ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Major Intel CPU vulnerability

    Scheduled Pinned Locked Moved IT Discussion
    260 Posts 29 Posters 41.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      Think of it another way, imagine if Intel made door locks. They discover that there is a way to unlock the doors without the key. They then call a bunch of your competitors and tell them about how your doors can be bypassed without you knowing.

      That's exactly what Intel did. They sold the security secrets of the many, to a few partners with the deepest pockets. As far as I'm concerned, people should be going to jail over this.

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @StorageNinja
        last edited by

        @storageninja said in Major Intel CPU vulnerability:

        It takes 3 seconds to look at his stock trades and see the pattern, and another 5 minutes to see that he filed paperwork for this plan back in 2015

        At the end of Q4 he sells his awards. Nothing to see here fake news from the internet mob who's too lazy to learn basic finance skills.

        You sure about those details?

        http://www.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1

        ObsolesceO 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller
          last edited by scottalanmiller

          Pretty cut and dry insider trading, I wonder how much of hiding this flaw from the public was solely to hide the insider trading?

          " To avoid charges of trading on insider knowledge, executives often put in place plans that automatically sell a portion of their stock holdings or exercise some of their options on a predetermined schedule, typically referred to as Rule 10b5-1(c) trading plans. According to an SEC filing, the holdings that Krzanich sold in November — 245,743 shares of stock he owned outright and 644,135 shares he got from exercising his options — were divested under just such a trading plan.

          But Krzanich put that plan in place only on October 30, according to the filing. "

          S 1 Reply Last reply Reply Quote 0
          • ObsolesceO
            Obsolesce @scottalanmiller
            last edited by

            @scottalanmiller said in Major Intel CPU vulnerability:

            @storageninja said in Major Intel CPU vulnerability:

            It takes 3 seconds to look at his stock trades and see the pattern, and another 5 minutes to see that he filed paperwork for this plan back in 2015

            At the end of Q4 he sells his awards. Nothing to see here fake news from the internet mob who's too lazy to learn basic finance skills.

            You sure about those details?

            http://www.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1

            It very well may not be the case... I mean, 5 minutes and 3 seconds of research is barely anything.

            1 Reply Last reply Reply Quote 1
            • scottalanmillerS
              scottalanmiller
              last edited by

              Of course, Intel is the same vendor that sells the majority of the world's FakeRAID. So what do we really expect?

              1 Reply Last reply Reply Quote 0
              • nadnerBN
                nadnerB
                last edited by

                1 Reply Last reply Reply Quote 3
                • S
                  StorageNinja Vendor @scottalanmiller
                  last edited by StorageNinja

                  @scottalanmiller said in Major Intel CPU vulnerability:

                  Pretty cut and dry insider trading, I wonder how much of hiding this flaw from the public was solely to hide the insider trading?

                  " To avoid charges of trading on insider knowledge, executives often put in place plans that automatically sell a portion of their stock holdings or exercise some of their options on a predetermined schedule, typically referred to as Rule 10b5-1(c) trading plans. According to an SEC filing, the holdings that Krzanich sold in November — 245,743 shares of stock he owned outright and 644,135 shares he got from exercising his options — were divested under just such a trading plan.

                  But Krzanich put that plan in place only on October 30, according to the filing. "

                  The plan was created in 2015 per Bloomberg.
                  You can also see the history of transactions here.

                  Since the plan was set up, Krzanich has had a common trading pattern. In February, he gets his equity payout under Intel’s performance-based incentive plan. For fiscal years 2015, 2016 and 2017, he received 89,581, 87,061 and 278,868 shares, respectively. Then in the last quarter of each of those years, he makes sales that are proportionate to the awards he got. In the last quarter of 2015, he sold 70,000 and in 2016 he sold more than 50,000. And this year, the sale was much larger in light of the large payout he got in February.

                  Looks like he traded on 11/29.
                  Market Close was at $43.95 that day. Market Close today is $44.74 today. I expect Intel shares to go up as people realize public clouds need to buy 20% more compute this quarter (and it's too late to qualify to move those workloads to ARM/AMD systems, nor can AMD/GF handle an order that large).

