3rd. Barring a few tech giants, thousands of American companies were unaware, and hence unprepared for Meltdown and Spectre until January 3, and are now spending vast resources to overhaul their IT infrastructure at breakneck pace.

In letters such as this one, addressed to CEOs of big tech firms, lawmakers criticized the secrecy and selective disclosure of information to safeguard IT infrastructure, which has left thousands of American companies out in the lurch, having to spend vast amounts of money securing their infrastructure. "While we acknowledge that critical vulnerabilities such as these create challenging trade-offs between disclosure and secrecy, as premature disclosure may give malicious actors time to exploit the vulnerabilities before mitigations are developed and deployed, we believe that this situation has shown the need for additional scrutiny regarding multi-party coordinated vulnerability disclosures," they write.



View at TechPowerUp Main Site
 
Joined
Dec 18, 2005
Messages
8,253 (1.19/day)
System Name money pit..
Processor Intel 9900K 4.8 at 1.152 core voltage minus 0.120 offset
Motherboard Asus rog Strix Z370-F Gaming
Cooling Dark Rock TF air cooler.. Stock vga air coolers with case side fans to help cooling..
Memory 32 gb corsair vengeance 3200
Video Card(s) Palit Gaming Pro OC 2080TI
Storage 150 nvme boot drive partition.. 1T Sandisk sata.. 1T Transend sata.. 1T 970 evo nvme m 2..
Display(s) 27" Asus PG279Q ROG Swift 165Hrz Nvidia G-Sync, IPS.. 2560x1440..
Case Gigabyte mid-tower.. cheap and nothing special..
Audio Device(s) onboard sounds with stereo amp..
Power Supply EVGA 850 watt..
Mouse Logitech G700s
Keyboard Logitech K270
Software Win 10 pro..
Benchmark Scores Firestike 29500.. timepsy 14000..
we have a huge scandal here.. the full ramifications are yet to come out..

trog
 
Joined
Nov 1, 2008
Messages
4,213 (0.71/day)
Location
Vietnam
System Name Gaming System / HTPC-Server
Processor i7 8700K (@4.8 Ghz All-Core) / R7 5900X
Motherboard Z370 Aorus Ultra Gaming / MSI B450 Mortar Max
Cooling CM ML360 / CM ML240L
Memory 16Gb Hynix @3200 MHz / 16Gb Hynix @3000Mhz
Video Card(s) Zotac 3080 / Colorful 1060
Storage 750G MX300 + 2x500G NVMe / 40Tb Reds + 1Tb WD Blue NVMe
Display(s) LG 27GN800-B 27'' 2K 144Hz / Sony TV
Case Xigmatek Aquarius Plus / Corsair Air 240
Audio Device(s) On Board Realtek
Power Supply Super Flower Leadex III Gold 750W / Andyson TX-700 Platinum
Mouse Logitech G502 Hero / K400+
Keyboard Wooting Two / K400+
Software Windows 10 x64
Benchmark Scores Cinebench R15 = 1542 3D Mark Timespy = 9758
There is no reason for Intel not to work on a fix from Day 1. As it is, they procrastinated and procrastinated and when they finally released something, it's buggy as hell and has to be uninstalled from most systems. Similar story with Microsoft. Good they are being called up.

Not releasing the information, I can understand. Dumping your stock and not working on a fix until much later on in the game is deplorable.
 
Joined
Apr 19, 2012
Messages
12,062 (2.60/day)
Location
Gypsyland, UK
System Name HP Omen 17
Processor i7 7700HQ
Memory 16GB 2400Mhz DDR4
Video Card(s) GTX 1060
Storage Samsung SM961 256GB + HGST 1TB
Display(s) 1080p IPS G-SYNC 75Hz
Audio Device(s) Bang & Olufsen
Power Supply 230W
Mouse Roccat Kone XTD+
Software Win 10 Pro
I believe the news surrounding this indicated that Intel made Chinese companies aware of the flaw before they told US customers.
 
