Hack Brief: Intel Fixes a Critical Bug That Lingered for 7 Dang Years

[Chiefcrowe]

https://www.wired.com/2017/05/hack-brief-intel-fixes-critical-bug-lingered-7-dang-years

 

[John Connor]

I wonder how vulnerable banks and bitcoin wallet companies like coinbase are?

 

[John Connor]

Here's more in depth Info. and a tool to check your CPU. https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

 

[XavierMace]

I wonder how vulnerable banks and bitcoin wallet companies like coinbase are?

To make use of this vulnerability the attacker has to have already breached your network, therefore you've already failed at life. If it wasn't this, it would be something else at that point. It's dumb that it took them 7 years to fix it but the fact that in 7 years you haven't heard of it actually being used tells you the issue is now being blown out of proportion. There's generally far easier ways to breach a network.

I'd be far more concerned with the grossly outdated software many banks run and how easy they are to social engineer. At least the small/medium ones. I can't speak to the major ones (Chase, BofA, etc).

 

[John Connor]

To make use of this vulnerability the attacker has to have already breached your network

Yeah, did read that.

It's like Wordpress right now. There is a current Admin vulnerability and it was shown to Wordpress several years ago, but nothing done. So finally the person who discovered it went public. Wordpress has more damn vulnerabilities. I use WP and phpBB and phpBB's code is way more solid than Wordpress. In fact, as far as phpBB knows, no one has breached its security other than a mismanaged server. The code is pretty well written.

 

[Chiefcrowe]

Thank you for posting that John Connor! my pc does not have the firmware update released yet - I'll keep checking.

 

[bononos]

This was discussed last year, some posters as expected preferred to be in denial:
https://forums.anandtech.com/threads/cpu-backdoor-within-a-intel-cpu.2477869/