Congress Has Questions About Meltdown and Spectre

[rgMekanic]

Congress has some questions about Meltdown and Spectre, and they are calling out those involved. Members of the Committee on Energy and Commerce have drafted letters to the heads of several companies involved in the security flaw. The companies whose CEO's received letters are; Apple, Amazon, AMD, ARM, Google, Intel, and Microsoft

There are some serious questions in these letter, and I am very much looking forward to hearing the response that these companies have to them. The first question in particular "Why was an information embargo related to the Meltdown and Spectre vulnerabilities imposed?" is particularly good. Big thanks to thesmokingman for the story.

As more products and services become connected, no one company, or even one sector working in isolation can provide sufficient protection for their products and users. Today, effective responses require extensive collaboration not only between individual companies, but also across sectors traditionally siloed from one another. This reality raises serious questions about not just the embargo imposed on information regarding the Meltdown and Spectre vulnerabilities, but on embargos regarding cybersecurity vulnerabilities in general.

 

[Gigus Fire]

Great. Stupid people who don't understand technology getting involved.
They really should be asking why the Chinese government was notified before the US government.

 

[sfsuphysics]

So they're basically asking questions to know if all their secret emails will soon get "hacked" and spread to the public a'la Hillary.

 

[Putz]

Great. Stupid people who don't understand technology getting involved.
They really should be asking why the Chinese government was notified before the US government.

probably because the stuff is made in China, and the USA isnt the center of the universe

 

[Nolan7689]

Amazon?

 

[Spidey329]

I really hope Apple doubles down here and replies with "What's a computer?"

Amazon?

One part of me wants to think it has something to do with AWS and the embargo, since their data centers would be massively impacted.

The realist part of me thinks that it was likely just the senators picking "tech companies" they've heard of. I'm surprised Netflix isn't listed for this very reason.

The first question in particular "Why was an information embargo related to the Meltdown and Spectre vulnerabilities imposed?" is particularly good.

The information embargo existed to prevent the exploit from being utilized before the major tech companies could formulate a plan of action / patches. Same reason Google didn't publicly disclose it and went directly to the chip manufacturers with the info (e.g. a deadline is given for them to react).

The issue is that it came out that Intel met with Chinese tech companies (which likely made it to the Chinese govt.) before - allegedly - meeting with US sources.

Hence why Congress is taking an interest.

 

[Spaceninja]

lol these morons. They can't even be bothered to read a bill before they pass it or hate on it. What makes them think they can understand why any of this was done?

 

[Spidey329]

lol these morons. They can't even be bothered to read a bill before they pass it or hate on it. What makes them think they can understand why any of this was done?

We should make a Congress app where it just shows a picture of the bill's text, a brief description, and the sponsor .. they can swipe left or right. It'd probably work just about as well as they do now. We could call it Legislatr.

 

[Spaceninja]

We should make a Congress app where it just shows a picture of the bill's text, a brief description, and the sponsor .. they can swipe left or right. It'd probably work just about as well as they do now. We could call it Legislatr.

They would probably hire some company to do it. Would take 10 years, be 4 billion over budget and have more bugs than a city dump.

 

[thesmokingman]

I really hope Apple doubles down here and replies with "Yore doing it wrong?"

Fixed.

 

[jnemesh]

The biggest question asked should be why Intel notified a HOSTILE GOVERNMENT (China) ahead of customers in the US!

 

[Gigus Fire]

probably because the stuff is made in China, and the USA isnt the center of the universe

Intel is an American Company? Lets go with that.

 

[viper1152012]

It's time to renew, RENEW!





Logan's run anyone?

 

[insano70]

Can someone help me understand why I keep hearing people complain about the information embargo? This is seems extremely obvious and clear why this was done. Is the online rage just typically whining after the fact, or is there some actual reason it would have been better to publish this many months before any mitigations were close to being ready? Do people think that other exploits always published the second anyone finds them? I know some are but I also know many are not. I don't know why we would want this information published immediately.

 

[thesmokingman]

Can someone help me understand why I keep hearing people complain about the information embargo? This is seems extremely obvious and clear why this was done. Is the online rage just typically whining after the fact, or is there some actual reason it would have been better to publish this many months before any mitigations were close to being ready? Do people think that other exploits always published the second anyone finds them? I know some are but I also know many are not. I don't know why we would want this information published immediately.

There's many reasons to not have one. The embargo did jack all for the patches, in fact making things worse. Intel profited from the embargo selling a jack load of chips that would later be worth not as much, ho ho they pulled a fast one on everyone yea. Ya think? Now if you want a Meltdown proof cpu from Intel, you can BUY a NEW ONE in a few months. Hello? Do you feel salty yet about that? And oh yea, who else did they notify before their own effin government?

 

[tetris42]

Anyone want to take bets if someone in Congress asks if this is the same Spectre from James Bond?

 

[Deleted member 83233]

Anyone want to take bets if someone in Congress asks if this is the same Spectre from James Bond?

I've seen this somewhere before. Was this one of our programs?

No sir, it was in a Bond movie.

 

[-PK-]

The biggest question asked should be why Intel notified a HOSTILE GOVERNMENT (China) ahead of customers in the US!

They didn't. They notified big tech companies. The clickbait is that the Chinese government could read those emails if they wanted to.

There's many reasons to not have one. The embargo did jack all for the patches, in fact making things worse. Intel profited from the embargo selling a jack load of chips that would later be worth not as much, ho ho they pulled a fast one on everyone yea. Ya think? Now if you want a Meltdown proof cpu from Intel, you can BUY a NEW ONE in a few months. Hello? Do you feel salty yet about that? And oh yea, who else did they notify before their own effin government?

The next cpus will have the same patches applied as current cpus. PR will spin this is as being hack proof. It's more accurate to say resistant, but resistant doesn't sell cpus.

 

[defaultluser]

There's many reasons to not have one. The embargo did jack all for the patches, in fact making things worse. Intel profited from the embargo selling a jack load of chips that would later be worth not as much, ho ho they pulled a fast one on everyone yea. Ya think? Now if you want a Meltdown proof cpu from Intel, you can BUY a NEW ONE in a few months. Hello? Do you feel salty yet about that? And oh yea, who else did they notify before their own effin government?

Yeah, compared to a pure software vulnerability, this was a massive hole to plug. Pretending it did not exist for six months just made things worse. It also made the testing base for the patches pointlessly tiny, and encouraged bugs.

I'm just pissed we're still not getting official Haswell firmware updates, even though the Haswell Refresh and z97 motherboards are less than 4 years old at time of introduction. Even though they were not replaced in retail by Skylake until August 2015, and Skylake was not available in quantity until 6 months later. There are many people who still have Haswell Refresh CPUs covered under Intel warranty.

It's a complete clusterfuck.

 

[DesertCat]

I can see the questions now, "How does spectre affect the series of tubes that is the internet? If I see ghosting on my monitor, does that mean I've been infected? Is this a friendly ghost (Casper) or an unfriendly ghost (poltergeist)? Can we simply have a priest conduct an exorcism on Intel chips?"

 

[Nanogrip]

"This Meltdown and Spectre... are they working with this hacker 4chan?"

 

[Twisted Kidney]

CHINA - CHINA - CHINA - CHINA - CHINA

The regime has chosen our mortal enemy, Morocco will be CRUSHED!

 

[Snowdensjacket]

I'm surprised they aren't blaming Russia.

 

[Elf_Boy]

What really shocks me is how resistant to learning even the basic facts of technology our elected government can be.

It's a big petulant (and pestilent for the matter) you can't make me I'm a senator for God's sake.

The willful and deliberate (incompetent even) ignorance is very, very, sad.

 

[Maxx]

probably because the stuff is made in China

Yes, because Intel fabricates mostly in China. And assembles there and tests there. No, wait...

 

[Twisted Kidney]

What really shocks me is how resistant to learning even the basic facts of technology our elected government can be.

It's a big petulant (and pestilent for the matter) you can't make me I'm a senator for God's sake.

The willful and deliberate (incompetent even) ignorance is very, very, sad.

But they get to sit on their fat asses in front of a camera and act all tough and super serious. Grandstanding is what this shit is all about.

 

[viper1152012]

(Congress)"my grandson informed me you have been exploited with backdoors and that I should ask you to fix your back doors so you don't leak our secrets, however we were informed by tweety that you may have told China about our leaky backdoors so they could take advantage of us.. It that about right?"
(Intel rep)*dying on the inside from laughter* " we have a patch for your backdoor..*snicker* .. And your secrets are safe with us..... *literally dies*

 

[lostin3d]

Congress Has Questions About. . . .

Pretty sure every side of the fence has questions about congress.

 

[katanaD]

I'm surprised they aren't blaming Russia.

its still early, give them time...

 

[Elf_Boy]

its still early, give them time...

How do you know they are not? Have not? Wont?

Everyone knows Chinese are better at tech... so we all know it was China anyways (Sarcasm).

We know it was corporate America white washed yes men.

 

[cjcox]

I heard the family of former Senator Arlen Specter plans to sue over this.

"We really need to preserve the separation of Congress and technology."

 

[Chupachup]

Let's be honest here. They really want to know if their porn viewing habits might compromise their computers and if that might compromise them. OMG! I used the word "compromise" twice in describing something about Congress. The last place that word is ever used nowadays!

 

[tetris42]

Let's be honest here. They really want to know if their porn viewing habits might compromise their computers and if that might compromise them. OMG! I used the word "compromise" twice in describing something about Congress. The last place that word is ever used nowadays!

Yeah, "compromised" is the more appropriate term when talking about Congress.

 

[jnemesh]

Intel is an American Company? Lets go with that.

So, what's your point here? Mine is that they disclosed a MAJOR vulnerability, which could be used by State agents to hack into American systems, and Americans wouldnt even know they were vulnerable until Intel told them!

 

[thesmokingman]

So, what's your point here? Mine is that they disclosed a MAJOR vulnerability, which could be used by State agents to hack into American systems, and Americans wouldnt even know they were vulnerable until Intel told them!

??

They were notified about the flaw by Google's team. Then an embargo was initiated. Why was that? And then they notified China, instead of the US. Why? That's what they are asking. Why the fuck are you defending them notifying China first?

 

[Gigus Fire]

So, what's your point here? Mine is that they disclosed a MAJOR vulnerability, which could be used by State agents to hack into American systems, and Americans wouldnt even know they were vulnerable until Intel told them!

Look, if it was done on the same day, the order doesn't matter. When it's done a week later, there's a definite problem. I get it, both sides are susceptible to attacks from the other side, but when you delay notification for a week, there's a huge problem. Believe it or not, American companies need to follow American laws and have American interests in their minds when they do things on an international scale.