Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday January 17 2018, @07:51PM   Printer-friendly
from the oughta-be-a-law dept.

Vox Media website theverge.com reports that Rep. Jerry McNerney (D-CA) wants answers about the recent computer chip chaos.

Congress is starting to ask hard questions about the fallout from the Meltdown and Spectre vulnerabilities. Today, Rep. Jerry McNerney (D-CA) sent a letter [(pdf)] requesting a briefing from Intel, AMD, and ARM about the vulnerabilities’ impact on consumers.

[...] The two vulnerabilities are “glaring warning signs that we must take cybersecurity more seriously,” McNerney argues in the letter. “Should the vulnerabilities be exploited, the effects on consumers’ privacy and our nation’s economy and security would be absolutely devastating.”

Privately disclosed to chipmakers in June of 2016, the Meltdown and Spectre bugs became public after a haphazard series of leaks earlier this month. In the aftermath, there have been significant patching problems, including an AMD patch that briefly prevented Windows computers from booting up. Intel in particular has come under fire for inconsistent statements about the impact of the bugs, and currently faces a string of proposed class-action lawsuits relating to the bugs.

Meltdown can be fixed through a relatively straightforward operating-system level patch, but Spectre has proven more difficult, and there have been significant patching problems in the aftermath. The most promising news has been Google’s Retpoline approach, which the company says can protect against the trickiest Spectre variant with little negative performance impact.

The letter calls on the CEOs of Intel, AMD, and ARM to answer (among other things) when they learned about these problems and what they are doing about it.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Wednesday January 17 2018, @10:59PM (1 child)

    by Anonymous Coward on Wednesday January 17 2018, @10:59PM (#623885)

    Was literally warned about back in the 1996-1999 range.

    I had multiple people arguing with me about it, and I had mostly scoffed because at the time it would have essentially required pegging the cpu and degrading system performance for a non-trivial length of time to get most of the data out. With current generation hardware and software, especially online software, already pegging out at least one core at all times, it is much harder to differentiate valid use from exploits/data analysis attempts.

  • (Score: 2) by frojack on Thursday January 18 2018, @12:25AM

    by frojack (1554) on Thursday January 18 2018, @12:25AM (#623923) Journal

    Scale that to several thousand machines in a Typical Google or Amazon Data Center. [amazonaws.com].

    How would you even know this was happening?

    I would thing Amazon would be more at risk for this than Google, because Amazon rents you machines, real or virtual, for your own use, whereas most of google's machines are for Google's own use - not so much customer instances.

    --
    No, you are mistaken. I've always had this sig.