Re: Post : INTEL’S SECURITY FLAW IS NO FLAW

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: PLUG-discuss
Date:  
To: Main PLUG discussion list
Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
This is basic stuff. Kernel memory must be segregated and each
application's memory must be segregated. These are the basics of CPU
functionality. That is why I find theses issues perplexing. And it
leads me to one basic question. If these problems persisted since 1995,
how could these issue go undetected until recently when multiple
separate groups discovered these flows? AND is it possible others have
found and used these flaws for their own gain?

No matter what happened, politics, accident... etc We have a HUGE
problem. Even if there were CPUs that were not vulnerable, it would
take years to replace all computers that are publicly facing. In the
mean time there are some seriously evil people / groups / countries that
will be looking into how they can use theses chip bugs / vulnerabilities
/ features... to further their goals.

From what I can tell the solution is to use software - the kernel to fix
or patch the shortcomings of these CPUs. A software patch to fix
hardware. This is very scary. A software patch can be removed and / or
replaced, leaving the host vulnerable.

On 2018-01-11 10:10, Mark Phillips wrote:

> No, I don't work at Intel. I am, however, not a believer in all the government conspiracy theories floating around the Internet.
>
> Mark
>
> On Thu, Jan 11, 2018 at 9:25 AM, Aaron Jones <> wrote:
>
> Signals intelligence is believed to have been birthed in 1904.
>
> But exploiting hardware isn't new. For military, police, or criminal intentions.
>
> You work at Intel Mark? Lol
>
> On Jan 11, 2018, at 9:11 AM, Mark Phillips <> wrote:
>
> There is no conspiracy here. 23 years ago no one thought about attack vectors and how to take over machines. It is only recently that we are all sensitized to this problem. Even though the tech world is sensitized to the nature of exploits, companies still ship brand new products (e.g. Nest, cars, etc.) that can be exploited by almost anyone. It was only recently that router and switch companies stopped using admin and admin as login credentials!
>
> Your argument that these new CPU exploits are a government conspiracy can be applied to any potential exploit discovered today in a piece of code written yesterday.
>
> Mark
>
> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <> wrote:
> As mentioned earlier, I've done my share of ... um, looking for flaws in design of operating systems back when I was in college. (What, 1976?)
>
> We discovered some bad flaws in the design of the <redacted>. How long had the Univac been around? I don't know, but a while. Unless someone with WAY too much time on their hands is actively seeking ways around stuff, there's only so much 'bug' you can find. (and, actually, you really need more than one person involved (partially so someone can ask the 'right' stupid question :-))
>
> Doesn't take malice or sloppiness, and I will say being a publicly-traded company makes it very hard to spend the time required to even start on the hacking required (Being publically-traded makes your owner effectively insane, since your owner is actually many people, all with different and often diametrically opposing goals for the company).
>
> Anyway, tell you what - go read the Intel hardware docs and see if you can find the info needed to put together to see the bug. And this with prior knowledge of where to look.
>
> I will say that this doesn't excuse much, but realize that being a public company drives you insane ;-)
>
> Rusty
>
> -----Original Message-----
> From: PLUG-discuss [mailto:plug-discuss-bounces@lists.phxlinux.org] On Behalf Of
> Sent: Thursday, January 11, 2018 8:42 AM
> To: Main PLUG discussion list
> Subject: Re: Post : INTEL'S SECURITY FLAW IS NO FLAW
>
> ...
>
> I've read these issues may have persisted as far back as 1995. How does
> that happen? How does an army of engineers miss this for 23 years? How
> do you explain that?
>
> That means lots of people came and went. There should have been lots of
> QA... for 23 years.
>
> How does this happen? Only two ways I can see 1) sloppy work, or 2)
> intentionally.
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]


> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]


---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

Links:
------
[1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss