Intel chip security flaws remain

[Alex5723AskWoody Plus]

Last May, when Intel released a patch for a group of security vulnerabilities researchers had found in the company’s computer processors, Intel implied that all the problems were solved. But that wasn’t entirely true,…..

..It would be another six months before a second patch, publicly disclosed by the company on Tuesday, would fix all of the vulnerabilities Intel indicated were fixed in May,..

..Now the Dutch researchers claim Intel is doing the same thing again. They said the new patch issued on Tuesday still doesn’t fix another flaw they provided Intel in May.

Intel acknowledged that the May patch did not fix everything the researchers submitted, nor does Tuesday’s fix. But they “greatly reduce” the risk of attack, said Leigh Rosenwald, a spokeswoman for the company.

https://www.nytimes.com/2019/11/12/technology/intel-chip-fix.html?smid=tw-nytimes&smtyp=cur

3 users thanked author for this post.

CADesertRat, Lawrence Krantz, AJNorth

[AJNorthAskWoody Plus]

Some may find this article from 4 Nov 2019 worthwhile:

Intel vs AMD Processor Security: Who Makes the Safest CPUs?

https://www.tomshardware.com/features/intel-amd-most-secure-processors

2 users thanked author for this post.

CADesertRat, samak

[CADesertRatAskWoody Plus]

That’s why my latest build was AMD which I haven’t used since Windows 95. It was the lesser of 2 evils.

Don't take yourself so seriously, no one else does 🙂
4 Win 10 Pro currently 1809 (3 Desktops, 1 Laptop).

1 user thanked author for this post.

DriftyDonN

[mn–AskWoody Lounger]

… Really, would’ve been nice if IA-64 had gotten more market share. The architecture was (well, “is”, because apparently they can still be ordered until January) different enough that it at least doesn’t have the same flaws…

Unlike things like POWER, Sparc, Arm and such that do have at least the general category of speculative/timing-based sidechannel attack possible.

[AJNorthAskWoody Plus]

Via Guru3D.com (2019.11.13):

Intel will be addressing 77 security vulnerabilities this month

https://www.guru3d.com/news-story/intel-will-be-addressing-77-security-vulnerabilities-this-month.html

[Alex5723AskWoody Plus]

AJNorth wrote:

Via Guru3D.com (2019.11.13):

Intel will be addressing 77 security vulnerabilities this month

https://www.guru3d.com/news-story/intel-will-be-addressing-77-security-vulnerabilities-this-month.html

These updates are like putting a finger in a dam’s hole.
In order to solve these security bugs Intel has to develop its CPUs from fresh, something they can’t do.

[AJNorthAskWoody Plus]

In order to solve these security bugs Intel has to develop its CPUs from fresh, something they can’t do.

Well, it is not that they can’t develop new CPUs; rather, until relatively recently it has been something that was not cost-effective for them to do.

That piper, however, must now be paid.  Of course, this will ultimately have to be a collaborative effort with the platform (and software) developers — which may ultimately prove more difficult (and costly) to address than the hardware engineering itself.

Nevertheless, designing new architectures to replace the “x86” (based on the Von Neumann-Turing / Harvard architecture, the basis for CPU designs since the inception of the microprocessor) is no longer avoidable (not a new realization, either: https://www.zdnet.com/article/why-intel-x86-must-die-our-cloud-centric-future-depends-on-open-source-chips-meltdown/).

(Though as recently as 2016, the consensus was that “x68” would be with us indefinitely: https://www.barrons.com/articles/intel-arm-von-neuman-architecture-here-to-stay-for-now-says-bernstein-1465242162; see also: https://www.sciencedirect.com/topics/computer-science/von-neumann-architecture.)

To put it in terms of what is generally quoted as an old Chinese curse, May you live in interesting times (of course, it’s actually not Chinese at all: https://quoteinvestigator.com/2015/12/18/live/).

[mn–AskWoody Lounger]

AJNorth wrote:

Well, it is not that they can’t develop new CPUs; rather, until relatively recently it has been something that was not cost-effective for them to do.

Indeed, it’s something they already did. Just didn’t sell well enough.
Really, was pretty consistent about the sidechannel attacks… “IA-64 is not vulnerable”

[Author]

Posts