Re: Post : INTEL’S SECURITY FLAW IS NO FLAW

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Mark Phillips
Date:  
To: Main PLUG discussion list
Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
No, I don't work at Intel. I am, however, not a believer in all the
government conspiracy theories floating around the Internet.

Mark

On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones <> wrote:

> Signals intelligence is believed to have been birthed in 1904.
>
> But exploiting hardware isn't new. For military, police, or criminal
> intentions.
>
> You work at Intel Mark? Lol
>
> On Jan 11, 2018, at 9:11 AM, Mark Phillips <>
> wrote:
>
> There is no conspiracy here. 23 years ago no one thought about attack
> vectors and how to take over machines. It is only recently that we are all
> sensitized to this problem. Even though the tech world is sensitized to the
> nature of exploits, companies still ship brand new products (e.g. Nest,
> cars, etc.) that can be exploited by almost anyone. It was only recently
> that router and switch companies stopped using admin and admin as login
> credentials!
>
> Your argument that these new CPU exploits are a government conspiracy can
> be applied to any potential exploit discovered today in a piece of code
> written yesterday.
>
> Mark
>
> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <>
> wrote:
>
>> As mentioned earlier, I've done my share of ... um, looking for flaws in
>> design of operating systems back when I was in college. (What, 1976?)
>>
>> We discovered some bad flaws in the design of the <redacted>. How long
>> had the Univac been around? I don't know, but a while. Unless someone
>> with WAY too much time on their hands is actively seeking ways around
>> stuff, there's only so much 'bug' you can find. (and, actually, you really
>> need more than one person involved (partially so someone can ask the
>> 'right' stupid question :-))
>>
>> Doesn't take malice or sloppiness, and I will say being a publicly-traded
>> company makes it very hard to spend the time required to even start on the
>> hacking required (Being publically-traded makes your owner effectively
>> insane, since your owner is actually many people, all with different and
>> often diametrically opposing goals for the company).
>>
>> Anyway, tell you what - go read the Intel hardware docs and see if you
>> can find the info needed to put together to see the bug. And this with
>> prior knowledge of where to look.
>>
>> I will say that this doesn't excuse much, but realize that being a public
>> company drives you insane ;-)
>>
>> Rusty
>>
>> -----Original Message-----
>> From: PLUG-discuss [mailto:plug-discuss-bounces@lists.phxlinux.org] On
>> Behalf Of
>> Sent: Thursday, January 11, 2018 8:42 AM
>> To: Main PLUG discussion list
>> Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
>>
>> ...
>>
>> I've read these issues may have persisted as far back as 1995. How does
>> that happen? How does an army of engineers miss this for 23 years? How
>> do you explain that?
>>
>> That means lots of people came and went. There should have been lots of
>> QA... for 23 years.
>>
>> How does this happen? Only two ways I can see 1) sloppy work, or 2)
>> intentionally.
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss