Intel warned Chinese companies about CPU vulnerabilities before US government

By William Gayde
Jan 29, 2018
Post New Reply
  1. Disclosing a security flaw is a very tricky process since whoever receives the details first may have the opportunity to cause harm to those that don't yet know about it. With the discovery of the massive Spectre and Meltdown vulnerabilities, Intel was faced with the challenge of who to tell and when.

    They have been drawing criticism recently for their decision to tell Chinese companies including Alibaba and Lenovo before alerting the US government. No evidence has been discovered yet that the details fell into the hands of the Chinese government but many in the security community are still concerned.

    The flaws were discovered in June by Google's Project Zero security research team. Intel had planned on making the information public on January 9 but news of the flaws leaked before developers finished writing their patches.

    In an interview with The Wall Street Journal, security researcher Jake Williams called it a "near certainty" that the Chinese government knew of the flaws before they were made public. Authorities in Beijing routinely monitor such communications although their foreign ministry maintains they are "resolutely opposed" to hacking.

    Companies in this situation have the difficult decision of telling a small group of people to limit leaks or warning a larger group to help them develop fixes. The first option may not allow proper protections to be put in place in time while the second route increases the chance of the information falling into the wrong hands.

    Permalink to story.

     
  2. Uncle Al

    Uncle Al TS Evangelist Posts: 4,087   +2,581

    "In an interview with The Wall Street Journal, security researcher Jake Williams called it a "near certainty" that the Chinese government knew of the flaws before they were made public. Authorities in Beijing routinely monitor such communications although their foreign ministry maintains they are "resolutely opposed" to hacking."

    I would think that the Justice Department would/should be looking into this one very seriously, particularly since so many DOD computers use the Intel chips ..... Might be time for a serious change of management followed by a Federal level investigation ......
     
  3. MaverickScot

    MaverickScot TS Rookie Posts: 16

    "Intel had planned on making the information public on January 9 but news of the flaws leaked before developers finished writing their patches."

    If this is true where are the patches that were almost completed?
     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...