Congress Has Questions About Meltdown and Spectre

Discussion in 'HardForum Tech News' started by rgMekanic, Jan 29, 2018.

  1. rgMekanic

    rgMekanic [H]ard|News Staff Member

    Messages:
    3,725
    Joined:
    May 13, 2013
    Congress has some questions about Meltdown and Spectre, and they are calling out those involved. Members of the Committee on Energy and Commerce have drafted letters to the heads of several companies involved in the security flaw. The companies whose CEO's received letters are; Apple, Amazon, AMD, ARM, Google, Intel, and Microsoft

    There are some serious questions in these letter, and I am very much looking forward to hearing the response that these companies have to them. The first question in particular "Why was an information embargo related to the Meltdown and Spectre vulnerabilities imposed?" is particularly good. Big thanks to thesmokingman for the story.

    As more products and services become connected, no one company, or even one sector working in isolation can provide sufficient protection for their products and users. Today, effective responses require extensive collaboration not only between individual companies, but also across sectors traditionally siloed from one another. This reality raises serious questions about not just the embargo imposed on information regarding the Meltdown and Spectre vulnerabilities, but on embargos regarding cybersecurity vulnerabilities in general.
     
  2. Gigus Fire

    Gigus Fire 2[H]4U

    Messages:
    2,275
    Joined:
    Oct 14, 2004
    Great. Stupid people who don't understand technology getting involved.
    They really should be asking why the Chinese government was notified before the US government.
     
    PaulP, BloodyIron, Rahh and 16 others like this.
  3. sfsuphysics

    sfsuphysics I don't get it

    Messages:
    13,664
    Joined:
    Jan 14, 2007
    So they're basically asking questions to know if all their secret emails will soon get "hacked" and spread to the public a'la Hillary.
     
    Rahh, Armenius, Travolta and 2 others like this.
  4. Putz

    Putz I have a custom title

    Messages:
    5,278
    Joined:
    Jul 8, 2002
    probably because the stuff is made in China, and the USA isnt the center of the universe
     
  5. Nolan7689

    Nolan7689 [H]ard|Gawd

    Messages:
    1,211
    Joined:
    Jun 5, 2015
  6. Spidey329

    Spidey329 [H]ardForum Junkie

    Messages:
    8,677
    Joined:
    Dec 15, 2003
    I really hope Apple doubles down here and replies with "What's a computer?"

    One part of me wants to think it has something to do with AWS and the embargo, since their data centers would be massively impacted.

    The realist part of me thinks that it was likely just the senators picking "tech companies" they've heard of. I'm surprised Netflix isn't listed for this very reason.


    The information embargo existed to prevent the exploit from being utilized before the major tech companies could formulate a plan of action / patches. Same reason Google didn't publicly disclose it and went directly to the chip manufacturers with the info (e.g. a deadline is given for them to react).

    The issue is that it came out that Intel met with Chinese tech companies (which likely made it to the Chinese govt.) before - allegedly - meeting with US sources.

    Hence why Congress is taking an interest.
     
    Last edited: Jan 29, 2018
    Armenius, WhoMe, lostin3d and 3 others like this.
  7. Spaceninja

    Spaceninja [H]ard|Gawd

    Messages:
    1,674
    Joined:
    Sep 15, 2004
    lol these morons. They can't even be bothered to read a bill before they pass it or hate on it. What makes them think they can understand why any of this was done?
     
    mynamehere and Seelenlos like this.
  8. Spidey329

    Spidey329 [H]ardForum Junkie

    Messages:
    8,677
    Joined:
    Dec 15, 2003
    We should make a Congress app where it just shows a picture of the bill's text, a brief description, and the sponsor .. they can swipe left or right. It'd probably work just about as well as they do now. We could call it Legislatr.
     
    Nobu, Rahh, Armenius and 7 others like this.
  9. Spaceninja

    Spaceninja [H]ard|Gawd

    Messages:
    1,674
    Joined:
    Sep 15, 2004
    They would probably hire some company to do it. Would take 10 years, be 4 billion over budget and have more bugs than a city dump.
     
    Rahh, Armenius, SomeoneElse and 4 others like this.
  10. thesmokingman

    thesmokingman [H]ardness Supreme

    Messages:
    4,772
    Joined:
    Nov 22, 2008
    Fixed.
     