Joined
Dec 18, 2005
Messages
8,253 (1.19/day)
System Name money pit..
Processor Intel 9900K 4.8 at 1.152 core voltage minus 0.120 offset
Motherboard Asus rog Strix Z370-F Gaming
Cooling Dark Rock TF air cooler.. Stock vga air coolers with case side fans to help cooling..
Memory 32 gb corsair vengeance 3200
Video Card(s) Palit Gaming Pro OC 2080TI
Storage 150 nvme boot drive partition.. 1T Sandisk sata.. 1T Transend sata.. 1T 970 evo nvme m 2..
Display(s) 27" Asus PG279Q ROG Swift 165Hrz Nvidia G-Sync, IPS.. 2560x1440..
Case Gigabyte mid-tower.. cheap and nothing special..
Audio Device(s) onboard sounds with stereo amp..
Power Supply EVGA 850 watt..
Mouse Logitech G700s
Keyboard Logitech K270
Software Win 10 pro..
Benchmark Scores Firestike 29500.. timepsy 14000..
I believe the news surrounding this indicated that Intel made Chinese companies aware of the flaw before they told US customers.

which of course will bring national security into the equation making making an already messy situation even messier..

trog
 
Joined
Apr 12, 2013
Messages
7,564 (1.77/day)
I believe the news surrounding this indicated that Intel made Chinese companies aware of the flaw before they told US customers.
I believe the concern is wrt the Chinese govt, if they'd known - which is almost a given - about spectre & meltdown before a patch was available then there's a good chance they might have exploited it in the second half of 2017.
 
Joined
Apr 18, 2013
Messages
1,260 (0.29/day)
Location
Artem S. Tashkinov
What choice did they have? The full fixes have still not been widely deployed three weeks after the details were revealed and if the vulnerabilities had been made public earlier we'd had a major literal industry-wide meltdown because the affected companies wouldn't have any protective measures but hackers would have known enough to gain unauthorized access to the affected systems.

I'm only curious why half a year wasn't enough to solve these vulnerabilities, specially Meltdown. It's mind-boggling really.

Also, I wonder how Intel had the insolence to release the Coffee Lake CPUs knowing full well that they were affected. If they had any consistence they should have postponed its release until software/hardware fixes have been deployed/enabled, so that the prospective customers knew what [performance losses] they were into.
 
Last edited:

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,311 (7.52/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
Why is Amazon being pulled into this?

Because it's the greatest beneficiary of early info. Smaller companies are temporarily moving their IT setups to "safer" Amazon Cloud while they upgrade their local infrastructure (great opportunity for Amazon to convince them to stay on the cloud instead of spending 'more' money on their own infra). Smells crony.
 
Joined
Feb 3, 2017
Messages
3,831 (1.33/day)
Processor Ryzen 7800X3D
Motherboard ROG STRIX B650E-F GAMING WIFI
Memory 2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s) INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage 2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s) 42" LG C2 OLED, 27" ASUS PG279Q
Case Thermaltake Core P5
Power Supply Fractal Design Ion+ Platinum 760W
Mouse Corsair Dark Core RGB Pro SE
Keyboard Corsair K100 RGB
VR HMD HTC Vive Cosmos
What choice did they have? The full fixes have still not been widely deployed three weeks after the details were revealed and if the vulnerabilities had been made public earlier we'd had a major literal industry-wide meltdown because the affected companies wouldn't have any protective measures but hackers would have known enough to gain unauthorized access to the affected systems.

I'm only curious why half a year wasn't enough to solve these vulnerabilities, specially Meltdown. It's mind-boggling really.

Also, I wonder how Intel had the insolence to release the Coffee Lake CPUs knowing full well that they were affected. If they had any consistence they should have postponed its release until software/hardware fixes have been deployed/enabled, so that the prospective customers knew what [performance losses] they were into.
Meltdown fixes have been widely deployed. OSX has patches were out in autumn, Linux was trying to get the new kernel out before embargo was supposed to end on January 9th, same with Microsoft and Windows patches. Spectre... is trickier.

Intel was between rock and a hard place. They had to do something to counter Ryzen launch, even it if was half a year late. They just could not wait any longer, Coffee lake release was rushed even as it was.
 
Joined
Apr 18, 2013
Messages
1,260 (0.29/day)
Location
Artem S. Tashkinov
Meltdown fixes have been widely deployed. OSX has patches were out in autumn, Linux was trying to get the new kernel out before embargo was supposed to end on January 9th, same with Microsoft and Windows patches. Spectre... is trickier.

Intel was between rock and a hard place. They had to do something to counter Ryzen launch, even it if was half a year late. They just could not wait any longer, Coffee lake release was rushed even as it was.

The first Linux kernel to contain a fix was 4.14.11 and it was released on January, 3, 2018. Microsoft released its meltdown patches even later than that.

So, who are you trying to BS here?
 
Joined
Feb 3, 2017
Messages
3,831 (1.33/day)
Processor Ryzen 7800X3D
Motherboard ROG STRIX B650E-F GAMING WIFI
Memory 2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s) INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage 2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s) 42" LG C2 OLED, 27" ASUS PG279Q
Case Thermaltake Core P5
Power Supply Fractal Design Ion+ Platinum 760W
Mouse Corsair Dark Core RGB Pro SE
Keyboard Corsair K100 RGB
VR HMD HTC Vive Cosmos
The first Linux kernel to contain a fix was 4.14.11 and it was released on January, 3, 2018. Microsoft released its meltdown patches even later than that.
So, who are you trying to BS here?
What do you mean, BS?
Embargo on Meltdown and Spectre was meant to end on January 9th.
For meltdown patches, Linux had a new kernel out on 3rd as you said, Microsoft released Windows 10 patches on 4th and Windows 7/8 got patches on 9th as initially planned.
 
Joined
Feb 16, 2017
Messages
494 (0.17/day)
What choice did they have? The full fixes have still not been widely deployed three weeks after the details were revealed and if the vulnerabilities had been made public earlier we'd had a major literal industry-wide meltdown because the affected companies wouldn't have any protective measures but hackers would have known enough to gain unauthorized access to the affected systems.

I'm only curious why half a year wasn't enough to solve these vulnerabilities, specially Meltdown. It's mind-boggling really.

Also, I wonder how Intel had the insolence to release the Coffee Lake CPUs knowing full well that they were affected. If they had any consistence they should have postponed its release until software/hardware fixes have been deployed/enabled, so that the prospective customers knew what [performance losses] they were into.
Intel telling the US companies first or even at the same time would've been a good idea since Intel is US based. I don't think they're getting out of this unscathed but time will tell.
 
Joined
Jul 29, 2014
Messages
484 (0.13/day)
Location
Fort Sill, OK
Processor Intel 7700K 5.1Ghz (Intel advised me not to OC this CPU)
Motherboard Asus Maximus IX Code
Cooling Corsair Hydro H115i Platinum
Memory 48GB G.Skill TridentZ DDR4 3200 Dual Channel (2x16 & 2x8)
Video Card(s) nVIDIA Titan XP (Overclocks like a champ but stock performance is enough)
Storage Intel 760p 2280 2TB
Display(s) MSI Optix MPG27CQ Black 27" 1ms 144hz
Case Thermaltake View 71
Power Supply EVGA SuperNova 1000 Platinum2
Mouse Corsair M65 Pro (not recommded, I am on my second mouse with same defect)
Software Windows 10 Enterprise 1803
Benchmark Scores Yes I am Intel fanboy that is my benchmark score.
Its alright let the CEO's sell their stocks first and consumers will be dealt with when the time comes.
 
