Intel's response is a bit vague but it almost sounds like CPU features put in place to allow kernel mode debug tracing and monitoring may be susceptible to nefarious hacking? I do know that companies like Intel (and pretty much all product manufacturers) are very adamant about never using or allowing words like "defect" and "flaw" to be used in association with their products, both internally and externally. This is due to product liability concerns and forced transparency of Title 21 CFR Part 11 regulations in certain industries. No surprise at all that Intel is getting out in front of this and squashing those words from the developing narrative.
I'm willing to give Intel the benefit of the doubt and take a wait-and-see approach. They do seem to have some pretty sharp business and engineering minds in their ranks. Let's see what they will do in conjunction with their OS vendor partners.
Just my opinion, but I've always found that the least productive and most damaging reaction to anything that like this is panic. Panic coupled with a lack of data, speculation, and insufficient understanding of the issue will most certainly latch the Bozo Bit and cause normally stable people to do really stupid things, like wrapping their PC in tin foil and burying it in the backyard, or reverting to using an abacus as their only computing device. Hopefully the media won't run amok with this like they so often do with anything Apple related.
Actually, Intel's reaction is expected, keeping cool and underplaying this is always the first reaction in those cases. The issue is not that Amazon, or Windows will have a fix, it's that this fix will be certainly not be propagated widely leaving a huge web of vulnerable machines all over the place (like old Android phones basically). Once they're issued the fix, people at intel want to move on say that all is fine now ignoring the mess of insecurity they left in their wake (again like Google).
That we've been raised to tolerate in tech what we would not tolerate in any other sphere is what I find outrageous; companies exploit people's placidity and meh attitude in the face of what would be considered big risks in other industries.
Why would they change if producing crappy unsecure products is expected from them them and nobody really makes them pay for it.
I don't care if every CPU is compromised.. I still want a replacement or a refund.
I’m curious on what grounds you actually may have the right to either of the two. Apart from commons sense of course, just I don’t think IBM (or the OEM for that matter) promised the absence of this particular flaw. So you’re in the arena if “general quality expectations” relate to state of the art etc. I suppose? Any legal insight into this would be welcome.
Well, if you've bought a computer to do task X and it can't fullfill it, it could be consumer fraud or some other similar things.
I don't care if every CPU is compromised.. I still want a replacement or a refund.
I’m curious on what grounds you actually may have the right to either of the two. Apart from commons sense of course, just I don’t think IBM (or the OEM for that matter) promised the absence of this particular flaw. So you’re in the arena if “general quality expectations” relate to state of the art etc. I suppose? Any legal insight into this would be welcome.
Well, if you've bought a computer to do task X and it can't fullfill it, it could be consumer fraud or some other similar things.
Sure. Just I would guess that as a consumer you didn’t get the promise that a) its so task xyz in a fixed amount of time, b) you’re entitled to any fix on bugs discovered later on, c) any fix or update will not impact performance.
IMO this case does not compare easily to e.g. Dieselgate where you as co Sumer were promised a specific set of features or properties, and later you’d find that it’s an XOR between performance and pollution.
Basically, what if an OEM would simply not update? As in many Android devices? You likely won’t succeed in suing the manufacturer along the lines of “hey, I’m entitled to x amounts of updates” or similar.
On the other hand I would expect some reasonable level of state of the art implemented. And this includes for me aspects of security and speed. So the question to me circles around: can I prove that the product is defective from a product liability standpoint beyond explicitly promised properties or features.
That doesn’t help the multitude of android phones that don’t get updates or security fixes. None of my android phones will ever see this fix and they are younger than the iPhone 6 I’m using.
We all know Google fixes security exploits fairly quickly.
The problem is the majority of devices never receive these fixes. And since this is (yet again) a low-level exploit, Google Play Services can’t (yet again) do anything about it.
I don't care if every CPU is compromised.. I still want a replacement or a refund.
Then lawyer up, dude. Wanting and getting are not related.
Unless he can prove physical harm, then he doesn’t have a leg to stand on.
His best bet would be some sort of class action based on insider trading perhaps, since it has come to light that Intel's CEO dumped $24million in company stock soon after he was made aware of the problem.
It’s always been my understanding that Apple’s processors are not really ARM chips at all: they’re custom silicon that just happens to use the ARM instruction set.
If this is the case then they might not be affected by this. On the other hand, they might be affected by something else.
Update: "The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants," AMD said in a statement. "Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time."
This is true, AMD is not susceptible to all three variants ... just one of them.
And the lines about zero or near zero risk is only about the other two variants. For the variant they are susceptible to, AMD is saying it can be "resolved by software / OS updates". (sound familiar?)
"these exploits do not have the potential to corrupt, modify or delete data" (Intel statement) is not contrary to "an attacker could likely steal "any data on the system"" (later ZDNet post).
