I think the biggest question that has been largely ignored by the press is this: Did Intel/ARM/Apple knowingly have a security flaw in their hardware, or was this more of case of a flaw was discovered. We know that Intel was aware of it for a couple of months, but no mention about if Apple or ARM (leaning more towards ARM on this one) knew about it. I think that should be addressed way before we start talking about lawsuits.
Lawyers gunning for a class-action suit generally avoid waiting for those pesky facts.
Most of these lawsuits are confirmation that having a little information coupled with a lot of open ended hysteria is a dangerous combination. The fact that a very knowledgable, skilled, purposeful, and persistent hacker can gain access to kernel memory does not mean that all of your secrets and privacy are suddenly laid out in a catalog for easy pickings by anyone who wants it any more that having an imperfect security system in every automobile means that everyone's car is about to be stolen and we should all immediately panic - or sue. At some point in the evolution of automobiles they did not even have doors, much less doors with keys. Now they have both, but cars are still routinely stolen. Does the fact that someone with motivation, intent, and a little knowledge about how to bypass automobile security can circumvent any car's security system make every manufacturer of imperfectly secured automobiles a viable target of a class action lawsuit?
Such is the nature of technology evolution. All technology starts off at a phase where just getting it to "work" is seen as a feat of magic. After the excitement of seeing it work dies down then someone figures out that just getting it to work isn't good enough. Bad actors never sleep and they prey on the imperfection of evolution. The algorithms and techniques in question around Spectre/meltdown were "magical" when they were invented decades ago and even more so when they could be stuffed into tiny microprocessors for inexpensive consumer computing devices. Once someone got these features to work everyone else who could benefit from them followed behind them and copied the techniques and functionally-sound but security-doomed optimizations - warts and all. But this isn't really the point.
The point is that all evolving non security specific technologies start off with a nearly exclusive emphasis on functionality. Quality attributes like privacy and security follow afterwards. Even at what may be considered the pinnacle of a feature/function technical evolution some qualities may not be completely attainable due to any number of factors, e.g., cars have breakable windows and rocks and hammers are still widely available at low or no cost to motivated car thieves. So what do you do? I guess you could sue everyone who makes imperfect products, but even that will never overcome the residual limitations or solve the problems because these are no longer a purely technical problems to solve.
At some point it becomes, at least in-part, a human/social problem to solve, or to mitigate to "acceptable" levels. Life always has risks. For cars, homes, bank savings, and many other valuable material assets you have insurance programs to compensate individuals when (this is no longer an "if" argument!) loss occurs. As personal data and access to wider computing platforms becomes an increasingly valuable personal asset we have to follow similar problem solving patterns and incorporate the human element and come up with non-technical mitigation strategies. We simply cannot expect to place total responsibility for the protection of personal and collective assets in the hands of the technology suppliers. Silly naiveté. Technology companies like Apple, Intel, Amazon, Google, etc., have some amazing technology and the people who can work their wizardry with it, but they cannot solve all human problems. No matter how complex and sophisticated a technology or machine can be made by a company like Apple, it will never be the equal of a motivated human who wants to impose his/her will over the technology or machine. Sometimes all it takes is a hammer, sometimes it takes a ninja hacker, and sometimes it takes deception and human engineering. But in the end the humans will always overcome whatever technological defense the machines have to offer. It's never a question of "if" - only a question of "when."
Class action lawsuits against Microsoft or Apple whenever a security exploit is discovered in their OS?
The only absolute with regards to computers (software & hardware) is there will always be bugs/exploits. You simply cannot design something that will be 100% free from any bugs. All you can do is put in an effort to minimize these from happening, and WHEN they happen provide a quick response to deal with the issue.
"Lawfirm Sues Major Tech Companies on Behalf of all Other Cardinal Numbers for Only Focusing on Numbers One and Zero"?
Odds are they'll get even.
Wouldn't bet on it, everything always comes down to the lowest common denominator.
I think he’s making a joke about odd and even cardinal numbers.
I think he’s making a joke about common multiples of denominators.
Do these people even understand the issue they're trying to sue over? There's not a single case of any of this out in the wild. What data they can get is of limited value. If it's an attack on a specific person, you could, in theory, be able to figure out the passwords and whatnot. A mass group of people? It would be a jumbled mess of garbage. Most of this is so much over blown.
Now if the NSA isn't specifically targeting you, you have very little to worry about.
