It’s Operating As Designed (ROFL!)


by Karl Denninger, Market Ticker:

Intel’s “big dude” was just on CNBC with a dog and pony show and a host asking questions who obviously doesn’t know what the hell he’s talking about.

CNBC’s people should all be fired.  Not bringing someone in to ask questions who actually understands what is going on here is criminally stupid — but this is exactly what you’d expect from a channel that has as it’s highest calling protecting the stock price of various firms.

Including Intel, I might add.

Let me make this clear:

Anyone who believes that a processor is “operating exactly as designed” when through any combination of unprivileged operations it allows access to data in a higher-privileged ring or one of equivalent privilege but not under the same guest instance, no matter how it happens, is a flat-out liar and in the context of a public company should be indicted NOW for making knowingly-false statements in relationship to their firm and its value.

To claim that this is not a “bug” or “flaw” is equally outrageous; this certainly was not documented or expected behavior by anyone.  That is the very definition of a bug.

The entire premise of privilege “rings” on a CPU is to allow the partitioning of said CPU so that certain data can only be accessed or modified through a series of known, documented and permitted operations.  Said operations then can implement whatever gating functions are appropriate and thus prohibit someone from extracting or changing privileged data without permission — whether that extraction be from the supervisory code running with said privilege or from another “guest” running at a similar privilege to the item doing the extracting.

If you can get access to any such data via any other means then the entire premise on which the CPU’s security model rests is void.   As just one example of how ugly this can get if I can steal arbitrary data from the running (“ring 0”) hypervisor that means I can steal a password hash used to access same or the allegedly-secure private key.  Having done so I can then take all the time in the world to crack that hash offline or simply use said private key and now I’m able to sign into the hypervisor and steal all of the data and software from all of the guest instances on that physical piece of hardware, including any encryption keys that are in use and there is exactly no way for the victim guest(s) to know that it happened.

If you sell someone a product that represents it has such a security model and it can be breached in this fashion, and such person(s) bought that product believing that the security model actually works when it does not it is my contention you have committed fraud and are liable not only for the price of the CPU but also all the consequential damages that, in this case, include the cost of replacement motherboards and system RAM since newer-generation chips without said flaw will not work in the older boards and with older memory designs.

That there are “workarounds” that come with outrageously high performance penalties — in this case it’s being discussed that they may be as much as 50% or more does not change any of this.  You didn’t sell said processors disclosing that said “workarounds” were necessary and if you did you might not have sold any of said processors because at the degraded performance level they are likely worthless in the market when compared against others made by competitors.

Intel should be forced to buy back all of the impacted CPUs and the boards and RAM they run with at their original invoiced price, or to replace impacted system boards including the CPU, board itself and RAM with non-defective units of at least equivalent performance since newer CPUs will not socket into the existing boards — and that assumes the chip is not soldered in place as is the case with some newer laptops, in which case the entire machine needs to be replaced.

Read More @