• Guest, The rules for the P & N subforum have been updated to prohibit "ad hominem" or personal attacks against other posters. See the full details in the post "Politics and News Rules & Guidelines."

Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 52 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

DrMrLordX

Lifer
Apr 27, 2000
17,029
5,993
136
I guess Intel figured, if Google and Amazon already knew, they should hit Alibaba and Lenovo up next. Gub'ment either doesn't buy enough chips to matter, or spies on Google/Amazon enough to already know.

Still seems kinda weird, but it makes sense in a twisted conspiracy-thinking kind of way.

Score one for tinfoil-hat mentality.
 

hnizdo

Member
Aug 11, 2017
33
16
41
Intel rightfully feared that government is not to able to keep the secret.
Or to keep the secret for itself only? ;)
 

csbin

Senior member
Feb 4, 2013
834
339
136

US Lawmakers to Pull Up Intel, ARM, Microsoft, and Amazon for Spectre Secrecy


https://www.techpowerup.com/241032/us-lawmakers-to-pull-up-intel-arm-microsoft-and-amazon-for-spectre-secrecy


In the wake of reports surrounding the secrecy and selective disclosure of information related to the Meltdown and Spectre vulnerabilities leading up to the eventual January 3 public release, US lawmakers are unhappy with leading tech firms Intel, Microsoft, ARM, Apple, and Amazon. The four companies, among a few unnamed others, are being pulled up by a house committee over allegations of selective access of vital information that caught many American companies off guard on the January 3rd. Barring a few tech giants, thousands of American companies were unaware, and hence unprepared for Meltdown and Spectre until January 3, and are now spending vast resources to overhaul their IT infrastructure at breakneck pace.

In letters such as this one, addressed to CEOs of big tech firms, lawmakers criticized the secrecy and selective disclosure of information to safeguard IT infrastructure, which has left thousands of American companies out in the lurch, having to spend vast amounts of money securing their infrastructure. "While we acknowledge that critical vulnerabilities such as these create challenging trade-offs between disclosure and secrecy, as premature disclosure may give malicious actors time to exploit the vulnerabilities before mitigations are developed and deployed, we believe that this situation has shown the need for additional scrutiny regarding multi-party coordinated vulnerability disclosures," they write.
 

naukkis

Senior member
Jun 5, 2002
418
273
136
So Intel panicked so badly that they published unstable microcode for their CPU's, even for server grades. Is there any quality control at all left in Intel?

Wonder why there ain't more jokes about that patch, Intel turned mostly good CPU's into unstable junk because fear of Spectre.....
 

PingSpike

Lifer
Feb 25, 2004
21,444
357
126
The weirdest part is Intel was told about the vulnerability 7 months ago so the panic thing doesn't even make sense. Meltdown was clearly the worse problem, but I kind of doubt the people Intel had submitting patches to linux kernel and advising Microsoft are the same ones developing microcode updates so it doesn't seem like it should even be a manpower thing.

Was their plan was to just ignore the other spectre variants altogether and hope their PR well poisoning made everyone throw up their hands and accept things? And then they changed course and crapped out some untested fixes?
 

LTC8K6

Lifer
Mar 10, 2004
28,523
1,573
126
The weirdest part is Intel was told about the vulnerability 7 months ago so the panic thing doesn't even make sense. Meltdown was clearly the worse problem, but I kind of doubt the people Intel had submitting patches to linux kernel and advising Microsoft are the same ones developing microcode updates so it doesn't seem like it should even be a manpower thing.

Was their plan was to just ignore the other spectre variants altogether and hope their PR well poisoning made everyone throw up their hands and accept things? And then they changed course and crapped out some untested fixes?
How about, Intel already knew, and already had fixed silicon in the pipeline, and was trying to hold out until the fixed chips could be launched... :D

Then they could say "Yes, but we already have revised chips..."
 

ZGR

Golden Member
Oct 26, 2012
1,864
281
126
I think the debate now is how Intel will patch this. I am skeptical it is an actual architectural change, but I would be pleasantly surprised.
 

LTC8K6

Lifer
Mar 10, 2004
28,523
1,573
126
I think the debate now is how Intel will patch this. I am skeptical it is an actual architectural change, but I would be pleasantly surprised.
I think it has to be an architectural change, given the nature of the problem, and given Intel's statements. Plus the patching seems rather shaky.
 
  • Like
Reactions: Drazick

Kenmitch

Diamond Member
Oct 10, 1999
8,401
2,138
136
Just when the dust looks to be settling another storm hits the horizon. Guessing we still haven't heard the last of it yet.
 

maddie

Diamond Member
Jul 18, 2010
3,387
2,335
136
How about, Intel already knew, and already had fixed silicon in the pipeline, and was trying to hold out until the fixed chips could be launched... :D

Then they could say "Yes, but we already have revised chips..."
Hope not. If this is the true scenario, I can see Intel facing big lawsuits. Misleading customers by withholding critical information, to basically prevent a loss of sales. Criminal.
 

LTC8K6

Lifer
Mar 10, 2004
28,523
1,573
126
Hope not. If this is the true scenario, I can see Intel facing big lawsuits. Misleading customers by withholding critical information, to basically prevent a loss of sales. Criminal.
I doubt that.

I'm thinking that Intel knew that the silicon needed to be changed, but not about the specific Meltdown/Spectre exploits.
There have been reports here and there going back years about possible leaks and possible exploits.

Or possibly, Intel's newer design just happened to be different enough to not be vulnerable.

Keep in mind that no real world examples have been found of these exploits.
 
  • Like
Reactions: Drazick

richaron

Golden Member
Mar 27, 2012
1,357
329
136
I doubt that.

I'm thinking that Intel knew that the silicon needed to be changed, but not about the specific Meltdown/Spectre exploits.
There have been reports here and there going back years about possible leaks and possible exploits.

Or possibly, Intel's newer design just happened to be different enough to not be vulnerable.

Keep in mind that no real world examples have been found of these exploits.
Real world examples which have been found are a moot point. I shouldn't have to point out those which haven't been "found out" are those which people are worried about.

And obviously intel's new designs are vulnerable. Equally obvious is that intel released these new designs well after they were aware they were vulnerable.
 

LTC8K6

Lifer
Mar 10, 2004
28,523
1,573
126
Real world examples which have been found are a moot point. I shouldn't have to point out those which haven't been "found out" are those which people are worried about.

And obviously intel's new designs are vulnerable. Equally obvious is that intel released these new designs well after they were aware they were vulnerable.
I mean the designs that Intel says are coming out later this year, that have been fixed in the silicon and are not vulnerable to meltdown/spectre.
 
  • Like
Reactions: Drazick

maddie

Diamond Member
Jul 18, 2010
3,387
2,335
136
I doubt that.

I'm thinking that Intel knew that the silicon needed to be changed, but not about the specific Meltdown/Spectre exploits.
There have been reports here and there going back years about possible leaks and possible exploits.

Or possibly, Intel's newer design just happened to be different enough to not be vulnerable.

Keep in mind that no real world examples have been found of these exploits.
That is an amazingly complex path to redeeming Intel. A mental Rube Goldburg construct.

Intel knew the silicon needed to be changed without knowing about "the specific Meltdown/Spectre exploits", in your words. How is this a reasonable line of thought? They fix things that as far as they know are working well without exploits? What were the benefits to fixing this? more performance? Less power consumption? Less area?
 
  • Like
Reactions: Kuosimodo

LTC8K6

Lifer
Mar 10, 2004
28,523
1,573
126
That is an amazingly complex path to redeeming Intel. A mental Rube Goldburg construct.

Intel knew the silicon needed to be changed without knowing about "the specific Meltdown/Spectre exploits", in your words. How is this a reasonable line of thought? They fix things that as far as they know are working well without exploits? What were the benefits to fixing this? more performance? Less power consumption? Less area?
I see that I can't suggest any possibilities without you assuming that I believe it and am endorsing it as real.

There has to be some reason that Intel has repeatedly claimed to have a silicon fix coming out this year.
Even if they are late and it's out 1Q 2019, we'd both agree that is pretty fast for having been first told of the problem in June of 2017, wouldn't we?
 
  • Like
Reactions: Drazick

maddie

Diamond Member
Jul 18, 2010
3,387
2,335
136
I see that I can't suggest any possibilities without you assuming that I believe it and am endorsing it as real.