Joined
Feb 3, 2017
Messages
3,831 (1.33/day)
Processor Ryzen 7800X3D
Motherboard ROG STRIX B650E-F GAMING WIFI
Memory 2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s) INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage 2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s) 42" LG C2 OLED, 27" ASUS PG279Q
Case Thermaltake Core P5
Power Supply Fractal Design Ion+ Platinum 760W
Mouse Corsair Dark Core RGB Pro SE
Keyboard Corsair K100 RGB
VR HMD HTC Vive Cosmos
Intel telling the US companies first or even at the same time would've been a good idea since Intel is US based. I don't think they're getting out of this unscathed but time will tell.
Intel did tell US companies as well. This probably went out to a number of companies. In addition to Lenovo and Alibaba articles mention Microsoft, Amazon, ARM (UK) and this is definitely not a conclusive list.
 
Joined
Jun 12, 2017
Messages
136 (0.05/day)
There is no reason for Intel not to work on a fix from Day 1. As it is, they procrastinated and procrastinated and when they finally released something, it's buggy as hell and has to be uninstalled from most systems. Similar story with Microsoft. Good they are being called up.

Not releasing the information, I can understand. Dumping your stock and not working on a fix until much later on in the game is deplorable.

How do you ever know Intel does not work from Day 1? Did you work there?

Linux kernel community has been known to be extremely conservative when it comes to performance-degrading patches in the past decade. This KPTI which almost busted the performance of kernel call must have been a last resort and a hard choice as hell.
 
Joined
Nov 1, 2008
Messages
4,213 (0.71/day)
Location
Vietnam
System Name Gaming System / HTPC-Server
Processor i7 8700K (@4.8 Ghz All-Core) / R7 5900X
Motherboard Z370 Aorus Ultra Gaming / MSI B450 Mortar Max
Cooling CM ML360 / CM ML240L
Memory 16Gb Hynix @3200 MHz / 16Gb Hynix @3000Mhz
Video Card(s) Zotac 3080 / Colorful 1060
Storage 750G MX300 + 2x500G NVMe / 40Tb Reds + 1Tb WD Blue NVMe
Display(s) LG 27GN800-B 27'' 2K 144Hz / Sony TV
Case Xigmatek Aquarius Plus / Corsair Air 240
Audio Device(s) On Board Realtek
Power Supply Super Flower Leadex III Gold 750W / Andyson TX-700 Platinum
Mouse Logitech G502 Hero / K400+
Keyboard Wooting Two / K400+
Software Windows 10 x64
Benchmark Scores Cinebench R15 = 1542 3D Mark Timespy = 9758
How do you ever know Intel does not work from Day 1? Did you work there?

Linux kernel community has been known to be extremely conservative when it comes to performance-degrading patches in the past decade. This KPTI which almost busted the performance of kernel call must have been a last resort and a hard choice as hell.

With the considerable resources that Intel can bring to bare, it should not have taken them this long to issue a (buggy/revoked) patch. They either started much later, or did not prioritize the work. Considering the possible ramifications that these exploits can have, there is no excuse for not having a fix by the time it was publicly announced. Furthermore, they released a new series of cpu all the while knowing that it contained a critical flaw. Intel's behaviour is beyond the pale, and if they were a smaller company, they'd be buried in litigation right now. How many people/companies do you think would have passed over on coffee lake knowing the security risk? I, for one, would not have purchased a broken CPU and would have spent a little more for an AMD chip.

If you think that Intel didn't factor all of this in to their timeline, you are being naive. Intel could have fixed this well before coffee lake and had they done so, it would have negatively affected coffee lake sales as they would have had to acknowledge the flaw earlier. They may even have had to go back to the drawing board (at considerable expense) on that chip after the design was finished, causing them to either or go over budget or skip a generation . Shareholders would not have been pleased.

Their actions demonstrate that they only care about protecting their corporate interests rather than the consumer . . . Well most of the consumers . . . Their biggest clients were informed well in advance in a bid to keep their relationships in good standing. Hence their appearance in front of the house committee. Corrupt, greedy, unethical, conniving are just a few of the words that come to mind.

In the automotive industry, car makers are forced to issue recalls if a critical defect is found. The only reason that Intel won't be told to do this is because the industry is not as well regulated. I do hope, however, that they get buried in class actions for the next 20 years.
 
