[RndTbl] Spectre NG

Trevor Cordes trevor at tecnopolis.ca
Fri May 4 23:57:29 CDT 2018


On 2018-05-04 Gilbert E. Detillieux wrote:
> The dust hasn't fully settled yet on Meltdown and Spectre, but get
> ready for Spectre NG...
> 
> https://www.theinquirer.net/inquirer/news/3031765/spectre-ng-security-bods-uncover-eight-new-spectre-class-flaws-in-intel-cpus
> 
> ... coming to your security news feeds on Monday!

Greeeeaaat... but not like we didn't know more of these were coming.
The originals set off lightbulbs in a lot of people's heads.

There's a major problem with Intel's response to these bugs lately: the
patches are in part or in whole in firmware.  The article above
mentions firmware only.

Intel has made it clear that not all chips are equal when it comes to
firmware updates (let alone board chipsets).  The newest ones (think
2-3 years old max) get the fixes first.  Then the rest straggle along
weeks/months/years later.  Past a certain age, they just list as "no
fix", meaning you're SOL.  There's a chart from Intel somewhere.

Sucks for me because I keep putting off upgrading my main workstation
which is a C2Q, which is *just* beyond the era of CPU/board they are
providing fixes for.  Sure, most people don't have boxes that old, but
I'm sure many MUUGers have boxen that age or older doing hand-me-down
duty somewhere.  So, what's Intel doing for us?  Zip.  I smell a
lawsuit... a CPU isn't supposed to be a MS operating system that is
deemed "useless" (read: unpatched) one arbitrary day by the
manufacturer.  (Is it?)

Oh well, I'll upgrade once they address some of these bugs in CPU
hardware...


More information about the Roundtable mailing list