The lawsuit against Intel was launched last week and yesterday a similar case was launched against AMD by a shareholder, alleging that the company knew about their vulnerability to Spectre and hid that information causing detrimental affects to stock prices. There were several interesting points in the way the two cases differ, which The Register highlighted. The first is the timing, Intel's case encompasses the time from 27 July 2017, to 4 January 2018 while AMD's lawsuit starts the day of their last end of year report, 21 February, 2017. Not only does this encompass a longer period of time that the suit against Intel, it starts well before 1 June, 2017 when Project Zero first informed AMD of the vulnerability. Also worth noting is that AMD's stock prices are higher than they were at the beginning of 2017 which makes any damage to share prices hard to demonstrate.
The various companies that are vulnerable to Spectre, Meltdown or both need to make right by this but it is somewhat interesting to see the disparity between these two specific cases.
"Responding to the class-action lawsuit, an AMD PR rep told The Reg: "We believe these allegations are without merit. We intend to vigorously defend against these baseless claims."
Here is some more Tech News from around the web:
- Tim Cook Says Power Management Feature In Older iPhones Will Be Able To Be Turned Off In Future Update @ Slashdot
- Free gift for all readers: Google's AutoML launch translated into plain English (where possible) @ The Register
- ChaiOS is the 'text bomb' that's borking iMessage on macOS and iOS @ The Inquirer
“1 June, 2017 when Project
“1 June, 2017 when Project Zero first informed AMD of the vulnerability”, so AMD needs time to do some testing of its own and test any Proof Of Code and then more time to engineer a fix before the vulnerability should be disclosed. AMD would get more lawsuits from any premature disclosure if there where no fixes available and Google’s project Zero gives a 90-day-deadline in the problem is being ignored, and these problems where not being ignored by AMD/Others.
There is also the question of Google’s Project Zero being convinced that there may be more time necessary than only 90 days because of the Hardware nature of the Meltdown and Spectre Bugs and that’s a bit different than simply some software fixes as it also includes microcode fixes. So did Googles’ Project Zero itself hold off on revealing anything after that 90 day deadline due to the severity/complexity of the problems related to remediation of the Meltdown and Spectre issues in both hardare and OS/Software.
There are a lot of issues to consider and any lawsuits with ill conceived timelines are not going to make it past any initial judicial findings on justifiable delays in reporting any vulnerabilities until the remediation steps are finished and can be pushed out.
There are necessary steps necessary to revealing any security vulnerabilities and the proper patches have to be engineered and Google’s Project Zero/other security researchers can be asked for more time if the complexity of the problems requires more time. This, after all, affects more than just AMD and Intel x86 designs it affects all the other ARM/Power/Sparc/etc microprocessors and mainframes also.
Here is an interesting article from the Verge(1) so this timeline needs to be looked at and this was no normal set of security issues for sure.
According to the Verge Article:
“Project Zero’s official policy is to offer only 90 days before going public with the news, but as more companies joined, Zero seems to have backed down, more than doubling the patch window. As months ticked by, companies began deploying their own patches, doing their best to disguise what they were fixing. Google’s Incident Response Team was notified in July, a month after the initial warning from Project Zero. ” (1)
“Keeping Spectre secret
How an industry-breaking bug stayed secret for seven months — and then leaked out”
[Spam Filter Blocking link so fix the link with the proper hyperlink info]
w w w theverge Dot com/2018/1/11/16878670/meltdown-spectre-disclosure-embargo-google-microsoft-linux
I wonder how they would make
I wonder how they would make the case they knew about Spectre, even if you suspected BTB could be used as a sidechannel the way Spectre did it was far from obvious. Unlike Meltdown, which was a pretty straightforward exploit all considering.
Guess what, Intel’s CEO
Guess what, Intel’s CEO months before the Meltdown flaw was announced sold all $27 million dollars worth of his stock in Intel. No one has to tell me, that Intel didn’t know about the Meltdown flaw before hand.
With Intel’s flaw, it goes all the way back to first gen i7 cpu’s and there is no word, when or if those cpu’s including Haswell chips, like I have will ever get the bios fix.
Don’t forget the laptop OEMs
Don’t forget the laptop OEMs as they will most likely not be providing the proper microcode fixes with any new firmware updates on the older laptop SKUs with millions of SandyBridge and IvyBridge based SOC’s in laptops out there.
Those first generation Intel core i series laptops need the same sorts of fixes and fat chance that will happen.
But you know before folks knew about Meltdown and Spectre that Intel was an abusive monopoly ineterest and people did not see any problem with that. And now folks are shafted with their mostly Intel SOC based laptops that may never see any fixes from the laptop’s OEMs. So Intel chose performance over security and wasted billions on Contra Revenue to buy its way into the mobile market and that did not work out so well for phones and tablets but Intel doninated the laptop markets with kickbacks for decades even when AMD’s APUs offered better graphics.
At one time everybody was happy with Intel Inside until Meltdown/Spectre came along and see where monopolies get the consumer in the long run.
I have no respect for
I have no respect for companies such as this, not when they keep secrets like this, or in the case of Intel start selling stock before it’s announced.
You might want to re-read the
You might want to re-read the post. AMD are being accused of keeping something secret that they didn’t even know about in the time-frame presented. The case is absurd.
This is going to be
This is going to be impossible to prove…
AMD is the LEAST vulnerable of all. (intel, arm, apple, etc..)
I can already see all party joining against this and plaintiff just being money bags for the lawyers….
This case is probably
This case is probably financed by Intel to try and get focus shifted from them. They are very capable to do this and has done unethical stuff before.