No, I don't work at Intel. I am, however, not a believer in all the government conspiracy theories floating around the Internet. Mark On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones wrote: > Signals intelligence is believed to have been birthed in 1904. > > But exploiting hardware isn't new. For military, police, or criminal > intentions. > > You work at Intel Mark? Lol > > On Jan 11, 2018, at 9:11 AM, Mark Phillips > wrote: > > There is no conspiracy here. 23 years ago no one thought about attack > vectors and how to take over machines. It is only recently that we are all > sensitized to this problem. Even though the tech world is sensitized to the > nature of exploits, companies still ship brand new products (e.g. Nest, > cars, etc.) that can be exploited by almost anyone. It was only recently > that router and switch companies stopped using admin and admin as login > credentials! > > Your argument that these new CPU exploits are a government conspiracy can > be applied to any potential exploit discovered today in a piece of code > written yesterday. > > Mark > > On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty > wrote: > >> As mentioned earlier, I've done my share of ... um, looking for flaws in >> design of operating systems back when I was in college. (What, 1976?) >> >> We discovered some bad flaws in the design of the . How long >> had the Univac been around? I don't know, but a while. Unless someone >> with WAY too much time on their hands is actively seeking ways around >> stuff, there's only so much 'bug' you can find. (and, actually, you really >> need more than one person involved (partially so someone can ask the >> 'right' stupid question :-)) >> >> Doesn't take malice or sloppiness, and I will say being a publicly-traded >> company makes it very hard to spend the time required to even start on the >> hacking required (Being publically-traded makes your owner effectively >> insane, since your owner is actually many people, all with different and >> often diametrically opposing goals for the company). >> >> Anyway, tell you what - go read the Intel hardware docs and see if you >> can find the info needed to put together to see the bug. And this with >> prior knowledge of where to look. >> >> I will say that this doesn't excuse much, but realize that being a public >> company drives you insane ;-) >> >> Rusty >> >> -----Original Message----- >> From: PLUG-discuss [mailto:plug-discuss-bounces@lists.phxlinux.org] On >> Behalf Of techlists@phpcoderusa.com >> Sent: Thursday, January 11, 2018 8:42 AM >> To: Main PLUG discussion list >> Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW >> >> ... >> >> I've read these issues may have persisted as far back as 1995. How does >> that happen? How does an army of engineers miss this for 23 years? How >> do you explain that? >> >> That means lots of people came and went. There should have been lots of >> QA... for 23 years. >> >> How does this happen? Only two ways I can see 1) sloppy work, or 2) >> intentionally. >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss >