SoylentNews is people
SoylentNews
Vox Media website theverge.com reports that Rep. Jerry McNerney (D-CA) wants answers about the recent computer chip chaos.
Congress is starting to ask hard questions about the fallout from the Meltdown and Spectre vulnerabilities. Today, Rep. Jerry McNerney (D-CA) sent a letter [(pdf)] requesting a briefing from Intel, AMD, and ARM about the vulnerabilities’ impact on consumers.
[...] The two vulnerabilities are “glaring warning signs that we must take cybersecurity more seriously,” McNerney argues in the letter. “Should the vulnerabilities be exploited, the effects on consumers’ privacy and our nation’s economy and security would be absolutely devastating.”
Privately disclosed to chipmakers in June of 2016, the Meltdown and Spectre bugs became public after a haphazard series of leaks earlier this month. In the aftermath, there have been significant patching problems, including an AMD patch that briefly prevented Windows computers from booting up. Intel in particular has come under fire for inconsistent statements about the impact of the bugs, and currently faces a string of proposed class-action lawsuits relating to the bugs.
Meltdown can be fixed through a relatively straightforward operating-system level patch, but Spectre has proven more difficult, and there have been significant patching problems in the aftermath. The most promising news has been Google’s Retpoline approach, which the company says can protect against the trickiest Spectre variant with little negative performance impact.
The letter calls on the CEOs of Intel, AMD, and ARM to answer (among other things) when they learned about these problems and what they are doing about it.
(Score: 3, Interesting) by Azuma Hazuki on Wednesday January 17 2018, @10:40PM (4 children)
So, you're thinking of a HCAYD (halt and capture all yer data) opcode then? I wish i were merely joking, but this is precisely the kind of sneaky shit I'd do in this situation. Once I read about undocumented opcodes the first concern was "shit, THIS is where the boys at the puzzle palace have their backdoor, isn't it?"
I am "that girl" your mother warned you about...
(Score: 3, Insightful) by frojack on Thursday January 18 2018, @12:52AM (3 children)
Well, yes, in a purely evil world.
But look we are talking about Intel here. Made up of smart people, but not blindingly so. Not god like or devil like. Just ordinary nerds who like beer and football an nice cars, and good looking women. They change jobs, retire, get fired at similar rates to other high functioning nerds.
Look how many people knew about the Volkswagen pollution defeat. It was whispered about for years, and finally one company figured out how to test for it, notified US Authorities and Game Over. Even with the wagons circled, and protected by their government, the truth is coming out and some high placed German executives dare not step outside their own country.
Honest Question: How long could this have been kept secret if it were actually planned, and even narrowly known?
How many programmers seriously consider the possibility that the value the put into a register at line 358 in the code might no longer be the same at line 361 due to a gama ray or something. Who sets and checks parity on every value written and read back?
So I'm invoking Occam's Razor. I doubt anyone thought any of these shortcuts could be leveraged in the real world. It took 30 years to find the first examples.
No, you are mistaken. I've always had this sig.
(Score: 2) by Azuma Hazuki on Thursday January 18 2018, @05:58AM
Hanlon's Razor, a different one, has long since lost its edge with these people. We are dealing with a situation where ignorance, at least in terms of its effects, differs little from malice.
I am "that girl" your mother warned you about...
(Score: 2) by DannyB on Thursday January 18 2018, @02:26PM
I always thought I was a bit paranoid. After Snowden I realized that every paranoid thing I had thought was not only reality but already had been reality for a long time. Now I realize that no matter how paranoid a scenario I may imagine, it is probably not paranoid enough.
These people can and would implement magical invalid opcodes in microprocessors. After all, they implemented the Management Engine. Who would have even thought of that? There are no limits to how far these people will go to access your pr0n collection.
Management Engine was kinda sorta publicly known but remained under the radar for years until fairly recently. It's baked into microprocessors that are in everything now.
The beauty of an invalid opcode implementation like what I described is that you can't detect it even though any reasonable amount of exploration. The "unlock magic mode" opcode traps as an invalid opcode unless an improbable pattern of values are in certain registers.
I continued thinking about this later after I had posted. Let me continue that thought. One way this type of magic might get discovered is by scanning executable code for invalid opcodes. So let's not use any invalid opcodes. The magic mode opcode would require the improbable pattern of values in all registers, followed by a Jump To Subroutine PC relative addressing into the immediate argument value of some nearby instruction. That other instruction's immediate argument value is the invalid opcode, and it then does a return so that execution continues after the jump to subroutine instruction. All other invalid opcodes are implemented the same way. You must code the invalid opcode as an immediate value argument in some other nearby instruction, then JSR to it, it returns and performs it's magic function. This improved approach to what I described protects against discovery of invalid opcodes by mere scanning of executables for invalid opcodes.
There could be a whole menu of new invalid opcodes. Instructions to access kernel memory. Change processor privilege level. Communicate with the management engine in devious ways. Dare to imagine the possibilities.
Don't even think that they might not devise some devilish thing like this. They don't care about you or me. They just want absolute power. And absolute power tweets absolute crazy.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by schad on Thursday January 18 2018, @04:47PM
I've worked at Intel, and they are staggeringly paranoid about their IP. There are so many levels of classification, including compartmentalized need-to-know, that it may well be possible to slip in a back door that won't be detected. The asinine secrecy probably makes back doors easier to create.