Re: Post : INTEL’S SECURITY FLAW IS NO FLAW

Matthew Crews mailinglists at mattcrews.com
Thu Jan 11 12:33:52 MST 2018


>-------- Original Message --------
>Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
>Local Time: January 11, 2018 10:36 AM
>UTC Time: January 11, 2018 5:36 PM
>From: techlists at phpcoderusa.com
>To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
>
>This is basic stuff.  Kernel memory must be segregated and each application's memory must be segregated.  These are the basics of CPU functionality.  That is why I find theses issues perplexing. And it leads me to one basic question.  If these problems persisted since 1995, how could these issue go undetected until recently when multiple separate groups discovered these flows?  AND is it possible others have found and used these flaws for their own gain?

Remember, these flaws were found by Google's Project Zero (among others). Project Zero didn't exist (publically) until about a year after the Snowden revelations, and I'm not sure it would have ever existed without such an event. Well maybe it would have, Google has its own motivations to keep things as secure as possible.
https://googleprojectzero.blogspot.com/2014/07/announcing-project-zero.html

Its not impossible for a state level actor to slip design flaws into CPUs during manufacture, if you want to go down that rabbit hole deep enough. Has it happened? Who is to say?
https://arstechnica.com/information-technology/2013/09/researchers-can-slip-an-undetectable-trojan-into-intels-ivy-bridge-cpus/

I do know that overseas organizations are MUCH less trusting of US-based hardware than in the past (and for good reason), just as we are less trusting of Chinese or Russian-based hardware for the same reasons. I sure as hell don't want to buy a Cisco router only to find that the NSA intercepted it first.


More information about the PLUG-discuss mailing list