That doesn’t help the multitude of android phones that don’t get updates or security fixes. None of my android phones will ever see this fix and they are younger than the iPhone 6 I’m using.
If you use an android phone you really don't care about security. So just don't let anyone get a hold of your phones and it won't matter that there is no fix.
That doesn’t help the multitude of android phones that don’t get updates or security fixes. None of my android phones will ever see this fix and they are younger than the iPhone 6 I’m using.
If you use an android phone you really don't care about security. So just don't let anyone get a hold of your phones and it won't matter that there is no fix.
I give them to my kids because ScreenTime works better on android than iOS. And nope I don’t care but the implication that the majority of deployed Android devices won’t remain vulnerable because Google has a patch for the latest devices is clearly false.
Gatorguy likes to pretend to be the voice of reasoned opposition but invariably posts idiocy like this showing his true purpose here. Concern trolling and spreading false equivalency.
It’s always been my understanding that Apple’s processors are not really ARM chips at all: they’re custom silicon that just happens to use the ARM instruction set.
If this is the case then they might not be affected by this. On the other hand, they might be affected by something else.
That doesn’t help the multitude of android phones that don’t get updates or security fixes. None of my android phones will ever see this fix and they are younger than the iPhone 6 I’m using.
If you use an android phone you really don't care about security. So just don't let anyone get a hold of your phones and it won't matter that there is no fix.
I give them to my kids because ScreenTime works better on android than iOS. And nope I don’t care but the implication that the majority of deployed Android devices won’t remain vulnerable because Google has a patch for the latest devices is clearly false.
Gatorguy likes to pretend to be the voice of reasoned opposition but invariably posts idiocy like this showing his true purpose here. Concern trolling and spreading false equivalency.
Bit of a swerve from Intel. Only the weaker, far less probable flaw impacts AMD, while the more severe flaw impacts Intel. They word it as if they're both equally bad off.
That doesn’t help the multitude of android phones that don’t get updates or security fixes. None of my android phones will ever see this fix and they are younger than the iPhone 6 I’m using.
If you use an android phone you really don't care about security. So just don't let anyone get a hold of your phones and it won't matter that there is no fix.
I give them to my kids because ScreenTime works better on android than iOS. And nope I don’t care but the implication that the majority of deployed Android devices won’t remain vulnerable because Google has a patch for the latest devices is clearly false.
Gatorguy likes to pretend to be the voice of reasoned opposition but invariably posts idiocy like this showing his true purpose here. Concern trolling and spreading false equivalency.
Oh, geez... What did I post that was "idiocy", a link to a Google FAQ? You're certainly not referring to any opinion from me since I didn't write one. Some posters here can act so Strange* at times, knee-jerk reacting to a person instead of what they wrote. Don't be one of those posters, be smarter than that.
Comments
That we've been raised to tolerate in tech what we would not tolerate in any other sphere is what I find outrageous; companies exploit people's placidity and meh attitude in the face of what would be considered big risks in other industries.
Why would they change if producing crappy unsecure products is expected from them them and nobody really makes them pay for it.
IMO this case does not compare easily to e.g. Dieselgate where you as co Sumer were promised a specific set of features or properties, and later you’d find that it’s an XOR between performance and pollution.
Basically, what if an OEM would simply not update? As in many Android devices? You likely won’t succeed in suing the manufacturer along the lines of “hey, I’m entitled to x amounts of updates” or similar.
On the other hand I would expect some reasonable level of state of the art implemented. And this includes for me aspects of security and speed. So the question to me circles around: can I prove that the product is defective from a product liability standpoint beyond explicitly promised properties or features.
hopefully you you have some evidence that a task you did easily yesterday is seriously impeded tomorrow.
My Mac is working just fine.
We all know Google fixes security exploits fairly quickly.
The problem is the majority of devices never receive these fixes. And since this is (yet again) a low-level exploit, Google Play Services can’t (yet again) do anything about it.
His best bet would be some sort of class action based on insider trading perhaps, since it has come to light that Intel's CEO dumped $24million in company stock soon after he was made aware of the problem.
http://uk.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1?r=US&IR=T
He now holds the minimum stock required by his contract of employment.
If this is the case then they might not be affected by this.
On the other hand, they might be affected by something else.
And the lines about zero or near zero risk is only about the other two variants.
For the variant they are susceptible to, AMD is saying it can be "resolved by software / OS updates". (sound familiar?)
Source
Gatorguy likes to pretend to be the voice of reasoned opposition but invariably posts idiocy like this showing his true purpose here. Concern trolling and spreading false equivalency.
What did I post that was "idiocy", a link to a Google FAQ? You're certainly not referring to any opinion from me since I didn't write one. Some posters here can act so Strange* at times, knee-jerk reacting to a person instead of what they wrote. Don't be one of those posters, be smarter than that.