Last edited:
Joined
Jul 31, 2014
Messages
481 (0.13/day)
System Name Diablo | Baal | Mephisto | Andariel
Processor i5-3570K@4.4GHz | 2x Xeon X5675 | i7-4710MQ | i7-2640M
Motherboard Asus Sabertooth Z77 | HP DL380 G6 | Dell Precision M4800 | Lenovo Thinkpad X220 Tablet
Cooling Swiftech H220-X | Chassis cooled (6 fans + HS) | dual-fanned heatpipes | small-fanned heatpipe
Memory 32GiB DDR3-1600 CL9 | 96GiB DDR3-1333 ECC RDIMM | 32GiB DDR3L-1866 CL11 | 8GiB DDR3L-1600 CL11
Video Card(s) Dual GTX 670 in SLI | Embedded ATi ES1000 | Quadro K2100M | Intel HD 3000
Storage many, many SSDs and HDDs....
Display(s) 1 Dell U3011 + 2x Dell U2410 | HP iLO2 KVMoIP | 3200x1800 Sharp IGZO | 1366x768 IPS with Wacom pen
Case Corsair Obsidian 550D | HP DL380 G6 Chassis | Dell Precision M4800 | Lenovo Thinkpad X220 Tablet
Audio Device(s) Auzentech X-Fi HomeTheater HD | None | On-board | On-board
Power Supply Corsair AX850 | Dual 750W Redundant PSU (Delta) | Dell 330W+240W (Flextronics) | Lenovo 65W (Delta)
Mouse Logitech G502, Logitech G700s, Logitech G500, Dell optical mouse (emergency backup)
Keyboard 1985 IBM Model F 122-key, Ducky YOTT MX Black, Dell AT101W, 1994 IBM Model M, various integrated
Software FAAAR too much to list
There is no reason for Intel not to work on a fix from Day 1. As it is, they procrastinated and procrastinated and when they finally released something, it's buggy as hell and has to be uninstalled from most systems. Similar story with Microsoft. Good they are being called up.

Not releasing the information, I can understand. Dumping your stock and not working on a fix until much later on in the game is deplorable.
What choice did they have? The full fixes have still not been widely deployed three weeks after the details were revealed and if the vulnerabilities had been made public earlier we'd had a major literal industry-wide meltdown because the affected companies wouldn't have any protective measures but hackers would have known enough to gain unauthorized access to the affected systems.

I'm only curious why half a year wasn't enough to solve these vulnerabilities, specially Meltdown. It's mind-boggling really.

Also, I wonder how Intel had the insolence to release the Coffee Lake CPUs knowing full well that they were affected. If they had any consistence they should have postponed its release until software/hardware fixes have been deployed/enabled, so that the prospective customers knew what [performance losses] they were into.
With the considerable resources that Intel can bring to bare, it should not have taken them this long to issue a (buggy/revoked) patch. They either started much later, or did not prioritize the work. Considering the possible ramifications that these exploits can have, there is no excuse for not having a fix by the time it was publicly announced. Furthermore, they released a new series of cpu all the while knowing that it contained a critical flaw. Intel's behaviour is beyond the pale, and if they were a smaller company, they'd be buried in litigation right now. How many people/companies do you think would have passed over on coffee lake knowing the security risk? I, for one, would not have purchased a broken CPU and would have spent a little more for an AMD chip.

If you think that Intel didn't factor all of this in to their timeline, you are being naive. Intel could have fixed this well before coffee lake and had they done so, it would have negatively affected coffee lake sales as they would have had to acknowledge the flaw earlier. They may even have had to go back to the drawing board (at considerable expense) on that chip after the design was finished, causing them to either or go over budget or skip a generation . Shareholders would not have been pleased.

Their actions demonstrate that they only care about protecting their corporate interests rather than the consumer . . . Well most of the consumers . . . Their biggest clients were informed well in advance in a bid to keep their relationships in good standing. Hence their appearance in front of the house committee. Corrupt, greedy, unethical, conniving are just a few of the words that come to mind.

In the automotive industry, car makers are forced to issue recalls if a critical defect is found. The only reason that Intel won't be told to do this is because the industry is not as well regulated. I do hope, however, that they get buried in class actions for the next 20 years.

Because it's a really, really hard problem to solve if you're unable to replace the hardware. As for Coffee Lake, there's no realistic way for Intel to fix it. By the time Intel was made aware of the problem, Coffee Lake was already in it's ramp phase (fab and stockpile for launch day.. probably already on boats being shipped even). As for how long the patching is taking, I'd like to see you, or any team you can name/assemble do better than what the major guys have been doing so far. Like I said, really, really hard problem to deal with.

Sure, Intel could issue a recall, then what? Unlike VAG diesel cars and SUVs, you're not talking a few million worldwide, you're talking literal billions of devices.. devices that literally run the world as we speak. Even if Intel had been perfectly willing to swap every single affected chip (meaning literally all of em in use right now), they simply do not have the manufacturing capability to do so, nor do the partner OEMs and ODMs building devices and motherboards.

Evidently though, Intel and partners are most certainly not free of blame: they should have informed tier 2 partners (people like OVH, DigitalOcean, AV vendors and the like) a fair bit earlier in the pipeline, and they should NOT have released patches that needed to be pulled, certainly not as mandatory install ASAP security updates. At the same time though, their hand was being forced by other researchers being on the verge of INDEPENDENTLY discovering the same vulnerability. If other researchers can discover it cleanly and independently, then you can be certain that the evil hackers and attackers are at least as close to discovering it, if they're not shipping malware using it already. Result: the decision was made to ship the buggy patch and hope not too many people get bit by the bugs.
 
Joined
Nov 1, 2008
Messages
4,213 (0.71/day)
Location
Vietnam
System Name Gaming System / HTPC-Server
Processor i7 8700K (@4.8 Ghz All-Core) / R7 5900X
Motherboard Z370 Aorus Ultra Gaming / MSI B450 Mortar Max
Cooling CM ML360 / CM ML240L
Memory 16Gb Hynix @3200 MHz / 16Gb Hynix @3000Mhz
Video Card(s) Zotac 3080 / Colorful 1060
Storage 750G MX300 + 2x500G NVMe / 40Tb Reds + 1Tb WD Blue NVMe
Display(s) LG 27GN800-B 27'' 2K 144Hz / Sony TV
Case Xigmatek Aquarius Plus / Corsair Air 240
Audio Device(s) On Board Realtek
Power Supply Super Flower Leadex III Gold 750W / Andyson TX-700 Platinum
Mouse Logitech G502 Hero / K400+
Keyboard Wooting Two / K400+
Software Windows 10 x64
Benchmark Scores Cinebench R15 = 1542 3D Mark Timespy = 9758
Because it's a really, really hard problem to solve if you're unable to replace the hardware. As for Coffee Lake, there's no realistic way for Intel to fix it. By the time Intel was made aware of the problem, Coffee Lake was already in it's ramp phase (fab and stockpile for launch day.. probably already on boats being shipped even). As for how long the patching is taking, I'd like to see you, or any team you can name/assemble do better than what the major guys have been doing so far. Like I said, really, really hard problem to deal with.

Sure, Intel could issue a recall, then what? Unlike VAG diesel cars and SUVs, you're not talking a few million worldwide, you're talking literal billions of devices.. devices that literally run the world as we speak. Even if Intel had been perfectly willing to swap every single affected chip (meaning literally all of em in use right now), they simply do not have the manufacturing capability to do so, nor do the partner OEMs and ODMs building devices and motherboards.