  11. jnemesh

    jnemesh [H]ard|Gawd

    Messages:
    1,084
    Joined:
    Jan 21, 2013
    The biggest question asked should be why Intel notified a HOSTILE GOVERNMENT (China) ahead of customers in the US!
     
    PaulP, mynamehere, Maxx and 2 others like this.
  12. Gigus Fire

    Gigus Fire 2[H]4U

    Messages:
    2,275
    Joined:
    Oct 14, 2004
    Intel is an American Company? Lets go with that.
     
    Rahh, Armenius, Nightfire and 3 others like this.
  13. viper1152012

    viper1152012 [H]ard|Gawd

    Messages:
    1,025
    Joined:
    Jun 20, 2012
    It's time to renew, RENEW!





    Logan's run anyone?
     
  14. insano70

    insano70 n00b

    Messages:
    11
    Joined:
    Jun 28, 2004
    Can someone help me understand why I keep hearing people complain about the information embargo? This is seems extremely obvious and clear why this was done. Is the online rage just typically whining after the fact, or is there some actual reason it would have been better to publish this many months before any mitigations were close to being ready? Do people think that other exploits always published the second anyone finds them? I know some are but I also know many are not. I don't know why we would want this information published immediately.
     
    defaultluser likes this.
  15. thesmokingman

    thesmokingman [H]ardness Supreme

    Messages:
    4,772
    Joined:
    Nov 22, 2008
    There's many reasons to not have one. The embargo did jack all for the patches, in fact making things worse. Intel profited from the embargo selling a jack load of chips that would later be worth not as much, ho ho they pulled a fast one on everyone yea. Ya think? Now if you want a Meltdown proof cpu from Intel, you can BUY a NEW ONE in a few months. Hello? Do you feel salty yet about that? And oh yea, who else did they notify before their own effin government?
     
    Snowdensjacket and defaultluser like this.
  16. tetris42

    tetris42 [H]ardness Supreme

    Messages:
    4,518
    Joined:
    Apr 29, 2014
    Anyone want to take bets if someone in Congress asks if this is the same Spectre from James Bond?
     
    J3RK likes this.
  17. J3RK

    J3RK [H]ardForum Junkie

    Messages:
    9,014
    Joined:
    Jun 25, 2004
    I've seen this somewhere before. Was this one of our programs?

    No sir, it was in a Bond movie.
     
    Armenius and tetris42 like this.
  18. -PK-

    -PK- [H]ard|Gawd

    Messages:
    1,798
    Joined:
    Aug 6, 2004
    They didn't. They notified big tech companies. The clickbait is that the Chinese government could read those emails if they wanted to.

    The next cpus will have the same patches applied as current cpus. PR will spin this is as being hack proof. It's more accurate to say resistant, but resistant doesn't sell cpus.
     
  19. defaultluser

    defaultluser [H]ardForum Junkie

    Messages:
    12,184
    Joined:
    Jan 14, 2006
    Yeah, compared to a pure software vulnerability, this was a massive hole to plug. Pretending it did not exist for six months just made things worse. It also made the testing base for the patches pointlessly tiny, and encouraged bugs.

    I'm just pissed we're still not getting official Haswell firmware updates, even though the Haswell Refresh and z97 motherboards are less than 4 years old at time of introduction. Even though they were not replaced in retail by Skylake until August 2015, and Skylake was not available in quantity until 6 months later. There are many people who still have Haswell Refresh CPUs covered under Intel warranty.

    It's a complete clusterfuck.
     
    Last edited: Jan 29, 2018
    ncjoe likes this.
  20. DesertCat

    DesertCat Gawd

    Messages:
    565
    Joined:
    Jun 14, 2006
    I can see the questions now, "How does spectre affect the series of tubes that is the internet? If I see ghosting on my monitor, does that mean I've been infected? Is this a friendly ghost (Casper) or an unfriendly ghost (poltergeist)? Can we simply have a priest conduct an exorcism on Intel chips?"
     
    Armenius likes this.
  21. Nanogrip

    Nanogrip Limp Gawd

    Messages:
    429
    Joined:
    Dec 4, 2016
    "This Meltdown and Spectre... are they working with this hacker 4chan?"
     
    Armenius likes this.
  22. Twisted Kidney

    Twisted Kidney 2[H]4U

    Messages:
    3,503
    Joined:
    Mar 18, 2013
    CHINA - CHINA - CHINA - CHINA - CHINA

    The regime has chosen our mortal enemy, Morocco will be CRUSHED!
     
  23. Snowdensjacket

    Snowdensjacket Limp Gawd

    Messages:
    316
    Joined:
    Apr 10, 2017
    I'm surprised they aren't blaming Russia.
     
    Armenius likes this.
  24. Elf_Boy

    Elf_Boy 2[H]4U

    Messages:
    2,289
    Joined:
    Nov 16, 2007
    What really shocks me is how resistant to learning even the basic facts of technology our elected government can be.

    It's a big petulant (and pestilent for the matter) you can't make me I'm a senator for God's sake.

    The willful and deliberate (incompetent even) ignorance is very, very, sad.
     
  25. Maxx

    Maxx [H]ard|Gawd

    Messages:
    1,332
    Joined:
    Mar 31, 2003
    Snowdensjacket and Armenius like this.
  26. Twisted Kidney

    Twisted Kidney 2[H]4U

    Messages:
    3,503
    Joined:
    Mar 18, 2013
    But they get to sit on their fat asses in front of a camera and act all tough and super serious. Grandstanding is what this shit is all about.
     
  27. viper1152012

    viper1152012 [H]ard|Gawd

    Messages:
    1,025
    Joined:
    Jun 20, 2012
    (Congress)"my grandson informed me you have been exploited with backdoors and that I should ask you to fix your back doors so you don't leak our secrets, however we were informed by tweety that you may have told China about our leaky backdoors so they could take advantage of us.. It that about right?"
    (Intel rep)*dying on the inside from laughter* " we have a patch for your backdoor..*snicker* .. And your secrets are safe with us..... *literally dies*
     
  28. lostin3d

    lostin3d [H]ard|Gawd

    Messages:
    1,929
    Joined:
    Oct 13, 2016
    Congress Has Questions About. . . .

    Pretty sure every side of the fence has questions about congress.
     
  29. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,987
    Joined:
    Nov 15, 2016

    its still early, give them time...
     
    Snowdensjacket likes this.
  30. Elf_Boy

    Elf_Boy 2[H]4U

    Messages:
    2,289
    Joined:
    Nov 16, 2007
    How do you know they are not? Have not? Wont?

    Everyone knows Chinese are better at tech... so we all know it was China anyways (Sarcasm).

    We know it was corporate America white washed yes men.
     
  31. cjcox

    cjcox [H]ard|Gawd

    Messages:
    1,076
    Joined:
    Jun 7, 2004
    I heard the family of former Senator Arlen Specter plans to sue over this.

    "We really need to preserve the separation of Congress and technology."
     
  32. Chupachup

    Chupachup Limp Gawd

    Messages:
    435
    Joined:
    Jan 12, 2014
    Let's be honest here. They really want to know if their porn viewing habits might compromise their computers and if that might compromise them. OMG! I used the word "compromise" twice in describing something about Congress. The last place that word is ever used nowadays!
     
  33. tetris42

    tetris42 [H]ardness Supreme

    Messages:
    4,518
    Joined:
    Apr 29, 2014
    Yeah, "compromised" is the more appropriate term when talking about Congress.
     
    Chupachup likes this.
  34. jnemesh

    jnemesh [H]ard|Gawd

    Messages:
    1,084
    Joined:
    Jan 21, 2013
    So, what's your point here? Mine is that they disclosed a MAJOR vulnerability, which could be used by State agents to hack into American systems, and Americans wouldnt even know they were vulnerable until Intel told them!
     
  35. thesmokingman

    thesmokingman [H]ardness Supreme

    Messages:
    4,772
    Joined:
    Nov 22, 2008
    ??

    They were notified about the flaw by Google's team. Then an embargo was initiated. Why was that? And then they notified China, instead of the US. Why? That's what they are asking. Why the fuck are you defending them notifying China first?
     
    rgMekanic likes this.
  36. Gigus Fire

    Gigus Fire 2[H]4U

    Messages:
    2,275
    Joined:
    Oct 14, 2004
    Look, if it was done on the same day, the order doesn't matter. When it's done a week later, there's a definite problem. I get it, both sides are susceptible to attacks from the other side, but when you delay notification for a week, there's a huge problem. Believe it or not, American companies need to follow American laws and have American interests in their minds when they do things on an international scale.