Government agencies issued statements warning users about the vulnerabilities.
The U.S. Computer Emergency Readiness Team said that while the flaws “could allow an attacker to obtain access to sensitive information,” it’s not so far aware of anyone doing so.
The agency urged people to read a detailed statement on the vulnerabilities by the Software Engineering Institute, a U.S.-government funded body that researches cybersecurity problems.
The institute said that “fully removing the vulnerability requires replacing vulnerable [processor] hardware.”
is anything other hyperbolic claptrap Intel is in more trouble than I thought. Intel’s stock seems to be holding so fingers crossed. However, even after the issues have been patched and the lawsuits dealt with Intel’s problems won’t be over. First, recent stock sales by Intel managers are beginning to be scrutinized. From Ars Technica:
Brian Krzanich, chief executive officer of Intel, sold millions of dollars’ worth of Intel stock—all he could part with under corporate bylaws—after Intel learned of Meltdown and Spectre, two related families of security flaws in Intel processors.
While an Intel spokesperson told CBS Marketwatch reporter Jeremy Owens that the trades were “unrelated” to the security revelations, and Intel financial filings showed that the stock sales were previously scheduled, Krzanich scheduled those sales on October 30. That’s a full five months after researchers informed Intel of the vulnerabilities. And Intel has offered no further explanation of why Krzanich abruptly sold off all the stock he was permitted to.
They’re saying it was a coincidence but they would, wouldn’t they?
Additionally, diversifying the processor ecosystem is now being proposed as a risk mitigation strategy. That’s something I wrote about some time ago. That’s bad news for Intel potentially forever.
Even if the stock sales were ‘previously scheduled,’ doing so after receipt of non-public information this serious is not a place I’d like to be.
The thing is, we’ve HAD “diversifying the processor ecosystem”. Intel comes out with a new CPU or a variant about once a year, or maybe once a month (stealing from Anandtech.com last month, “Intel on Monday introduced its next-generation Pentium Silver and Celeron platform and processors. These processors are under the codename ‘Gemini Lake’ and are focused on low-power platforms for inexpensive …”) AMD hasn’t been quite that venturesome, but it’s been releasing new CPU designs every couple of years since the industry started marketing 64-bit chips. ARM produces new chips, IBM is marketing POWER8 chips for servers, even Zilog is still floating around out there.
And what’s shocking is just how close all these designs turn out to be, as like peas in a pod, so they suffer the same vulnerabilities after decades of separate development. Isn’t free market capitalism supposed to lead to diversity and ever-increasing capability?