Sorry to be rude, but your logic doesn't work.
Right.
If someone is able to discover a security issue, it's proof that the issue can be found.
It took 30+ years to find this one. I'd call that pretty damn hard to find. Telling everyone where and how to find it makes it just a TINY BIT easier for criminals to find it world wide. What do you think every hacker on the planet that wants to create malware is doing right now as a direct result of them publishing their find publicly??? Even if one or two other people (NSA or some foreign counterpart) knew about it before this, NOW every two bit criminal from here to Hong Kong knows about it thanks to publishing it publicly!
Assuming nobody else in the world ever found it is simply foolish.
That's NOT what I'm saying at all. I'm saying don't tell everyone else about it too! Your so-called logic is ridiculous. I'm saying keep the damn find private until fixes are available. Don't hand the information to every hacker and criminal on the planet by PUBLISHING THE TECHNICAL DATA. Hand it over quietly and privately to Intel, Apple and Microsoft and a few others that are responsible for the fix. Don't announce the defect to the whole damn planet (by publishing it) so as to enable hackers to find something they might have never found on their own. You and others apparently think it's a great idea to have "Free Information" even if it means the end of civilization. Some things should not be public knowledge, at least not until fixes are freely available and a new chip is ready to replace truly important computers. Instead, it's now a race to the bottom! I'm saying THAT is utterly UTTERLY
STUPID!
What you can argue is that the information is not widespread, and on that I agree, but assuming it's simply not available on the wild is just foolish.
Keep using the word foolish as if that makes the things you're saying sound any less stupid to me.
There are ways to exploit it without leaving traces and those who likely discovered it to break into computer systems are also likely to do that in a way you cannot figure out.
What does that have to do with these guys telling every single criminal on the planet about this flaw??? You think there 'might' be someone that already knows about the flaw and so it's OK to tell EVERYONE about the flaw so hackers everywhere can race to make a malware kit and ransack computers before fixes can be made and released (IF they can be made in Spectre's case)??? That is what you're telling me....
This idea that some how some way some way someone already knew about it, exploited it and is secretly holding every computer on the planet hostage is a load of horse crap! Even IF they were true, that doesn't mean we now want every two-bit hacker to create their own malware kits!
I still don't see fixes from Apple and others. Firefox is the only software I've seen include it so far (Chrome says they'll get to it towards the end of the month...maybe). Great! Good luck with that.
You are mistaken. The researchers
did follow responsible disclosure:
Your idea of "responsible" disclosure leaves a lot to be desired. The thinking about most malware goes that if they tell everyone about it, people will be FORCED to do something about it plus some companies offer rewards for finding flaws. The problem here is that there's precious little to be done about Spectre and now it's a race to see if they even CAN do something about it short of replacing your entire computer and every device you own versus hackers by the hundreds or even thousands looking for a way, ANY way to exploit this to make MONEY from your misery!
But that's
responsible to publicly publish the technical details so they can get started on those hacks immediately...right.