I sure as hell don't see how you can sue over this. A problem by the way which is being fixed already.
So should there just never be any bugs posted. Just assume everything is 100% perfect so that they don't get sued? It's getting ridiculous with the lawsuits. There's just too many lawyers with nothing to do.
I just like how they are trying to sue over something that has never impacted anyone. But no one sued Microsoft with all their security issues which in fact cost people and companies lost of money and time to deal with, how about when UK heath system was held for ransom do to security flaws in Windows.
The Windows EULA (where valid) excludes people from filing suit against them for any reason. File suit and I wonder how long before your license key is marked as a fake?
Personally, I strove to make the software I wrote (40+ years) as bug free as possible. One of my systems ran for 4 years without a bug report. That is not to say that there weren't any but the system was never operated in a way as to show them. I know that pretty well any software other than something as basic as printing 'Hello World' on the terminal will have bugs. IT is just a question of when they surface rather than 'if'.
I haven't read Apple's licensing agreement, however, I suspect it has similar provisions. There is plenty of software which does not exhibit bugs and have run for years. In this case this is not bug, there was a group of people specially looking for ways to break it or find a way to hack it. Unlike what Microsoft and Google who release software which they know does not work right and let users tell them what does not work. The only different between Google and Microsoft, Google software sits on their servers so they can update it without the end-users permissions, Microsoft can not update people's software without their permission, well at least in the corporate world..
Class action lawsuits against Microsoft or Apple whenever a security exploit is discovered in their OS?
The only absolute with regards to computers (software & hardware) is there will always be bugs/exploits. You simply cannot design something that will be 100% free from any bugs. All you can do is put in an effort to minimize these from happening, and WHEN they happen provide a quick response to deal with the issue.
Spectre and Meltdown are a 20 year old flaw in processors. The only issue is whether Intel knew and hid this from others. I suppose if you could somehow prove that Apple knew and ignored or hid this from their own customers, they would be culpable too but then you would have to prove a conspiracy between Intel and others to make it stick. The easiest money is just going after Intel.
Class action lawsuits against Microsoft or Apple whenever a security exploit is discovered in their OS?
The only absolute with regards to computers (software & hardware) is there will always be bugs/exploits. You simply cannot design something that will be 100% free from any bugs. All you can do is put in an effort to minimize these from happening, and WHEN they happen provide a quick response to deal with the issue.
"Lawfirm Sues Major Tech Companies on Behalf of all Other Cardinal Numbers for Only Focusing on Numbers One and Zero"?
Odds are they'll get even.
Wouldn't bet on it, everything always comes down to the lowest common denominator.
I think he’s making a joke about odd and even cardinal numbers.
I think he’s making a joke about common multiples of denominators.
The key question, and that has to be resolved before any lawsuit, and the answer has not yet been publicly disclosed, is: does the vulnerability require compromised software to be installed, or is it sufficient to e.g. navigate to a special web site?
If the exploit requires the installation of compromised software, then the problem isn’t worse than “trusted computing” aka “walled gardens” which require the user to blindly trust one or more software/hardware vendors. All the exploit would do, is require users to be a bit more aware whom they trust, and it would shed a light on the negative security implications of jailed software/hardware, which locks owners out of their own systems.
If on the other hand the exploits are open to remote attacks, without physical access and/or user installed software, then indeed we have a security meltdown of incalculable proportions.
Class action lawsuits against Microsoft or Apple whenever a security exploit is discovered in their OS?
The only absolute with regards to computers (software & hardware) is there will always be bugs/exploits. You simply cannot design something that will be 100% free from any bugs. All you can do is put in an effort to minimize these from happening, and WHEN they happen provide a quick response to deal with the issue.
"Lawfirm Sues Major Tech Companies on Behalf of all Other Cardinal Numbers for Only Focusing on Numbers One and Zero"?
Class action lawsuits against Microsoft or Apple whenever a security exploit is discovered in their OS?
The only absolute with regards to computers (software & hardware) is there will always be bugs/exploits. You simply cannot design something that will be 100% free from any bugs. All you can do is put in an effort to minimize these from happening, and WHEN they happen provide a quick response to deal with the issue.
"Lawfirm Sues Major Tech Companies on Behalf of all Other Cardinal Numbers for Only Focusing on Numbers One and Zero"?
Odds are they'll get even.
Wouldn't bet on it, everything always comes down to the lowest common denominator.
I think he’s making a joke about odd and even cardinal numbers.
