Intel Issues Updated Spectre Firmware Fixes For Newer Processors
Intel has issued updated microcode to help protect its newer processors from Spectre security exploits. The Santa Clara, Calif.-based company's new microcode updates – which impact its newer chip platforms, such as Kaby Lake, Coffee Lake, and Skylake – have been released to OEM customers and partners.
[...] The company initially released patches addressing the Spectre and Meltdown vulnerabilities in January, but later yanked its patches for the Variant 2 flaw – both for client compute and data center chips – after acknowledging that they caused "higher than expected reboots and other unpredictable system behavior." And while Intel last week announced it was re-issuing fixes for several Skylake-based platforms, the company had not given further details for its other newer processors – including Kaby Lake and Coffee Lake – until Tuesday.
First Intel, now AMD also faces multiple class-action suits over Spectre attacks
Intel rival AMD is also facing a number of class-action lawsuits over how it's responded to the Meltdown and Spectre CPU flaws. As The Register reports, four class-action complaints have been filed against the chip maker seeking damages on behalf of customers and investors. The suits follow a warning from AMD in late January that warned investors that it is "also subject to claims related to the recently disclosed side-channel exploits, such as Spectre and Meltdown, and may face claims or litigation for future vulnerabilities".
Intel revealed last week that it now faced 32 class-action lawsuits over its handling of the Meltdown and Spectre issues and three additional lawsuits over alleged insider trading.
Also at BetaNews.
(Score: 2) by janrinok on Friday February 23 2018, @10:01AM (5 children)
I can understand that people are unhappy with the fact that Spectre and Meltdown exist but they were not created maliciously. So what, exactly, is the problem with how Intel and AMD have 'handled the situation'? They were notified of the problem, they have produced patches to mitigate against the problem (which hopefully will work), and they have released those patches. So is the complaint the speed with which things have happened, or lack of it? Or is it that someone has lost a lot of money? Well ya, boo, sucks and all that, but surely nobody thinks that Intel and AMD have done this on purpose. They sold the chips at the market prices not knowing that there was a major flaw. I don't think that litigation outside of the US would even be possible - although if I am wrong I hope someone will correct me.
AMD initially thought that their chips were not susceptible to the same faults and said so, but when they were proven wrong they admitted it and have issued a fix. For litigation to succeed I would have thought that either incompetence or maliciousness would have to be proven, and I have not yet seen any evidence proving that to be the case.
I don't think that AMD would have designed them and sold them if they had known of the problem, but being pissed doesn't prove that AMD were trying to do something underhand. It's just bad luck.
(Score: 2) by RamiK on Friday February 23 2018, @04:02PM (3 children)
If it was done maliciously they'd be going to jail. Since it wasn't done on purpose*, they get the chance to recall their defective products or at least compensate their customers for the projected loss in performance if no damages were done between discovery and patching. Since they've done neither, the civil class-action suits for damages are appropriate and quite frankly rather lenient. Can you imagine what would have happened if someone's medical records were tampered with because Intel failed to recall or patch immediately? Criminal negligence is what the courts ruled for automakers when they hid those kinds of flaws and failed to recall in time.
compiling...
(Score: 2) by janrinok on Friday February 23 2018, @06:24PM (2 children)
I agree with most of what you say.
I'm not sure that Intel or AMD are guilty of not 'recalling' promptly enough. They have both been working hard to find a solution and to produce patches for the numerous types of CPU that are affected. I suppose that is for the courts to decide but litigation seems like someone is already making the assumption of guilt although it is not yet proven. Perhaps that is simply a difference in the way these things are handled legally in different countries.
(Score: 2) by RamiK on Friday February 23 2018, @11:49PM (1 child)
Go read a Yale or Harvard legal review doing a comparative study on any legal metric you can think of between nations. The US is considered one of the worst countries by any standard including Department of Justice's own. Like we're not even talking about slightly below the median. We're talking about well under countries that are governed by Sharia laws and run by genocidal tyrants. Like, you're statistically less likely to be found erroneously guilty of a crime - any crime - in just about every other nation that doesn't deal with water shortages on a daily basis then in the US. I mean, you know those horrible stories about how a woman was charged with infidelity when she was raped? The US is placed below those countries.
Handled differently alright... The rich buy their innocence while the poor work their sentences in privately owned prisons. Seriously, a nation that sentences 14yr/old to death really shouldn't go around claiming the moral high-grounds when it comes to issues of legality.
Innocent until proven guilty... Pfft.
compiling...
(Score: 2) by Wootery on Monday February 26 2018, @10:42AM
A tirade with nothing to back it up.
If you want to convince me to share your opinion, you might first convince me that we share the same facts.
(Score: 0) by Anonymous Coward on Saturday February 24 2018, @03:35AM
see this comment below:
https://soylentnews.org/comments.pl?noupdate=1&sid=24226&page=1&cid=642859#commentwrap [soylentnews.org]
How are you so sure that "but they were not created maliciously"? Can you cite something for support?
(Score: 2) by Bot on Friday February 23 2018, @10:20AM
I think there is still room for problems. For example, if older families of processors are susceptible and don't get patched.
They are too old is not an excuse because you are not fixing a bit rotting software platform, you have a flaw that has been there all along and people might run production stuff on older machines with all the updates and stuff.
Account abandoned.
(Score: 2) by crafoo on Friday February 23 2018, @01:03PM (3 children)
These are pretty bad flaws, and not all that forgivable given their nature and how predictable an outcome it is.
Jumping around from the Mot 680x0, 6502, 6809, 8088, 80486, amd64, atmel mega, and others .. x86 assembly has always been shit. The whole platform was shit from day 1 from the BIOS to the bus to the graphics hardware. No love lost, I hope the whole Intel encosystem and the company dies. At this point, even ARM would be a breathe of fresh air.
(Score: 2) by janrinok on Friday February 23 2018, @02:48PM (2 children)
So you could see this problem all those years ago? Even 12 months ago, before Meltdown and Spectre were even mentioned, you envisaged this particular problem, despite the fact that none of the chip designers of 2 very major companies saw it coming.
OK, I can accept that you might not like Intel for whatever reason, but I don't think that either Intel or AMD could have done anything differently. If the forthcoming legal proceedings show that one company or the other, or even both, knew about this problem long before when we believe they did then perhaps there are serious questions to be asked. As it stands, it just looks like a catastrophe that nobody could have foreseen.
And if you think that ARM is beefy enough to run render farms or even industrial desktop CAD computers then now is the time for you to invest your money. My money is staying in my pocket for the time being.
(Score: 1, Interesting) by Anonymous Coward on Friday February 23 2018, @06:38PM
On the other hand it is hard to avoid being vulnerable to Spectre while allowing branch speculation for higher performance.
(Score: 0) by Anonymous Coward on Saturday February 24 2018, @03:32AM
I believe these papers are from about 2005 and they clearly describe issues with cache hardware.
http://www.daemonology.net/papers/htt.pdf [daemonology.net]
http://www.daemonology.net/papers/cachemissing.pdf [daemonology.net]
https://www.kb.cert.org/vuls/id/911878 [cert.org]
Also note that "affected hardware vendors had already been made aware of the issue on June 1, 2017"
https://en.wikipedia.org/wiki/Spectre_%28security_vulnerability%29 [wikipedia.org]
So to say this was unknown until recently is not accurate.
(Score: 2) by AssCork on Friday February 23 2018, @01:46PM
Good luck.
Just popped-out of a tight spot. Came out mostly clean, too.