Signals intelligence is believed to have been birthed in 1904. But exploiting hardware isn't new. For military, police, or criminal intentions.
You work at Intel Mark? Lol > On Jan 11, 2018, at 9:11 AM, Mark Phillips <[email protected]> wrote: > > There is no conspiracy here. 23 years ago no one thought about attack vectors > and how to take over machines. It is only recently that we are all sensitized > to this problem. Even though the tech world is sensitized to the nature of > exploits, companies still ship brand new products (e.g. Nest, cars, etc.) > that can be exploited by almost anyone. It was only recently that router and > switch companies stopped using admin and admin as login credentials! > > Your argument that these new CPU exploits are a government conspiracy can be > applied to any potential exploit discovered today in a piece of code written > yesterday. > > Mark > >> On Thu, Jan 11, 2018 at 9:02 AM, Carruth, Rusty <[email protected]> >> wrote: >> As mentioned earlier, I've done my share of ... um, looking for flaws in >> design of operating systems back when I was in college. (What, 1976?) >> >> We discovered some bad flaws in the design of the <redacted>. How long had >> the Univac been around? I don't know, but a while. Unless someone with WAY >> too much time on their hands is actively seeking ways around stuff, there's >> only so much 'bug' you can find. (and, actually, you really need more than >> one person involved (partially so someone can ask the 'right' stupid >> question :-)) >> >> Doesn't take malice or sloppiness, and I will say being a publicly-traded >> company makes it very hard to spend the time required to even start on the >> hacking required (Being publically-traded makes your owner effectively >> insane, since your owner is actually many people, all with different and >> often diametrically opposing goals for the company). >> >> Anyway, tell you what - go read the Intel hardware docs and see if you can >> find the info needed to put together to see the bug. And this with prior >> knowledge of where to look. >> >> I will say that this doesn't excuse much, but realize that being a public >> company drives you insane ;-) >> >> Rusty >> >> -----Original Message----- >> From: PLUG-discuss [mailto:[email protected]] On >> Behalf Of [email protected] >> Sent: Thursday, January 11, 2018 8:42 AM >> To: Main PLUG discussion list >> Subject: Re: Post : INTEL’S SECURITY FLAW IS NO FLAW >> >> ... >> >> I've read these issues may have persisted as far back as 1995. How does >> that happen? How does an army of engineers miss this for 23 years? How >> do you explain that? >> >> That means lots of people came and went. There should have been lots of >> QA... for 23 years. >> >> How does this happen? Only two ways I can see 1) sloppy work, or 2) >> intentionally. >> >> --------------------------------------------------- >> PLUG-discuss mailing list - [email protected] >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - [email protected] > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
--------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
