Intel Responds Meltdown and Spectre @intel #Meltdown #Spectre

Adafruit 3296
Meltdown and Spectre are here, along with new logos. Meltdown and Spectre exploit critical vulnerabilities in modern processors.  Intel Responds to Security Research Findings is the full statement, here are a coupla’ gems-

Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect.

Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

… Intel is making this statement today because of the current inaccurate media reports.

“Average computer user” is hard to really say now, we’re all on the cloud in some way, none of us are average computer users, because our computers are not “ours.” It’s not like I can go down to CompUsa and get a new processor, pop the ones out of my laptop and/or phone and swap in a new one, those days are long gone. Well, mostly.

As far as when Intel knew about this, apparently, June 2017. Intel CEO Brian Krzanich sold ALL shares in Intel besides the mandatory required shares in November 2017. Nothing weird about that, maybe. The optics are not great, at least keep more than the minimum, the signal that is sent is “I have some much faith in Intel’s future, I will only do the minimum required.” That combined with a bit of PR blunder from Intel likely looks crummy to industry and the Intel employees.

Adafruit 3297
Looks like the stock is dropping fast now.

CNBC

Krzanich said the entire industry was planning to publish the data security issue once the fix was in place — but the problem leaked early. “Why did it leak ahead of time? Somebody was doing some updates on a Linux kernel and they improperly posted that this was due to this flaw,” Krzanich said. “That’s why we’re responding to it today.”

I’m going to keep an eye on what the other chip makers and OS makers say, AMD processors, overview perhaps not-as affected & for Arm, not as much, but (maybe) Cortex-A75, Cortex-A73, Cortex-A72, Cortex-A57-, Cortex-A17, and Cortex-A9. For cloud services looks like AWS is getting an update and a reboot on Friday. MacOS is updated as of version 10.13.12. Microsoft doing an update now.

Linus Torvalds has opinions on this –

I think somebody inside of Intel needs to really take a long hard look at their CPU’s, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be written with “not all CPU’s are crap” in mind.

Or is Intel basically saying “we are committed to selling you sh*t forever and ever, and never fixing anything”?

Google has a good overview here “Today’s CPU vulnerability: what you need to know.” & Project Zero.