Backdoors, backdoors, and more backdoors, in the Evil Empire's chips. Is anyone really surprised? Does the emperor know he needs a new wardrobe?
Nintendo started as a playing-card company, that moved into electronics and video games. Maybe Intel will be a computer chip company, that moves into making playing cards instead. 'cause they're not so great at creating chips, apparently, with any sort of usable security.
Or perhaps they should move their base of operations to Wisconsin, and start making Swiss Cheese. Something that they're already good at.
As Ermolov said yesterday, VISA is not a vulnerability in Intel chipsets, but just another way in which a useful feature could be abused and turned against users.
Requires physical access. It might be bad for people who run highly-sensitive, air-gapped networks that are under attack from physical intrusion. Or maybe an infected USB could carry out an attack. Spectre and Meltdown were much worse.
This is very similar to those AMD exploits that needed physical access and flashing with evil firmware, meh. At least no one is blaming the source of the information this time.
The difference is with the AMD exploit:
- The researchers decided to tell the world about the exploit before giving AMD any real time to even investigate their claims let alone come up with fixes. This is very much against industry standards.
- Tried to make the exploit seem far more serious that it was in the wake of the Spectre reveal.
- Claimed at least certain attack points were unfixable or would take a very long time (AMD had fixes out pretty quick in the end).
- Tried to use it to promote their startup.
Because of these reasons, people started to question who they were and their motivation. I think the first point was probably the biggest issue.
Please don't try to validate the 'company' that tried that stunt. It's very disingenuous to attack the response to their 'operation'.the first point was the only real issue (and with a good reason, as you said is against industry standards), the others were not know or just expeculations at that time. The general reaction to that "security problem" in the public was not normal and beyond anything i seen in my life, to the point there was people saying that was all a lie and went as far as to search for the stock photos they used with the green screen, that was too much.
Anyway, i said the same back in that day and im going to say the same again now, to me anything that needs physical access for wharever reason, and even worse, firmware flashing, is not a security leak(Specially in a world with daily side channel exploits.), there is a tons of things i can do with physical access, specially if i can bring the system down for firmware flashing.
Anyway, i said the same back in that day and im going to say the same again now, to me anything that needs physical access for wharever reason, and even worse, firmware flashing, is not a security leak(Specially in a world with daily side channel exploits.), there is a tons of things i can do with physical access, specially if i can bring the system down for firmware flashing.
Requires physical access. It might be bad for people who run highly-sensitive, air-gapped networks that are under attack from physical intrusion. Or maybe an infected USB could carry out an attack. Spectre and Meltdown were much worse.
The difference is with the AMD exploit:
- The researchers decided to tell the world about the exploit before giving AMD any real time to even investigate their claims let alone come up with fixes. This is very much against industry standards.
- Tried to make the exploit seem far more serious that it was in the wake of the Spectre reveal.
- Claimed at least certain attack points were unfixable or would take a very long time (AMD had fixes out pretty quick in the end).
- Tried to use it to promote their startup.
Because of these reasons, people started to question who they were and their motivation. I think the first point was probably the biggest issue.