Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.
I mean, I’m not much of a tinfoil hat, but this article feels extremely conveniently timed for Intel, who is currently going through a massive ordeal with their chips. Especially considering that the vulnerability is so extremely difficult to exploit that there’s borderline no story here for 99% of people but the headline will still drive clicks and drama.
Most likely. Windows update (or the Linux equivalent on your platform) will download updated microcode to load at boot time to basically be a software patch for hardware issues. At least, that’s how it was explained when the original speculative execution flaw was discovered and Intel was releasing foxes and shit for it.
On windows the article mentioned being a microcode patch via Windows update. Linux would be similar- but via a kernel update most likely. I’d assume that a general BIOS update would also do the trick, but then you’re relying on motherboard vendors and it’s unlikely many would provide such an update to older hardware, even if it’s still widely used.
Intel has literally done this, and stuff like it before.
They back “independent” researchers who twist themselves in knots to make AMD look bad.
Look up the multiple counts of bullshit from a “research group” called Principled Technologies.
Sidenote: the guy who ran it was Ryan Shrout, who used to work for PC Perspective, and would usually give favourable reviews to Intel. After leaving Principled Technologies, he became head of technical marketing at… drumroll… Intel!
Principled Technologies isn’t the only scam “independent researcher” Intel has set up or paid handsomely either.
I loathe what part of the security community has become with the stunt hacking and vuln naming. That being said, I doubt it’s some conspiracy. I don’t know all the details but it wouldn’t be exceptional to identify a bug that has existed in processor firmware or legacy code for a long time.
People are looking at this stuff all the time, both professionally and for fun. You could make the case that it’s inevitable that there will be exploits found that affect a huge population.
In the end, as long as the layman gets smarter about computer security, the better people will react to vuln drops.
Not too unusual. There have been a lot of new vulnerabilities announced lately. A few months ago they announced one that exposed all (?) mainstream CPUs, even Apple’s new chips.
Some of the vulns are serious, but many require very specific circumstances to actually work.
The folks who found it are presenting at Defcon this weekend, according to the article.
I imagine some of the industry press (i.e. Wired) are just looking through the Defcon agenda to figure out what to write. I saw two or three other articles about hacks or exploits and things like that that also mentioned it was bring presented at Defcon.
Was there a real user risk to any of the flaws since heart bleed? Or did people mostly want to hate on Intel? I’m no tinfoil hatter either I’m just asking questions.
I mean, I’m not much of a tinfoil hat, but this article feels extremely conveniently timed for Intel, who is currently going through a massive ordeal with their chips. Especially considering that the vulnerability is so extremely difficult to exploit that there’s borderline no story here for 99% of people but the headline will still drive clicks and drama.
Difficult to exploit, already in the process of being patched. Truly, the most breaking of news.
How does the patch actually get delivered? Via windows update or using something else?
Most likely. Windows update (or the Linux equivalent on your platform) will download updated microcode to load at boot time to basically be a software patch for hardware issues. At least, that’s how it was explained when the original speculative execution flaw was discovered and Intel was releasing foxes and shit for it.
I realise this is an autocorrect error, but it’s still funny 🦊
On windows the article mentioned being a microcode patch via Windows update. Linux would be similar- but via a kernel update most likely. I’d assume that a general BIOS update would also do the trick, but then you’re relying on motherboard vendors and it’s unlikely many would provide such an update to older hardware, even if it’s still widely used.
Intel has literally done this, and stuff like it before.
They back “independent” researchers who twist themselves in knots to make AMD look bad.
Look up the multiple counts of bullshit from a “research group” called Principled Technologies.
Sidenote: the guy who ran it was Ryan Shrout, who used to work for PC Perspective, and would usually give favourable reviews to Intel. After leaving Principled Technologies, he became head of technical marketing at… drumroll… Intel!
Principled Technologies isn’t the only scam “independent researcher” Intel has set up or paid handsomely either.
I thought switching to AMD should’ve kept me save from Intel ME (I used ME_cleaner if I had too) :(
I loathe what part of the security community has become with the stunt hacking and vuln naming. That being said, I doubt it’s some conspiracy. I don’t know all the details but it wouldn’t be exceptional to identify a bug that has existed in processor firmware or legacy code for a long time.
People are looking at this stuff all the time, both professionally and for fun. You could make the case that it’s inevitable that there will be exploits found that affect a huge population.
In the end, as long as the layman gets smarter about computer security, the better people will react to vuln drops.
Not too unusual. There have been a lot of new vulnerabilities announced lately. A few months ago they announced one that exposed all (?) mainstream CPUs, even Apple’s new chips.
Some of the vulns are serious, but many require very specific circumstances to actually work.
The folks who found it are presenting at Defcon this weekend, according to the article.
I imagine some of the industry press (i.e. Wired) are just looking through the Defcon agenda to figure out what to write. I saw two or three other articles about hacks or exploits and things like that that also mentioned it was bring presented at Defcon.
Every last news article you see, you must ask: who benefits from this article’s appearance?
It’s not just judges who can be bought.
Was there a real user risk to any of the flaws since heart bleed? Or did people mostly want to hate on Intel? I’m no tinfoil hatter either I’m just asking questions.
🙄
13th and 14th generation Intel processors can be physically damaged and degrade over time on the latest issue from Intel.
Yep. Reminds me of when ubiquiti damaged the radios on the unifi pro through dodgy firmware.
We ended up replacing them all just in case because we didn’t want customers affected
The Intel issue is far worse because they’re not even patching it quickly, and it is slowly frying cpus