News [ZDNet] Researchers discover and abuse new undocumented feature in Intel chipsets
- Thread starter Hitman928
- Start date
- May 4, 2000
- 16,069
- 7,365
- 146
Intel has had a rough couple of years with security bugs / concerns.
I hope their next CPU architecture totally fixes all of them.
I hope their next CPU architecture totally fixes all of them.
VirtualLarry
No Lifer
- Aug 25, 2001
- 55,096
- 9,144
- 126
Backdoors, backdoors, and more backdoors, in the Evil Empire's chips. Is anyone really surprised? Does the emperor know he needs a new wardrobe?
Nintendo started as a playing-card company, that moved into electronics and video games. Maybe Intel will be a computer chip company, that moves into making playing cards instead. 'cause they're not so great at creating chips, apparently, with any sort of usable security.
Or perhaps they should move their base of operations to Wisconsin, and start making Swiss Cheese. Something that they're already good at.
Nintendo started as a playing-card company, that moved into electronics and video games. Maybe Intel will be a computer chip company, that moves into making playing cards instead. 'cause they're not so great at creating chips, apparently, with any sort of usable security.
Or perhaps they should move their base of operations to Wisconsin, and start making Swiss Cheese. Something that they're already good at.
I wouldn't be the least bit surprised to find out that the U.S. government required all these backdoors and security vulnerabilities. The past couple years certainly haven't been good for Intel. It's been a great opportunity for AMD to catch up which in turn is great for us all. Hopefully both AMD and Intel will double down on security and we'll have both competition and secure devices.
Last edited:
IntelUser2000
Elite Member
- Oct 14, 2003
- 8,642
- 3,730
- 136
This quote is from the researcher:
There was another report that said the biggest reason for security breaches and customer information loss is due to employees of the company themselves.
The problem is the combination of fast decline in trust and over abundant reliance on computers. Total security is impossible. It requires the designers be paranoid from the concept stage to production. Seems to be just a step away from the dystopian future where absolutely everyone is seen as a criminal and an enemy.
The real losers are always the people trying to live in a lawful, honest way.
Mere 10 years ago such problems weren't even considered. For Spectre and Meltdown a google report said disabling it altogether might be the only safe choice.
There was another report that said the biggest reason for security breaches and customer information loss is due to employees of the company themselves.
The problem is the combination of fast decline in trust and over abundant reliance on computers. Total security is impossible. It requires the designers be paranoid from the concept stage to production. Seems to be just a step away from the dystopian future where absolutely everyone is seen as a criminal and an enemy.
The real losers are always the people trying to live in a lawful, honest way.
DrMrLordX
Lifer
- Apr 27, 2000
- 20,632
- 9,751
- 136
Requires physical access. It might be bad for people who run highly-sensitive, air-gapped networks that are under attack from physical intrusion. Or maybe an infected USB could carry out an attack. Spectre and Meltdown were much worse.
fleshconsumed
Diamond Member
- Feb 21, 2002
- 6,407
- 2,104
- 136
I'm dumping my intel hardware for Ryzen, in part because of these security holes/backdoors. Screw that.
This is very similar to those AMD exploits that needed physical access and flashing with evil firmware, meh. At least no one is blaming the source of the information this time.
amd6502
Senior member
- Apr 21, 2017
- 971
- 360
- 136
If you truly care about security never ever ever EVER plug your androde telephone into your computer, whether it is to recharge or the convenience of uploading photos.
A compromised androde or iphone in the USB does count as physical access. And you can pretty much count on the possibility that it is infected (acorn socs are one of the lousiest for security, and they don't get patched or maintained as much as x86).. Heck the old ARM 2 cpus were bullet proof and secure, which is not something you can say for modern day ARM socs; I pine for these days: https://www.theinquirer.net/inquirer/news/3064969/acorn-computers-risc-os-finally-goes-open-source
Last edited:
The difference is with the AMD exploit:
- The researchers decided to tell the world about the exploit before giving AMD any real time to even investigate their claims let alone come up with fixes. This is very much against industry standards.
- Tried to make the exploit seem far more serious that it was in the wake of the Spectre reveal.
- Claimed at least certain attack points were unfixable or would take a very long time (AMD had fixes out pretty quick in the end).
- Tried to use it to promote their startup.
Because of these reasons, people started to question who they were and their motivation. I think the first point was probably the biggest issue.
the first point was the only real issue (and with a good reason, as you said is against industry standards), the others were not know or just expeculations at that time. The general reaction to that "security problem" in the public was not normal and beyond anything i seen in my life, to the point there was people saying that was all a lie and went as far as to search for the stock photos they used with the green screen, that was too much.
Anyway, i said the same back in that day and im going to say the same again now, to me anything that needs physical access for wharever reason, and even worse, firmware flashing, is not a security leak(Specially in a world with daily side channel exploits.), there is a tons of things i can do with physical access, specially if i can bring the system down for firmware flashing.
Last edited:
Please don't try to validate the 'company' that tried that stunt. It's very disingenuous to attack the response to their 'operation'.
I agree that the exploit reveal itself isn't a big deal given that it's already patched and requires physical access, but I think the more interesting part is that it was discovered in a completely undocumented part of the chip.
Agree. It at best a theoretical issue affecting large data centers and nation states but not us average Joe. Also psyhcial access is a huge part of IT security (which often gets neglected).
DrMrLordX
Lifer
- Apr 27, 2000
- 20,632
- 9,751
- 136
I'm kind of wondering if the VISA exploits will ever be fixable (in existing hardware). AMD's problems, as you stated, could be patched.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
|
Question Has much research been done into the real-world effectiveness of ADL E-cores? | CPUs and Overclocking | 9 |
TRENDING THREADS
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 20K
-
Solved! Speculation: Zen 4 (EPYC 4 "Genoa", Ryzen 7000, etc.)- Started by Vattila
- Replies: 12K
-
-
-
Question Geekbench 6 released and calibrated against Core i7-12700
- Started by igor_kavinski
- Replies: 275
Facebook
Twitter