I think he’s making a joke about common multiples of denominators.
The key question, and that has to be resolved before any lawsuit, and the answer has not yet been publicly disclosed, is: does the vulnerability require compromised software to be installed, or is it sufficient to e.g. navigate to a special web site?
If the exploit requires the installation of compromised software, then the problem isn’t worse than “trusted computing” aka “walled gardens” which require the user to blindly trust one or more software/hardware vendors. All the exploit would do, is require users to be a bit more aware whom they trust, and it would shed a light on the negative security implications of jailed software/hardware, which locks owners out of their own systems.
If on the other hand the exploits are open to remote attacks, without physical access and/or user installed software, then indeed we have a security meltdown of incalculable proportions.
I wait with bated breath for an answer...
If the browser and Apple Api's are fixed, there is no "meltdown" or other things unless the App store App itself is malicious (which Apple would undoubtably now test for) every known hole would be fixed.
For most of what a mobile phone does, I'd expect minimal impact. The fact Apple tightly controls everything helps in insuring that this is true.
That's not the case on Android were the holes now are immeasurable because of side loading and the fact most phones are never getting an update; more bot fodder.
Comments
Such is the nature of technology evolution. All technology starts off at a phase where just getting it to "work" is seen as a feat of magic. After the excitement of seeing it work dies down then someone figures out that just getting it to work isn't good enough. Bad actors never sleep and they prey on the imperfection of evolution. The algorithms and techniques in question around Spectre/meltdown were "magical" when they were invented decades ago and even more so when they could be stuffed into tiny microprocessors for inexpensive consumer computing devices. Once someone got these features to work everyone else who could benefit from them followed behind them and copied the techniques and functionally-sound but security-doomed optimizations - warts and all. But this isn't really the point.
The point is that all evolving non security specific technologies start off with a nearly exclusive emphasis on functionality. Quality attributes like privacy and security follow afterwards. Even at what may be considered the pinnacle of a feature/function technical evolution some qualities may not be completely attainable due to any number of factors, e.g., cars have breakable windows and rocks and hammers are still widely available at low or no cost to motivated car thieves. So what do you do? I guess you could sue everyone who makes imperfect products, but even that will never overcome the residual limitations or solve the problems because these are no longer a purely technical problems to solve.
At some point it becomes, at least in-part, a human/social problem to solve, or to mitigate to "acceptable" levels. Life always has risks. For cars, homes, bank savings, and many other valuable material assets you have insurance programs to compensate individuals when (this is no longer an "if" argument!) loss occurs. As personal data and access to wider computing platforms becomes an increasingly valuable personal asset we have to follow similar problem solving patterns and incorporate the human element and come up with non-technical mitigation strategies. We simply cannot expect to place total responsibility for the protection of personal and collective assets in the hands of the technology suppliers. Silly naiveté. Technology companies like Apple, Intel, Amazon, Google, etc., have some amazing technology and the people who can work their wizardry with it, but they cannot solve all human problems. No matter how complex and sophisticated a technology or machine can be made by a company like Apple, it will never be the equal of a motivated human who wants to impose his/her will over the technology or machine. Sometimes all it takes is a hammer, sometimes it takes a ninja hacker, and sometimes it takes deception and human engineering. But in the end the humans will always overcome whatever technological defense the machines have to offer. It's never a question of "if" - only a question of "when."
Now if the NSA isn't specifically targeting you, you have very little to worry about.
I sure as hell don't see how you can sue over this. A problem by the way which is being fixed already.
So should there just never be any bugs posted. Just assume everything is 100% perfect so that they don't get sued? It's getting ridiculous with the lawsuits. There's just too many lawyers with nothing to do.
If the exploit requires the installation of compromised software, then the problem isn’t worse than “trusted computing” aka “walled gardens” which require the user to blindly trust one or more software/hardware vendors.
All the exploit would do, is require users to be a bit more aware whom they trust, and it would shed a light on the negative security implications of jailed software/hardware, which locks owners out of their own systems.
If on the other hand the exploits are open to remote attacks, without physical access and/or user installed software, then indeed we have a security meltdown of incalculable proportions.
I wait with bated breath for an answer...
For most of what a mobile phone does, I'd expect minimal impact. The fact Apple tightly controls everything helps in insuring that this is true.
That's not the case on Android were the holes now are immeasurable because of side loading and the fact most phones are never getting an update; more bot fodder.