                  While I know insider trading doesn't require you actually make money off of it, I'd argue he missed out on gains by not waiting to sell until now. Intel is clearly fine, and while this is painful for a lot of people who have to go do patching, the market isn't punishing Intel in any serious way.

                  Note: the stock has doubled under Brian as CEO. This design decision was made in 1995 (well technically earlier given how long it takes to get something out the door).

                  Equifax is different in that their trades were NOT scheduled. Those yahoos are going to jail or to pay a token fine and promise not to do it again.
                  Also, EqualFax has only recovered 1/2 of its losses from the breach.

                  Full SEC yadayadayada disclaimer, I hold no Intel, but am considering a long position in the near future.

                  https://www.bloomberg.com/news/articles/2018-01-04/intel-ceo-krzanich-slashed-stock-holdings-at-end-of-last-year

                  scottalanmillerS 1 Reply Last reply Reply Quote -1
                  • J
                    Jimmy9008
                    last edited by

                    Do we have to patch for this?

                    I can see cloud/providers patching of course, as its shared infrastructure. However, we run everything on our own completely owned hardware, in the office. The host/VMs running on our local servers are our hosts and VMs.

                    We run a risk that if somebody gains access to a VM or a host that they can do a range of unwanted things, however, with access they could do many things, not just this attack, and we would have far bigger problems...

                    So, is it worth patching for this on 'private' servers and potentially losing 30% of performance, or leave unpatched...

                    I will of course patch as i'd feel like an idiot for not patching should something happen; just curious as to whether leaving this patch off is valid in any way...

                    What do ya'll think? I'm currently live migrating a load of VMs off of one of our T630s to apply the patch and do some testing.

                    1 Reply Last reply Reply Quote 0
                    • J
                      Jimmy9008 @Dashrender
                      last edited by

                      @dashrender said in Major Intel CPU vulnerability:

                      @jimmy9008 said in Major Intel CPU vulnerability:

                      Does anybody know if Dell have released firmware for T630 server for the hardware? I cant seem to find that info on Dells site...

                      -its ok, think I've found it, and its this... Update

                      Damn, on the bleeding edge on that one.

                      I looked for some HP things yesterday - nada.

                      I'm guessing by the end of January, we'll start seeing more firmware updates.

                      Now the question is, how far back are the vendors going to go?

                      I've applied the patch. Now Microsoft shows protection enabled for 'rogue data cache load', but shows as 'False' for 'branch target injection'.

                      I'm guessing that Dell will be sending out another update for their systems to address that. Anybody able to confirm?

                      I have opened a call with Dell Support to verify.

                      J 1 Reply Last reply Reply Quote 0
                      • J
                        Jimmy9008 @Jimmy9008
                        last edited by

                        @jimmy9008 said in Major Intel CPU vulnerability:

                        @dashrender said in Major Intel CPU vulnerability:

                        @jimmy9008 said in Major Intel CPU vulnerability:

                        Does anybody know if Dell have released firmware for T630 server for the hardware? I cant seem to find that info on Dells site...

                        -its ok, think I've found it, and its this... Update

                        Damn, on the bleeding edge on that one.

                        I looked for some HP things yesterday - nada.

                        I'm guessing by the end of January, we'll start seeing more firmware updates.

                        Now the question is, how far back are the vendors going to go?

                        I've applied the patch. Now Microsoft shows protection enabled for 'rogue data cache load', but shows as 'False' for 'branch target injection'.

                        I'm guessing that Dell will be sending out another update for their systems to address that. Anybody able to confirm?

                        I have opened a call with Dell Support to verify.

                        I restarted around 4 times, then ran 'Install-Module SpeculationControl' again and it worked.

                        DustinB3403D 1 Reply Last reply Reply Quote 0
                        • DustinB3403D
                          DustinB3403 @Jimmy9008
                          last edited by

                          @jimmy9008 You absolutely need to be patching, for the very reasons you've mentioned questioning whether patching is worth it for private industries.

                          1 Reply Last reply Reply Quote 0
                          • EddieJenningsE
                            EddieJennings
                            last edited by

                            In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.

