xenopeek wrote: ⤴Wed May 15, 2019 8:45 am
I find it worrying that RIDL can be exploited through JavaScript in web browsers (existing side-channel attack mitigations don't work) but Intel refused to inform Mozilla and Google in advance of publication. Intel also tried to keep the vulnerability under wraps for another 6 months and only went public now after pressure from the researchers who would otherwise have gone public. That's serving shareholders, not customers.
Businesses are, on the whole, far more interested in profit and image than they are in anything else. They will cut corners and shaft customers and employees alike to save a buck (and claim this is them being "more efficient and cost-effective" than government) yet this is exactly why there's been the need, over the course of the last ~12 to 14 decades, to enact regulations restricting what they do and how they do it. It's my feeling that both Intel and AMD, even though AMD is claiming innocence
this time, are going to cause brand new sorts of regulation¹ to be brought down on their own heads if this sort of thing continues to happen.
AMD's response is a good poke at Intel:
For
now, perhaps, but I wouldn't trust them any more than Intel or anyone else.
At AMD we develop products and services with safety in mind. Based on our own analysis and discussions with the researchers, we believe that our products are not subject to 'Fallout', 'RIDL' and 'ZombieLoad', thanks to the hardware protection in our architecture. We have not been able to demonstrate these leaks in AMD's products, and we are not aware of others who have succeeded. [Emphasis added.]
Those are examples of
parsing language and possibly even
deflection. It's the language of a company out to save it's own hide.
¹ Of course, both of these companies are American, and in America there's a massive movement out there to cast regulation as being tantamount to government overreach, so it's unlikely at this time we will see anything other than token fines levied to make it appear as though something's being done.
Flying this flag in support of freedom 🇺🇦
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts:
Linux Unplugged,
Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel