Archive for Intel

#FAIL: Intel’s Meltdown And Spectre Fixes Have Bugs Of Their Own

Posted in Commentary with tags on January 12, 2018 by itnerd

There’s nothing worse for a guy in my line of work to find out that a fix that remedies a critical bug is itself buggy. Case in point is the fixes that Intel put out for Spectre and Meltdown. Apparently they have bugs that cause system reboots:

Intel said today it is investigating an issue with Broadwell and Haswell CPUs after customers reported higher system reboot rates when they installed firmware updates for fixing the Spectre flaw.

The hardware vendor said these systems are both home computers and data center servers.

“We are working quickly with these customers to understand, diagnose and address this reboot issue, “said Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel Corporation.

“If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue,” Shenoy added.

The Intel exec said users shouldn’t feel discouraged by these snags and continue to install updates from OS makers and OEMs.

Sure, right. this really inspires confidence. I say that because it suggests that Intel rushed these fixes out the door to mitigate not only the threat, but the PR disaster that is in progress. Of course if that’s true it is not good. My advice to Intel is to get to the bottom of this quickly and do whatever is required to get working patches on the street that have been fully QA’ed. Because if you don’t, you’ll look like Apple and their ability to QA their products.


Flaw in Intel AMT Can Lead To Nearly Instant Pwnage By A Hacker

Posted in Commentary with tags on January 12, 2018 by itnerd

Here’s a new security issue for Intel to deal with that is really, really bad. F-Secure has discovered a security flaw in Intel’s Active Management Technology (AMT) can be used by attackers with physical access to get around authentication processes in seconds, effectively pwning the device. Here’s an overview of the security flaw:

The issue allows a local intruder to backdoor almost any corporate laptop in a matter of seconds, even if the BIOS passwordTPM PinBitlocker and login credentials are in place. No, we’re not making this stuff up.

According to F-Secure, this issue affects most corporate laptops and PCs running Intel AMT. And for the record AMT has had other security issues in the past. Now the F-Secure post has recommendations to mitigate this. But the’re not exactly quick and easy for companies to implement. Thus this is a problem that is should rightfully get a lot of attention until a solution is found for it.

Clearly 2018 hasn’t been a good year for Intel, and we’re only 12 days into 2018.

Intel CEO Posts Open Letter And Says They’ll Do Better When It Comes To Security….. Right…..

Posted in Commentary with tags on January 12, 2018 by itnerd

Intel CEO Brian Krzanich has posted an open letterto Intel customers following the Meltdown and Spectre vulnerabilities that impact its processors. In it he says among other things, these three points:

1. Customer-First Urgency: By Jan. 15, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritized by our customers.

2. Transparent and Timely Communications: As we roll out software and firmware patches, we are learning a great deal. We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique. We commit to provide frequent progress reports of patch progress, performance data and other information. These can be found at the website.

3. Ongoing Security Assurance: Our customers’ security is an ongoing priority, not a one-time event. To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats.

The cynic in me is saying that this is an attempt to mitigate the public relations nightmare that is in progress. But basically saying “Trust us, we’ll do better next time” doesn’t cut it. Here’s what Intel customers really want to hear:

  1. How did this slip through the cracks and went undetected for so long?
  2. What is Intel doing to make sure that this scenario never happens again.

If they did that, then this statement would have meant something. They didn’t thus it’s PR fluff that means nothing.

Feds Want Answers When It Comes To Intel’s CEO Stock Dump Prior To Spectre & Meltdown Disclosure

Posted in Commentary with tags on January 10, 2018 by itnerd

If you’re Intel CEO Brian Krzanich, the optics of this just don’t look good. Apparently he sold stock right before the company disclosed the Meltdown and Spectre security flaws. The sale earned Krzanich $20 million US. Now some Senators want some answers:

News reports that more than $20 million in share sales by Krzanich were scheduled in October of last year before the company made public that its processors were vulnerable to hackers are “troubling,” Senators Jack Reed and John Kennedy wrote in Tuesday letters to the Securities Exchange Commission and the Justice Department. Reed, a Rhode Island Democrat, and Kennedy, a Louisiana Republican, are members of the Senate Banking Committee.

“These reports are troubling not only because of the risk to nearly all phones and computers, but also because these reports raise concerns of potential insider trading,” the senators wrote. “If you uncover such violations through your examinations, we expect you to enforce our laws to the fullest extent possible.”

Now Intel says that the stock sale was pre-arranged. But like I said, the optics suck. And in an election year, that’s not good for the chipmaker and its CEO. I’m pretty sure that this story is going to have legs and you’ll be reading a lot about it in the weeks and months ahead.

Microsoft Details Performance Impact of Spectre & Meltdown Mitigations On Windows Systems…. And You Won’t Like Them

Posted in Commentary with tags , , , on January 9, 2018 by itnerd

In case you were wondering how fixes for Spectre and Meltdown will affect you from a speed perspective, Microsoft has done the work for you to find out. Delivering the news is Microsoft’s Windows chief Terry Myerson via this blog post:

With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.

With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance. With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.

Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel.

Take home message, if you’re PC is recent, it’s a non-issue. If it’s older, it sucks to be you. And if you’re running Windows Server, well…. You’re taking a hit no matter what CPU you have and it truly sucks to be you. This is one of the reasons why this CPU bug from Intel, AMD, and ARM is a big bloody deal. Because while the security implications are extremely problematic, the cure for them may be worse than the disease.

Surprise! Intel Gets Sued Over Epic CPU Vulnerabilities

Posted in Commentary with tags on January 5, 2018 by itnerd

To the surprise of nobody on planet Earth, Intel is facing multiple class-action lawsuits over the Meltdown and Spectre vulnerabilities. The Guardian is reporting that three separate suits have been filed by plaintiffs in California, Oregon and Indiana. The plaintiffs are seeking compensation because of the security vulnerability as well as Intel’s failure to disclose it in a timely fashion. On top of that, they want compensation for whatever slowdown to their PCs that will be caused by the fixes needed to address the security concerns.

I’m predicting that this is only going to get worse for Intel. There will be more lawsuits filed, and some of those will come from cloud providers like Amazon, Google and Microsoft who care about how the speed and security issues related to this impact their businesses.

Get the popcorn ready, because Intel has a full blown disaster on its hands.

Linus Torvalds Calls Out Intel Over Epic CPU Vulnerability In Epic Fashion

Posted in Commentary with tags on January 4, 2018 by itnerd

Linus Torvalds who is the man behind the LINUX operating system, which means he has some “street cred” as the kids say, had some choice words for Intel via this post. In short, he was enraged by the statement that the chip giant made in relation to the CPU vulnerability that came to light in the last couple of days. Here’s the key point:

I think somebody inside of Intel needs to really take a long hard look
at their CPU’s, and actually admit that they have issues instead of
writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be
written with “not all CPU’s are crap” in mind.

Or is Intel basically saying “we are committed to selling you shit
forever and ever, and never fixing anything”?

Because if that’s the case, maybe we should start looking towards the
ARM64 people more.

Mic drop.

That’s a slap to the face. But to be fair, I said this yesterday when I covered the release of this statement:

Interesting. A statement that’s designed to create plausible deniability and avoid a massive lawsuit. 

The fact is Intel has some explaining to do. And if they can’t explain this adequately, I wonder how they would feel if Apple, Dell, ASUS, HP and others migrate to AMD chips? Would that get their attention?