Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel Responds To Alleged Chip Flaw, Claims Effects Won't Significantly Impact Average Users (hothardware.com)

Posted by BeauHD on from the brushed-under-the-rug dept.

An anonymous reader quotes a report from Hot Hardware: The tech blogosphere lit up yesterday afternoon after reports of a critical bug in modern Intel processors has the potential to seriously impact systems running Windows, Linux and macOS. The alleged bug is so severe that it cannot be corrected with a microcode update, and instead, OS manufacturers are being forced to address the issue with software updates, which in some instances requires a redesign of the kernel software. Some early performance benchmarks have even suggested that patches to fix the bug could result in a performance hit of as much as 30 percent. Since reports on the issues of exploded over the past 24 hours, Intel is looking to cut through the noise and tell its side of the story. The details of the exploit and software/firmware updates to address the matter at hand were scheduled to go live next week. However, Intel says that it is speaking out early to combat "inaccurate media reports."

Intel acknowledges that the exploit has "the potential to improperly gather sensitive data from computing devices that are operating as designed." The company further goes on state that "these exploits do not have the potential to corrupt, modify or delete data." The company goes on to state that the "average computer user" will be negligibly affected by any software fixes, and that any negative performance outcomes "will be mitigated over time." In a classic case of trying to point fingers at everyone else, Intel says that "many different vendors' processors" are vulnerable to these exploits. You can read the full statement here.

10 of 375 comments (clear)

  1. why are non broken AMD chips flagged intel? by Joe_Dragon · · Score: 3, Insightful

    why are non broken AMD chips flagged intel?

  2. Re:Performance by Anonymous Coward · · Score: 5, Insightful

    "Intel believes its products are the most secure in the world"

    Jerry, just remember: it's not a lie if you believe it

  3. Heard this before by Jason1729 · · Score: 3, Insightful

    When they had the Pentium floating point division bug they also said it wouldn't affect the average user. All they did was piss off their customers before they recalled the chips anyway.

    Some people never learn.

  4. "[Cannot]...corrupt, modify, or delete data"?? by Anonymous Coward · · Score: 5, Insightful

    If the 'sensitive information' they can gather includes credentials or tokens the user wouldn't otherwise have access to, it sure as shit allows modification of data

  5. PR lies by gweihir · · Score: 5, Insightful

    Does not "corrupt, modify or delete data". Yes, nice. It can just steal your passwords and encryption keys and then use them to do that corruption, modification or deletion. A shameless lie by misdirection. Intel has no honor at all.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  6. Too bad I went with AMD by Anonymous Coward · · Score: 3, Insightful

    Now I have nothing to complain about. Get the same performance with a much lower price.

  7. Re:Can we pause the Panic Parade, please? by EndlessNameless · · Score: 3, Insightful

    The Linux and Windows kernels are being rewritten in a rather complicated fashion, which includes a performance hit. These changes will have a bigger impact than a typical security patch. No one wants to do something like this unless it is truly necessary.

    If all of the developers who have the details agree that something needs to be done, I'm willing to go along with it. When the guys who build something are worried about it falling over, you pay attention.

    I would rather not see a POC until a patch is released, tested, and deployed. The implications of this bug are dire, and malware authors can turn a POC into real-world malware in under 48 hours---simple, historical fact.

    Vendors have seen security patches reverse-engineered to produce malware within a week, so I'd be inclined to push this onto workstations and public-facing servers ASAP. Full details aren't available publicly yet, so maybe the danger is overblown. But it looks very bad right now, all things considered.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  8. mitigated over time by fahrbot-bot · · Score: 3, Insightful

    ... any negative performance outcomes "will be mitigated over time."

    Meaning, when you buy a new CPU or computer - i.e. "fixed in the next release".

    --
    It must have been something you assimilated. . . .
  9. Re:It's not a bug, it's a design decision by 110010001000 · · Score: 4, Insightful

    All hardware is "shared". Javascript in your browser can read other processes memory. You aren't safe. Any website can exploit this.

  10. Re:Not just Intel, also AMD and ARM by HiThere · · Score: 4, Insightful

    Based on other comments above, there is a fair chance you misunderstand the nature of the bug. It is reported that AMD validates requests for speculative execution before executing them, and Intel validates them afterwards. The bug is supposedly that it's possible to read the results of the speculative execution before the Intel chip notices that they were improperly executed. If that is so, then the AMD chips do *not* have this particular bug.

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.