This story has initiated a lot of guesswork and is likely not as bad as it is being made out to be, however it is a great example of how not to react to a major flaw. Without even delving into the selling of Intel stocks, it is already easy to point out how bad the Spectre and Meltdown flaws have been handled; from the initial Microsoft patches offering possible performance degradation to the Intel microcode patches rebooting machines and the final official recommendation to avoid the patches altogether for now.
As Slashdot linked to today, Intel reached out to their major customers before alerting the general public about the issue. This is a common practice in the industry, to inform vendors, resellers and manufacturing partners about major changes that they will be required to implement to mitigate a patch. However in these days of 'cyberwarfare', there is some cause for concern that foreign companies may have communicated this information knowingly or not, to their respective governments. Intel chose not to inform governments directly about the flaws, something which seems like it really should be done in today's world. It is unlikely anything horrible has happened on a widespread basis because of this flaw and the playing field is now level again; however this remains a great example of how not to deal with the discovery of a major architectural flaw which continues to cause grave security concerns globally.
"According to The Wall Street Journal, Intel initially told a handful of customers about the Meltdown and Spectre vulnerabilities, including Chinese tech companies like Alibaba and Lenovo, before the U.S. government. As a result, the Chinese government could have theoretically exploited the holes to intercept data before patches were available."
Here is some more Tech News from around the web:
- The Coolest Electronic Toys You’ll See At NAMM @ Hack a Day
- FYI: Processor bugs are everywhere – just ask Intel and AMD @ The Register
- Malwarebytes apologies for dodgy update that borked customers PCs @ The Inquirer
- Linux 4.15 kernel goes stable a week after surprise RC9 @ The Inquirer
- New Windows patch disables Intel’s bad Spectre microcode fix @ Ars Technica
- Lenovo's craptastic fingerprint scanner has a hardcoded password @ The Register
- Guru3D Rig of the Month – January 2018