Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs The severe design flaw in Intel microprocessors that allows sensitive data, such as passwords and crypto-keys, to be stolen from memory is real – and its details have been revealed. On Tuesday, we warned that a blueprint blunder in Intel's CPUs could allow applications, malware, and JavaScript running in web browsers, to …
I hope the jerks who made this public are patting themselves on the back and smugly basking in their new-found fame.
These vulnerabilities have lurked around for 20-30 years, without causing anyone any problems, since the average dopey hacker is clueless about silicon architecture, or how it handles branching in cache execution.
Now, thanks to these self-serving idiots, the world is in turmoil, with Intel users wondering how long before the parasites put together a few hacks - based on the suggestions also published with the disclosure - and give them to a botnet to execute.
It doesn't bother me, since all our stuff runs on Sun SPARC, but it occurs to me that there should be a law or, at least, a protocol, whereby people like Intel get the results of such reports in secret, and the dirt isn't made public until there's a fix in-place.
"there should be a law or, at least, a protocol, whereby people like Intel get the results of such reports in secret, and the dirt isn't made public until there's a fix in-place."
The "security resesrchers" and their media mates would typically refer you to the protocols of "responsible disclosure" at this time. Whether responsible disclosure actually works to the benefit of the wider world is a whole separate question.
The "modern IT world" is in turmoil today for various reasons, including in large part because of lack of in-depth understanding of issues and technologies and risks and benefits, and and because of dependence on monoculture and monopoly.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