Evidently though, Intel and partners are most certainly not free of blame: they should have informed tier 2 partners (people like OVH, DigitalOcean, AV vendors and the like) a fair bit earlier in the pipeline, and they should NOT have released patches that needed to be pulled, certainly not as mandatory install ASAP security updates. At the same time though, their hand was being forced by other researchers being on the verge of INDEPENDENTLY discovering the same vulnerability. If other researchers can discover it cleanly and independently, then you can be certain that the evil hackers and attackers are at least as close to discovering it, if they're not shipping malware using it already. Result: the decision was made to ship the buggy patch and hope not too many people get bit by the bugs.

I call bull$**t.

[Edit] Intel released the information about the security issue to (some) vendors back in June, meaning they likely knew about this well before.
Intel was aware of the issues in at least January 2017: Source
Coffee Lake was announced in Feb 2017: Source
Coffee lake was not released until October 2017: Source

Over a year to fix a critical security bug and still release another flawed processor in the mean-time? My original arguments still stand. It would have cost them a tonne of money, but they wouldn't be knowingly selling a product that is essentially broken.
 
Last edited:
Joined
Jul 31, 2014
Messages
481 (0.13/day)
System Name Diablo | Baal | Mephisto | Andariel
Processor i5-3570K@4.4GHz | 2x Xeon X5675 | i7-4710MQ | i7-2640M
Motherboard Asus Sabertooth Z77 | HP DL380 G6 | Dell Precision M4800 | Lenovo Thinkpad X220 Tablet
Cooling Swiftech H220-X | Chassis cooled (6 fans + HS) | dual-fanned heatpipes | small-fanned heatpipe
Memory 32GiB DDR3-1600 CL9 | 96GiB DDR3-1333 ECC RDIMM | 32GiB DDR3L-1866 CL11 | 8GiB DDR3L-1600 CL11
Video Card(s) Dual GTX 670 in SLI | Embedded ATi ES1000 | Quadro K2100M | Intel HD 3000
Storage many, many SSDs and HDDs....
Display(s) 1 Dell U3011 + 2x Dell U2410 | HP iLO2 KVMoIP | 3200x1800 Sharp IGZO | 1366x768 IPS with Wacom pen
Case Corsair Obsidian 550D | HP DL380 G6 Chassis | Dell Precision M4800 | Lenovo Thinkpad X220 Tablet
Audio Device(s) Auzentech X-Fi HomeTheater HD | None | On-board | On-board
Power Supply Corsair AX850 | Dual 750W Redundant PSU (Delta) | Dell 330W+240W (Flextronics) | Lenovo 65W (Delta)
Mouse Logitech G502, Logitech G700s, Logitech G500, Dell optical mouse (emergency backup)
Keyboard 1985 IBM Model F 122-key, Ducky YOTT MX Black, Dell AT101W, 1994 IBM Model M, various integrated
Software FAAAR too much to list
I call bull$**t.

Intel was aware of the issues in at least January 2017: Source

It takes a while to go from PoC to an actual, workable attack. If you measure strictly by similar attacks, you can go all the way back to 2002 for the first ones using this technique. All were silently mitigated without a big aanouncement. By the time June came about, KAISER was being quietly released to counter Gruss' particular variant. Problem was that KAISER was incomplete when presented Horn's more extensive set of attacks, which only came about in June.. and those obviously needed even more patches.

Coffee Lake was announced in Feb 2017: Source
Coffee lake was not released until October 2017: Source

For big chips like CPUs, you can easily finish tape-out a full year ahead of hitting retail. Either ways, do you really think anyone, be it Intel, AMD, nVidia, IBM or ARM would have cancelled their launches?

Over a year to fix a critical security bug and still release another flawed processor in the mean-time? My original arguments still stand.

Oh, this is just the beginning mate. There'll be even more attacks that 'sploit hardware features in the years to come: the security industry has just started having fun pwning CPUs, and this is just the low-hanging fruit.