There has to be some reason that Intel has repeatedly claimed to have a silicon fix coming out this year.
Even if they are late and it's out 1Q 2019, we'd both agree that is pretty fast for having been first told of the problem in June of 2017, wouldn't we?
My point is this. How is it possible to have a fix if everything was good, if as far as they knew, no exploit was possible. A fix, by definition means correcting something. If they knew about exploits, then they're guilty of withholding critical info. Both scenarios can't be right simultaneously.

You're right that I have been assuming that you believed Intel's PR and I confess, that is a mistake by me. A straight question. Do you?
 
  • Like
Reactions: Kuosimodo

zinfamous

No Lifer
Jul 12, 2006
105,366
20,064
136
My point is this. How is it possible to have a fix if everything was good, if as far as they knew, no exploit was possible. A fix, by definition means correcting something. If they knew about exploits, then they're guilty of withholding critical info. Both scenarios can't be right simultaneously.

You're right that I have been assuming that you believed Intel's PR and I confess, that is a mistake by me. A straight question. Do you?
I think he was suggesting that the exploits were "fixed" through no intention of Intel, just through design changes. I think an exploit and a bug can be "fixed" if it isn't done so intentionally--it just means that the exploit is no longer there due to design change.

....I do find this hard to believe, however, as the new architecture coming out this year is already 1+ years old, right? Early on in this debacle, posters were saying that it really takes up to 5 years from design to release a new architecture, right? Or are these minor tweaks within the current design, for this upcoming generation, that fortuitously managed to fix the exploits?
 
  • Like
Reactions: Kuosimodo and ZGR

realibrad

Lifer
Oct 18, 2013
12,337
894
126
How about, Intel already knew, and already had fixed silicon in the pipeline, and was trying to hold out until the fixed chips could be launched... :D

Then they could say "Yes, but we already have revised chips..."
And leave all the old chips alone?
 

LTC8K6

Lifer
Mar 10, 2004
28,523
1,573
126
My point is this. How is it possible to have a fix if everything was good, if as far as they knew, no exploit was possible. A fix, by definition means correcting something. If they knew about exploits, then they're guilty of withholding critical info. Both scenarios can't be right simultaneously.

You're right that I have been assuming that you believed Intel's PR and I confess, that is a mistake by me. A straight question. Do you?
I generally don't believe any PR statements, but this particular one seems to have very little wiggle room for Intel.

We’re working to incorporate silicon-based changes to future products that will directly address the Spectre and Meltdown threats in hardware. And those products will begin appearing later this year.
Intel repeatedly said, in the beginning, that their chips were working as designed, and this was not a flaw or bug in their chips. Even I agreed with that idea initially.
That "working as designed" line might be a clue when combined with their claims now of having fixed chips coming out relatively soon.

Or Intel could simply be scrambling around trying to recover some way, any way.
 
  • Like
Reactions: Drazick

LTC8K6

Lifer
Mar 10, 2004
28,523
1,573
126
I think he was suggesting that the exploits were "fixed" through no intention of Intel, just through design changes. I think an exploit and a bug can be "fixed" if it isn't done so intentionally--it just means that the exploit is no longer there due to design change.

....I do find this hard to believe, however, as the new architecture coming out this year is already 1+ years old, right? Early on in this debacle, posters were saying that it really takes up to 5 years from design to release a new architecture, right? Or are these minor tweaks within the current design, for this upcoming generation, that fortuitously managed to fix the exploits?
I think I read somewhere that it's about as difficult to take finished silicon and go in and tweak it, as it is to make a new chip?

Anyway, Intel has made it's bed. It must now sleep in it.
 
  • Like
Reactions: Drazick

EXCellR8

Diamond Member
Sep 1, 2010
3,887
788
136
Kind of funny that governments are upset... "hey, you Intel guys messed up and now we can't keep our shady government exploits a secret because our outdated stuff is compromised, because of your shady broken stuff."

Fun fact: If Intel and its partners brought this to governing bodies and never released the information to the general public or third parties, there probably wouldn't be an issue. Sweep it under the rug and fix it now but don't worry about the consumer, they don't have to know. BUT, if that was ever discovered there would be all sorts of hypocrisy theory and a much bigger uproar.

If you ask me, the current route is the lesser of the two evils, which may be what Intel intended--damage control.
 
  • Like
Reactions: Drazick

ASK THE COMMUNITY

TRENDING THREADS