You know, he's not wrong. This is, in impact, way bigger than Intel's FDIV fiasco and that ended up in recalls.
No it's not. It is more wide spread but it certainly isn't bigger.
- The FDIV scenario could cause a wrong result from a processor. This can merely cause a security breach. - Security can be layered and worked around. A calculator that produces the wrong answer checked by a calculator with the same fault can not work around itself. - This fiasco relies on a targeted attack on a specific user. The FDIV bug is something a user would hit at random (and according to a citation needed quote on Wikipedia would do so
The impact of FDIV was a floating point precision error after the fourth digit on 1 in 9 billion divides. Meltdown is a bug allowing unauthorized code to read all protected memory available on all Intel CPUs manufactured over the last ~2 decades.
I did. A security vulnerability on such a low layer is not serious unless I have very serious failures on every other layer. This bug isn't wormable, MITMable, and requires someone to have a serious grudge directly against a person to do something useful. This is NSA out to get you level of bug and that makes it far less severe than script kiddies bugs, or bugs that rely on monetary extortion.
"I want repaired processors for free" (Score:5, Insightful)
You know, he's not wrong. This is, in impact, way bigger than Intel's FDIV fiasco and that ended up in recalls.
Re: (Score:2)
You know, he's not wrong. This is, in impact, way bigger than Intel's FDIV fiasco and that ended up in recalls.
No it's not. It is more wide spread but it certainly isn't bigger.
- The FDIV scenario could cause a wrong result from a processor. This can merely cause a security breach.
- Security can be layered and worked around. A calculator that produces the wrong answer checked by a calculator with the same fault can not work around itself.
- This fiasco relies on a targeted attack on a specific user. The FDIV bug is something a user would hit at random (and according to a citation needed quote on Wikipedia would do so
Re: (Score:2)
The impact of FDIV was a floating point precision error after the fourth digit on 1 in 9 billion divides. Meltdown is a bug allowing unauthorized code to read all protected memory available on all Intel CPUs manufactured over the last ~2 decades.
Gauge their seriousness as you wish.
Re:"I want repaired processors for free" (Score:2)
Gauge their seriousness as you wish.
I did. A security vulnerability on such a low layer is not serious unless I have very serious failures on every other layer. This bug isn't wormable, MITMable, and requires someone to have a serious grudge directly against a person to do something useful. This is NSA out to get you level of bug and that makes it far less severe than script kiddies bugs, or bugs that rely on monetary extortion.