The More I Read About Meltdown And Spectre…

January 7th, 2018

The more I wonder: Are these bugs, or features?

5 Responses to “The More I Read About Meltdown And Spectre…”

  1. cryingfreeman Says:

    My thoughts too, Kevin. I wonder what bounty the fixes will bring.

  2. Kevin Says:

    haha I almost forgot about this. TAO Inside:

    http://cdn2.spiegel.de/images/.....584021.jpg

  3. cryingfreeman Says:

    Nice one – I want to print it out and glue it to my laptop.

    The more I think about this, the more I just can’t see how Intel could have missed it. So I’m now close to certain it was a deliberately engineered passive exploitable feature that those in the know could avail of on an as-needed basis.

    Meanwhile, did you hear that AMD chips appear to be turning to bricks with the Spectre patch on Windows machines?

    https://www.theregister.co.uk/2018/01/08/microsofts_spectre_fixer_bricks_some_amd_powered_pcs/

  4. Kevin Says:

    I didn’t know that: re Athlon chips. Luckily, it “worked” ok on my son’s Ryzen box. “Worked” meaning the patch applied and the machine is still usable. Who knows what the blob actually does…

    As for if this mess is intentional: Well, we’re expected to believe that engineers at Intel, Apple, AMD, IBM, ARM and Qualcomm all overlooked the issues around Meltdown and Spectre.

    Yet, I don’t see anyone mentioning that “TAO Inside” with regard to this. Maybe it’s too unthinkable.

    See this:

    http://www.cryptogon.com/?p=48132

    NSA’s Hacker-in-Chief: We Don’t Need Zero-Days To Get Inside Your Network

    He says:

    “I think a lot of people think the nation states are running on this engine of zero-days. You go out with your skeleton key and unlock the door and you’re in. It’s not that,” he said.

    “I will tell you that persistence and focus will get you in, will achieve that exploitation without the zero-days,” he continued “There’s so many more vectors that are easier, less risky and quite often more productive than going down that route.”

    He doesn’t say “We don’t have that capability.” He says that they use other, easier vectors rather, “than going down that route.”

    I imagine a City of Los Angeles phonebook thickness of exploits that they can run against whatever system they’re trying to access.

    The one that still leaves be bugeyed, years later, is this:

    http://www.cryptogon.com/?p=46041

    So, if something like that is possible… Hmm.

    A couple of other links I’d like to include here, for context:

    Stallman: How I do my computing

    https://stallman.org/stallman-computing.html

    The Stallman link is not so much to encourage people to try to follow his example. (My hat is off to you if you can.) It’s just to show how far gone we are in terms of the privacy situation.

    If anyone thinks Stallman is nuts, I’d direct them to get comfortable and read this:

    Who Controls Your Computer? (And How to make sure it’s you)

    http://fare.tunes.org/computin.....puter.html

    Indeed, Stallman was right:

    https://www.reddit.com/r/StallmanWasRight/

  5. cryingfreeman Says:

    Yes, the fact that the same oversight was made by engineers at all those different chip manufacturers screams “exploitable by design”.

    Those Stallman links are jaw dropping; obviously he is wedded (or welded!) to a cast iron set of principles that constrain what he does, but there’s plainly an unfathomably deep level of understanding of, and distress at, the security and privacy situation of modern computing in his thinking too.

    You know how the USG has often made loud noises about the threat encryption poses and how it’s a de facto munition? Makes you wonder if their actual aim is to get you to use it and to misplace your trust in it. Sure, it will keep 99% of laptop thieves out of your private files if you’ve done it right, but we have to assume it’s meaningless if you’re machine is being worked over by Big Brother.

Leave a Reply

You must be logged in to post a comment.