Intel informed Chinese companies, including Lenovo and Alibaba, of the Meltdown and Spectre flaws in its processors before the U.S. government found out from reading press reports:
Intel Corporation initially warned a handful of customers, including several Chinese technology firms, about security flaws within its processor chips, while at the same time not telling the U.S. government, The Wall Street Journal reported Sunday.
Security experts told the newspaper that the decision could have allowed Chinese tech companies to flag the vulnerabilities to Beijing, giving the Chinese government opportunity to exploit them.
Jake Williams, head of the security company Rendition Infosec and former National Security Agency (NSA) employee, told the Journal that it is a "near certainty" the Chinese government knew about the flaws from the Intel correspondence with Chinese tech companies, as Beijing keeps tabs on such communications.
The Journal reported that Alibaba Group, a top selling Chinese cloud-computing services company, was among the firms notified of the flaw early on.
The NSA is more likely to spy on you than China.
Intel CEO sold shares on same day OEMs informed of bugs: report
Also at TechCrunch and Engadget.
(Score: 3, Insightful) by Anonymous Coward on Tuesday January 30, @12:14AM (6 children)
The key word there is "companies".
Intel has business relationships, and acts accordingly.
It's totally un-American to think that the government should hold some special, revered position in such activities.
(Score: -1, Spam) by Anonymous Coward on Tuesday January 30, @12:17AM
(Score: 3, Insightful) by bob_super on Tuesday January 30, @12:17AM (2 children)
Easy response: By telling Chinese companies, Intel has a reasonable expectation that parts of the US government are automatically informed.
(Score: 3, Insightful) by frojack on Tuesday January 30, @12:20AM (1 child)
I'm betting the US Government knew all along.
No, you are mistaken. I've always had this sig.
(Score: 1) by anubi on Tuesday January 30, @03:02AM
I would bet that certain agencies of the US Government knew of this *before* INTEL knew of them...
And were implemented at the behest of the agency, in appreciation for the US Government's role in passing law that keeps competitors off their playing field.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by frojack on Tuesday January 30, @12:18AM
Equally interesting is that intel is calling for a Do Not Install because their patches were so bad, that even microsoft is backing them out.
Hmmmm, maybe the government go to intel?
No, you are mistaken. I've always had this sig.
(Score: 2) by c0lo on Tuesday January 30, @01:52AM
Is it totally un-American to think the same companies will be in no way special when it comes to protecting their assets?
Because I can see quite a big reduction in the defense budget if US govt will allocate the same budget in protecting Joe SixPack's interest and the interest of any US-spawn multi-national acting abroad.
Reply to This
(Score: 0, Disagree) by Anonymous Coward on Tuesday January 30, @12:20AM (2 children)
The worst the NSA might do is pay a phone company to hold records on everybody, with the idea that a warrant might be obtained if a person is found to be foreign.
China wants to hoover up everything, then pass it to Chinese companies to gain economic advantage. That includes technology, things useful for blackmail, and financial details to be weaponized in bidding wars.
(Score: 3, Insightful) by frojack on Tuesday January 30, @12:23AM
Unlike our US Government you mean?
Or the Germans?
The British?
The Russians?
The thing to be concerned about here is which government has warrant and subpoena powers where ever you store your stuff. Pick your poison.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Tuesday January 30, @01:54AM
You have a funny idea of "pay." The NSA didn't pay them; the NSA told them "do this or else" while waving around papers with bullshit phrases like "national security."
There's a difference between what China and the NSA are doing. The NSA, not China, is sucking down E-V-E-R-Y-T-H-I-N-G including encrypted traffic for later attack. China, on the other hand, doesn't store encrypted data. They prefer rubber hose[1] cryptanalysis. Proper rubber hose cryptanalysis will not only break what was encrypted in the past but also tend to strip future uses of encryption. The NSA's way of doing things only works until the next update to $sslLibraries.
[1]Or, if you prefer, $5 wrench.
(Score: 2) by drussell on Tuesday January 30, @12:20AM (3 children)
<tongue-in-cheek> Well... There goes Trump, making America great again.... </tongue-in-cheek>
I can't wait for the spin on this one...
(Score: 3, Funny) by Anonymous Coward on Tuesday January 30, @12:27AM (2 children)
Thanks Obama.
(Score: 2) by terrab0t on Tuesday January 30, @01:10AM (1 child)
You mean “Thanks Clinton!”
Meltdown was created under his tenure.
(Score: 2) by bob_super on Tuesday January 30, @01:59AM
"It was a 20-year plot to help the Clintons come back to power"
That would change the slogan from "lock her up!" to "lock her out!"
