This site may earn affiliate commissions from the links on this page. Terms of utilise.

Intel-Chipset

The Spectre and Meltdown security stories were the major focus of the week. While both flaws are serious, Spectre hits everyone, while Intel is the company principally exposed by Meltdown. Meltdown is also the flaw associated with early reports of operation losses in some web servers and virtualization workloads, though it's still not at all clear what kind of real-world penalties we should be expecting. Nevertheless, lawsuits are already starting to pile up, and there's a lot of discussion over CEO Brian Krzanich'due south recent stock sale.

Intel's initial response to Meltdown was a masterful instance of corporate doublespeak. Information technology opens by noting Intel doesn't believe the exploit can be used "to corrupt, modify, or delete data," even though that's literally not the problem existence discussed. Meltdown allows data to be read out of kernel memory; information technology doesn't let the attacker write information technology. Intel doesn't distinguish between Meltdown and Spectre, and it proper name-checks AMD and ARM as a fashion of making the risk profile of the situation seem more evenly distributed than it appears to be. If Intel was hoping to avoid lawsuits, however, it hasn't worked. Equally Gizmodo details, three separate grade action suits take been filed confronting the company already.

ARM defines its own 3a variant of meltdown only doesn't believe a software fix is required. Only the Cortex-A75 is affected by Meltdown (Variant 3).

What's less articulate is whether these lawsuits have any meaningful reason to be. They've all been filed on behalf of consumers on the ground of lost performance, but we don't accept any information yet showing that consumer applications are impacted by Meltdown or Spectre. Until that's proven, the lawsuit continuing seems a tad weak.

Intel CEO Brian Krzanich's actions, however, could still spell some trouble for the CPU behemothic. On Oct 30, months later existence informed of the Meltdown and Spectre security flaws, Krzanich announced he would liquidate some 245,000 shares of Intel stock. He currently holds 250,000 shares, the minimum he'south required to hold as company CEO. All told, he sold $l 1000000 worth of stock at the tail stop of the year, only before news of these bugs began to break. The SEC could choose to investigate the situation — it launched an investigation of suspiciously timed stock sales in the Equifax breach this year — merely no announcements have been made notwithstanding.

Just while Intel's treatment of its PR response to this ready of flaws deserves criticism, the security flaws themselves volition exist difficult to pin on negligence. Speculative processing and out-of-lodge execution accept been critical components of loftier-end CPU operation for decades. Intel may exist uniquely exposed to Meltdown, simply Spectre hits everyone precisely because it weaponizes functional characteristics in a way that wasn't done before. It's hard to argue that a company was negligent in its designs when no 1 had previously identified an attack vector to protect confronting, or created even a proof-of-concept to expose the issue.