RE: Post : INTEL’S SECURITY FLAW IS NO FLAW
Carruth, Rusty
Rusty.Carruth at smartm.com
Thu Jan 11 09:02:51 MST 2018
As mentioned earlier, I've done my share of ... um, looking for flaws in design of operating systems back when I was in college. (What, 1976?)
We discovered some bad flaws in the design of the <redacted>. How long had the Univac been around? I don't know, but a while. Unless someone with WAY too much time on their hands is actively seeking ways around stuff, there's only so much 'bug' you can find. (and, actually, you really need more than one person involved (partially so someone can ask the 'right' stupid question :-))
Doesn't take malice or sloppiness, and I will say being a publicly-traded company makes it very hard to spend the time required to even start on the hacking required (Being publically-traded makes your owner effectively insane, since your owner is actually many people, all with different and often diametrically opposing goals for the company).
Anyway, tell you what - go read the Intel hardware docs and see if you can find the info needed to put together to see the bug. And this with prior knowledge of where to look.
I will say that this doesn't excuse much, but realize that being a public company drives you insane ;-)
Rusty
-----Original Message-----
From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
Sent: Thursday, January 11, 2018 8:42 AM
To: Main PLUG discussion list
Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW
...
I've read these issues may have persisted as far back as 1995. How does
that happen? How does an army of engineers miss this for 23 years? How
do you explain that?
That means lots of people came and went. There should have been lots of
QA... for 23 years.
How does this happen? Only two ways I can see 1) sloppy work, or 2)
intentionally.
More information about the PLUG-discuss
mailing list