It's more like the other way around. The NSA knew about this long ago but didn't tell Intel.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Intel Didn't Tell U.S. Government About Meltdown and Spectre Until Vulnerabilities Went Public
- Thread starter MacRumors
- Start date
- Sort by reaction score
How do you deal with a structural problem manifested over generations of developers in chip design?
it's like trying to rebuild Windows or Unix in one day, too complex and many things won't work anymore.
Of course, the possible measures taken are only cosmetic. Already this cosmetics has noticeably slowed down operations in some applications (CAD on PC).
Also, stopping browser-driven Java scripts is ridiculous cosmetic. The problem will remain. The processor architecture copied by all majors is no longer "reformable".
The business with the secret services was certainly running at full speed. Somebody's always a usufructuary. They are also the only ones that currently use tools to read out passwords. Even in the hacker scene, these are not available on the market. Too hot.
it's like trying to rebuild Windows or Unix in one day, too complex and many things won't work anymore.
Of course, the possible measures taken are only cosmetic. Already this cosmetics has noticeably slowed down operations in some applications (CAD on PC).
Also, stopping browser-driven Java scripts is ridiculous cosmetic. The problem will remain. The processor architecture copied by all majors is no longer "reformable".
The business with the secret services was certainly running at full speed. Somebody's always a usufructuary. They are also the only ones that currently use tools to read out passwords. Even in the hacker scene, these are not available on the market. Too hot.
From what I heard on NPR, Intel first disclosed the info to a few select companies including Chinese ones and it was said Chinese Intelligence was almost certainly aware of that info due to this, in essence ahead of the US government.
Here’s a Walstreet Journal article on that:
https://www.wsj.com/articles/intel-...f-chip-flaws-before-u-s-government-1517157430
Here’s a Walstreet Journal article on that:
https://www.wsj.com/articles/intel-...f-chip-flaws-before-u-s-government-1517157430
Last edited:
Yeah, sure. And AMD, ARM, Microsoft, Apple, Google etc. all kept it secret to protect Intel. Keeping security holes secret until they are plugged is only done to protect the brand. [/sarcasm]
We should really be grateful that you are not in charge in the software industry.
[doublepost=1519378445][/doublepost]
From all the security vulnerabilities that have become public, the Meltdown and Spectre group is probably the least likely to have been a plant. You make the classic mistake of assuming that the larger an event is, the larger the intention must have been behind it. In earlier times, when a catastrophe struck (natural disasters, epidemics), humans also attributed it to a higher force, and the larger the catastrophe was, the most certain people were of the involvement of intention behind it.
Its almost like you believe theres some kind of difference between the “sides”
Who is in hysterics? The media? That is what they do. They create drama because it sells.
That would be great. US spies are an enemy to US citizens and mankind. Anything that takes away their power is good.
I’m not republican but come on now. lol like the government was perfect before Trump was elected?
I’m not a fan of the government either but with the security risks these threats posed not only to US citizens but governments as well, it was warranted for Intel to at least give a heads up before it went public.
Impossible to tell whether Intel wouldn't have done so if it hadn't been leaked prematurely. Intel might very well have told the government a couple of days before they went public if they had been able to roll out all the fixes they wanted to roll out.
[doublepost=1519393651][/doublepost]
There is no way of knowing that. The NSA aren't Superman that finds all flaws before the dedicated security researchers in the private sector.
Asking questions is displeasing to you? That must be rough.
I simply was questioning who Intel had disclosed to, if they had disclosed to other governments, and whether they were being consistent. This article was centered around the US Government, hence me wondering "well what about other governments".
As I read more about Intel's response, it appears as though they did a decent job of being consistent with their methodology.
I'd like to think it was because Intel knew they would be *******s and add them to their toolbox. Likely not the case unfortunately.
If I were Intel I wouldn't give them advanced notice either.
If I were Intel I wouldn't give them advanced notice either.
The equations group, their top secret group exposed by Kaspersky a few years back (hence the intelligence agencies disgusting attacks on the company) is considered the absolute best of the best when it comes to researching vulnerabilities.
Now, are we supposed to believe that the agencies that designed the "clipper chip" in the 1990's haven't decided to embed their personal in the encryption standards bodies after the spectacular failure of the chip program?
Of course this isn't proof of anything, but simply put I do not put any trust into any extra-legal US agencies, given the last oh....70 years of history for my reasoning.
This is such ********. Just a thin veil for the fact that a three letter organization made Intel put the vulnerability there in the first place. Everything after is just cover-ass.
Just because they might be the best, doesn't mean they would be anywhere close to finding all the flaws. If critical open-source software (eg, SSL/TSL) can have severe bugs for years with every security researcher on the planet having access to the source code, then a subset of them (ie, the NSA), even if they are the best, that won't always have access to the source code, will be far from able to find most of them.
To paraphrase a leading expert in another field: "The number of possible mixtures of chemicals is infinite. The number of grad students however is finite.".
Because all it takes, is for them to decide they want it. Because that worked so well for them with the clipper chip.
The intelligence bodies have kept trying, but given how much they have been griping about Apple's and others' encryption tools in recent years, they definitely haven't got what they wanted.
Sure, they haven't given up trying. But you trusting that they probably knew about all major existing flaws before they got revealed, is as unrealistic as trusting that fully patched software doesn't have any flaws that are being exploited.
FWIW it's likely our tax dollars were already at work here. Funded from DoC, NIST, and DARPA. Under acknowledgements (emphasis mine):
