SoylentNews is people
SoylentNews
Vox Media website theverge.com reports that Rep. Jerry McNerney (D-CA) wants answers about the recent computer chip chaos.
Congress is starting to ask hard questions about the fallout from the Meltdown and Spectre vulnerabilities. Today, Rep. Jerry McNerney (D-CA) sent a letter [(pdf)] requesting a briefing from Intel, AMD, and ARM about the vulnerabilities’ impact on consumers.
[...] The two vulnerabilities are “glaring warning signs that we must take cybersecurity more seriously,” McNerney argues in the letter. “Should the vulnerabilities be exploited, the effects on consumers’ privacy and our nation’s economy and security would be absolutely devastating.”
Privately disclosed to chipmakers in June of 2016, the Meltdown and Spectre bugs became public after a haphazard series of leaks earlier this month. In the aftermath, there have been significant patching problems, including an AMD patch that briefly prevented Windows computers from booting up. Intel in particular has come under fire for inconsistent statements about the impact of the bugs, and currently faces a string of proposed class-action lawsuits relating to the bugs.
Meltdown can be fixed through a relatively straightforward operating-system level patch, but Spectre has proven more difficult, and there have been significant patching problems in the aftermath. The most promising news has been Google’s Retpoline approach, which the company says can protect against the trickiest Spectre variant with little negative performance impact.
The letter calls on the CEOs of Intel, AMD, and ARM to answer (among other things) when they learned about these problems and what they are doing about it.
(Score: 2) by DannyB on Thursday January 18 2018, @02:26PM
I always thought I was a bit paranoid. After Snowden I realized that every paranoid thing I had thought was not only reality but already had been reality for a long time. Now I realize that no matter how paranoid a scenario I may imagine, it is probably not paranoid enough.
These people can and would implement magical invalid opcodes in microprocessors. After all, they implemented the Management Engine. Who would have even thought of that? There are no limits to how far these people will go to access your pr0n collection.
Management Engine was kinda sorta publicly known but remained under the radar for years until fairly recently. It's baked into microprocessors that are in everything now.
The beauty of an invalid opcode implementation like what I described is that you can't detect it even though any reasonable amount of exploration. The "unlock magic mode" opcode traps as an invalid opcode unless an improbable pattern of values are in certain registers.
I continued thinking about this later after I had posted. Let me continue that thought. One way this type of magic might get discovered is by scanning executable code for invalid opcodes. So let's not use any invalid opcodes. The magic mode opcode would require the improbable pattern of values in all registers, followed by a Jump To Subroutine PC relative addressing into the immediate argument value of some nearby instruction. That other instruction's immediate argument value is the invalid opcode, and it then does a return so that execution continues after the jump to subroutine instruction. All other invalid opcodes are implemented the same way. You must code the invalid opcode as an immediate value argument in some other nearby instruction, then JSR to it, it returns and performs it's magic function. This improved approach to what I described protects against discovery of invalid opcodes by mere scanning of executables for invalid opcodes.
There could be a whole menu of new invalid opcodes. Instructions to access kernel memory. Change processor privilege level. Communicate with the management engine in devious ways. Dare to imagine the possibilities.
Don't even think that they might not devise some devilish thing like this. They don't care about you or me. They just want absolute power. And absolute power tweets absolute crazy.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.