PS: ARM was aware of the CPU faults just as much as Intel, for about as long and they happily announced the Cortex-A75 on 29 May 2017. These cores haven't even shipped in a real product yet (they will be in 2018) and ARM has not announced that they will be changing the core to mitigate.[/QUOTE]
 
Joined
Oct 30, 2008
Messages
1,901 (0.32/day)
Processor 5930K
Motherboard MSI X99 SLI
Cooling WATER
Memory 16GB DDR4 2132
Video Card(s) EVGAY 2070 SUPER
Storage SEVERAL SSD"S
Display(s) Catleap/Yamakasi 2560X1440
Case D Frame MINI drilled out
Audio Device(s) onboard
Power Supply Corsair TX750
Mouse DEATH ADDER
Keyboard Razer Black Widow Tournament
Software W10HB
Benchmark Scores PhIlLyChEeSeStEaK
Lets face it, anyone trying to use these exploits isn't going after you or me. They are going after bigger fish, I think by waiting as long as possible they saved a few companies from more pain as the hackers had less time to work on it.
 
Joined
Nov 1, 2008
Messages
4,213 (0.71/day)
Location
Vietnam
System Name Gaming System / HTPC-Server
Processor i7 8700K (@4.8 Ghz All-Core) / R7 5900X
Motherboard Z370 Aorus Ultra Gaming / MSI B450 Mortar Max
Cooling CM ML360 / CM ML240L
Memory 16Gb Hynix @3200 MHz / 16Gb Hynix @3000Mhz
Video Card(s) Zotac 3080 / Colorful 1060
Storage 750G MX300 + 2x500G NVMe / 40Tb Reds + 1Tb WD Blue NVMe
Display(s) LG 27GN800-B 27'' 2K 144Hz / Sony TV
Case Xigmatek Aquarius Plus / Corsair Air 240
Audio Device(s) On Board Realtek
Power Supply Super Flower Leadex III Gold 750W / Andyson TX-700 Platinum
Mouse Logitech G502 Hero / K400+
Keyboard Wooting Two / K400+
Software Windows 10 x64
Benchmark Scores Cinebench R15 = 1542 3D Mark Timespy = 9758
Lets face it, anyone trying to use these exploits isn't going after you or me. They are going after bigger fish, I think by waiting as long as possible they saved a few companies from more pain as the hackers had less time to work on it.

You think that if someone could write a java based program that could steal peoples banking information just by visiting a website running the code, the wouldn't?
Even if this turns out to be infeasible, think about where all of your e-mails, backups, etc. are stored.
 
Joined
Feb 3, 2017
Messages
3,831 (1.33/day)
Processor Ryzen 7800X3D
Motherboard ROG STRIX B650E-F GAMING WIFI
Memory 2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s) INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage 2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s) 42" LG C2 OLED, 27" ASUS PG279Q
Case Thermaltake Core P5
Power Supply Fractal Design Ion+ Platinum 760W
Mouse Corsair Dark Core RGB Pro SE
Keyboard Corsair K100 RGB
VR HMD HTC Vive Cosmos
Intel was aware of the issues in at least January 2017: Source
That is not what you source (or any other source) says. All the dates in that source are January 2018.
 
Joined
Nov 1, 2008
Messages
4,213 (0.71/day)
Location
Vietnam
System Name Gaming System / HTPC-Server
Processor i7 8700K (@4.8 Ghz All-Core) / R7 5900X
Motherboard Z370 Aorus Ultra Gaming / MSI B450 Mortar Max
Cooling CM ML360 / CM ML240L
Memory 16Gb Hynix @3200 MHz / 16Gb Hynix @3000Mhz
Video Card(s) Zotac 3080 / Colorful 1060
Storage 750G MX300 + 2x500G NVMe / 40Tb Reds + 1Tb WD Blue NVMe
Display(s) LG 27GN800-B 27'' 2K 144Hz / Sony TV
Case Xigmatek Aquarius Plus / Corsair Air 240
Audio Device(s) On Board Realtek
Power Supply Super Flower Leadex III Gold 750W / Andyson TX-700 Platinum
Mouse Logitech G502 Hero / K400+
Keyboard Wooting Two / K400+
Software Windows 10 x64
Benchmark Scores Cinebench R15 = 1542 3D Mark Timespy = 9758
Top