                            DashrenderD 1 Reply Last reply Reply Quote 3
                            • DanpD
                              Danp
                              last edited by

                              https://www.theregister.co.uk/2018/01/08/microsofts_spectre_fixer_bricks_some_amd_powered_pcs/

                              1 Reply Last reply Reply Quote 0
                              • ObsolesceO
                                Obsolesce
                                last edited by

                                In a cloud hosting scenario, VPS...

                                If the host is patched, and guest1 VM is patched, but guest2 VM is not patched... are there still meltdown or spectre vulnerabilities for guest1?

                                How exactly does this work?

                                1 Reply Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @EddieJennings
                                  last edited by

                                  @eddiejennings said in Major Intel CPU vulnerability:

                                  In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.

                                  I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.

                                  EddieJenningsE 1 Reply Last reply Reply Quote 0
                                  • EddieJenningsE
                                    EddieJennings @Dashrender
                                    last edited by

                                    @dashrender said in Major Intel CPU vulnerability:

                                    @eddiejennings said in Major Intel CPU vulnerability:

                                    In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.

                                    I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.

                                    The question then is whether or not the OS patching will be sufficient.

                                    DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @EddieJennings
                                      last edited by

                                      @eddiejennings said in Major Intel CPU vulnerability:

                                      @dashrender said in Major Intel CPU vulnerability:

                                      @eddiejennings said in Major Intel CPU vulnerability:

                                      In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.

                                      I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.

                                      The question then is whether or not the OS patching will be sufficient.

                                      While these are some pretty nasty vulnerabilities, I don't currently consider them that horrible. As I understand it (and I leave TONS of room to learn new things about these) you can only be affected if you run untrusted code on your system. Assuming that webpages can't take advantage, this amounts to the same level of issue as a typical virus.

                                      Assuming hardware vendors don't produce updates for hardware more than say 3 years old - how many here are going to be replacing their machines/devices (don't forget your android phones are affected too - last I heard)?

                                      scottalanmillerS 2 Replies Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @EddieJennings
                                        last edited by

                                        @eddiejennings said in Major Intel CPU vulnerability:

                                        @dashrender said in Major Intel CPU vulnerability:

                                        @eddiejennings said in Major Intel CPU vulnerability:

                                        In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.

                                        I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.

                                        The question then is whether or not the OS patching will be sufficient.

                                        Depends if it is Intel based or from a more security-minded vendor.

                                        EddieJenningsE 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @Dashrender
                                          last edited by

                                          @dashrender said in Major Intel CPU vulnerability:

                                          @eddiejennings said in Major Intel CPU vulnerability:

                                          @dashrender said in Major Intel CPU vulnerability:

                                          @eddiejennings said in Major Intel CPU vulnerability:

                                          In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.

                                          I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.

                                          The question then is whether or not the OS patching will be sufficient.

                                          While these are some pretty nasty vulnerabilities, I don't currently consider them that horrible. As I understand it (and I leave TONS of room to learn new things about these) you can only be affected if you run untrusted code on your system. Assuming that webpages can't take advantage, this amounts to the same level of issue as a typical virus.

                                          Assuming hardware vendors don't produce updates for hardware more than say 3 years old - how many here are going to be replacing their machines/devices (don't forget your android phones are affected too - last I heard)?

                                          In a desktop or laptop case, the risk is tiny compared to the big fear of shared computing environments.

                                          1 Reply Last reply Reply Quote 1
                                          • EddieJenningsE
                                            EddieJennings @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in Major Intel CPU vulnerability:

                                            @eddiejennings said in Major Intel CPU vulnerability:

                                            @dashrender said in Major Intel CPU vulnerability:

                                            @eddiejennings said in Major Intel CPU vulnerability:

                                            In addition to OS patches, I assume we ought to be looking for BIOS updates as well, which, with many of our ancient desktops, there will probably be none.

                                            I don't expect any for my 3 year old laptops, let alone my 5-7 year old desktops.

                                            The question then is whether or not the OS patching will be sufficient.

                                            Depends if it is Intel based or from a more security-minded vendor.

                                            All Dell and all Intel.

                                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 6
                                            • 7
                                            • 8
                                            • 9
                                            • 10
                                            • 11
                                            • 12
                                            • 13
                                            • 8 / 13
                                            • First post
                                              Last post