Comments Locked

79 Comments

Back to Article

  • Arbie - Thursday, August 6, 2020 - link

    It would be quite a cheap shot to ask who wants Intel IP these days, so I won't.
  • shabby - Thursday, August 6, 2020 - link

    Tsmc wants that magical 10nm recipe 🤭
  • willis936 - Thursday, August 6, 2020 - link

    You should let Intel know when you find it.
  • FXi - Thursday, August 6, 2020 - link

    So does Intel so they'll be happy if you find what they could not.
  • Spunjji - Friday, August 7, 2020 - link

    😆
  • regsEx - Friday, August 7, 2020 - link

    TSMC might want Intel's 5 nm which is in development and would be a competitor to TSMC fake 1 nm.
  • close - Friday, August 7, 2020 - link

    So a nonexistent 5nm is better than a nonexistent 1nm. Solid. Is everything that came after Skylake "fake" because they're basically all 14nm Skylake parts?
  • Spunjji - Friday, August 7, 2020 - link

    Intel "5nm" would compete with TSMC "3nm", but do go off 😄
  • dotjaz - Friday, August 7, 2020 - link

    Bahahahahaha, Intel's 10nm is "in-production". Now we are talking 5nm. So realistic.
  • Zingam - Saturday, August 8, 2020 - link

    Huawei wantz it
  • gloppppp - Sunday, August 9, 2020 - link

    Bingo!!!!!
  • sonny73n - Tuesday, August 11, 2020 - link

    BS Zingam. Nobody wants that outdated 14nm from Intel. Huawei can produce 12nm on their own.
  • FXi - Thursday, August 6, 2020 - link

    You beat me to it. Steal the IP of a company so bad that every quarter's earnings release includes a "list" of delays to future products. Someone's going to sift through that trove and say "this is all garbage!" Seriously would anyone be shocked?
  • bhramastra - Thursday, August 6, 2020 - link

    Such low effort comments
  • bhramastra - Thursday, August 6, 2020 - link

    You are right, 6 year old Intel IP keeping up with latest AMD products. Who wouldn't want it.
  • loopery - Friday, August 7, 2020 - link

    You would think they'd have something else up their sleeves -- it's been 6 years after all -- but they don't, and that's the sad part ;)
  • DigitalFreak - Friday, August 7, 2020 - link

    But those marketing templates are gold!
  • Spunjji - Friday, August 7, 2020 - link

    That would be a better line they hadn't, you know, been *very obviously trying and failing* to release newer IP across their product range. 😏
  • dotjaz - Friday, August 7, 2020 - link

    They spent 6 years without improvement even going backwards to fix security issues after security issues. I bet everybody wants in those holes.
  • bhramastra - Friday, August 7, 2020 - link

    If you had paid attention, the bottleneck was clearly the 10nm process. They were not able to get the newest architectures as products (cannonlake, icelake, tigerlake). you can clearly see icelake ipc is much better than Zen2. They are not able to get the clocks in 10nm.
  • Chaitanya - Friday, August 7, 2020 - link

    Chinese would buy it.
  • danjw - Friday, August 7, 2020 - link

    Well for current products, just about any CPU company. Why not? See what the competition is up to.
  • dotjaz - Friday, August 7, 2020 - link

    YEARS AGO?
  • Zingam - Saturday, August 8, 2020 - link

    Iz Intel an American company or iz it an Israeli-Indian one?

    Oh, they were so proud by their Israeli division (MOSAD-approved) that developed these Core CPUs weren't they :)
  • Spunjji - Tuesday, August 11, 2020 - link

    Love too cross the boundaries from critique of Israel to antisemitic dog-whistles. No, Israel does not run Intel.
  • peevee - Tuesday, August 11, 2020 - link

    Not very secret IP if it has been shared with customers.
  • zamroni - Thursday, August 6, 2020 - link

    It seems the administrators forgot to install patches
  • ikjadoon - Thursday, August 6, 2020 - link

    >Otherwise, in a bit of situational irony, this leak is likely to cast doubt upon all future Intel leaks.

    A death knell for many a YouTube channel. Goodbye, AdSense payments...
  • alumine - Thursday, August 6, 2020 - link

    So...
    Did someone manage to get an intel on Intel's Intellectual property?
  • watzupken - Thursday, August 6, 2020 - link

    This breach may have a knock on impact on Intel's security going forward. With their procesors already suffering from serious security issues over the years, this is just going to compound on their security woes.
  • willis936 - Thursday, August 6, 2020 - link

    The first step they could take is to not use Intel123 to protect 20 years worth of encrypted archives.
  • PeachNCream - Friday, August 7, 2020 - link

    Bob Swan - "One, two, three, four, five? That's amazing! I've got the same password on my Resource and Design Center!"
  • DigitalFreak - Friday, August 7, 2020 - link

    I heard it was AMDsucks
  • FXi - Thursday, August 6, 2020 - link

    Rats I thought the pw was "alltheLakes"
  • tygrus - Thursday, August 6, 2020 - link

    New slogan "Intel outside"
  • brucethemoose - Thursday, August 6, 2020 - link

    I hate to say it, but this is great for PC hardware news outlets, even those that generally avoid rumors like Anandtech. Analysis, ramifications and further leaks will drip out for months.
  • yeeeeman - Friday, August 7, 2020 - link

    This is not even a rumour. You can go and browse the files yourself, you have even tigerlake related files.
  • nandnandnand - Friday, August 7, 2020 - link

    How detailed are the "roadmaps"? Those alone could be very interesting, and Intel is already publicly talking about 1.4nm in 2029.
  • Nozuka - Friday, August 7, 2020 - link

    Ooopsie. Wouldn't it be ironic, if something like Spectre/Meltdown was the cause of this breach.
  • timecop1818 - Friday, August 7, 2020 - link

    No, because it would take centuries to exfiltrate 20GB of data using currently available hypeclown exploits. I really wish the media would stop blowing this shit out of proportion and more importantly, I *REALLY* wish vendors would have an option to disable all these bullshit mitigations for impossible scenarios because it doesn't and never will affect normal single user computers.
  • brucethemoose - Friday, August 7, 2020 - link

    That is exactly how not to approach security. Leave a "impossible scenario" unpatched, and it'll show up in a long exploit chain somewhere in the future.
  • timecop1818 - Friday, August 7, 2020 - link

    Nobody cares about all the porn on your desktop. Not even yourself. Drop your tinfoil hat.
  • Carmen00 - Friday, August 7, 2020 - link

    Ahhhh, the old "hey, we're all friendly here! Nobody cares about your data so it's OK even if you get hacked!" routine.

    Have you ever been on the internet? Do you think it is such a friendly place? Then by all means, please disable all multi-factor authentication on your primary email account and drop your username & password here. AT comment-sections are probably one of the most friendly places on the internet, and hey, nobody is interested in your emails to your mom. You're perfectly safe, no need to wear a "tinfoil hat" here. You can show us all about it through your own example, big boy.
  • Spunjji - Friday, August 7, 2020 - link

    How dare you imply that timcarp182 is not a supergenius pragmatic expert in the cyber
  • Makaveli - Friday, August 7, 2020 - link

    lol Timcops1818 views are outdated and ridiculous thanks for the laugh.
  • Carmen00 - Friday, August 7, 2020 - link

    Sorry to say, but that's complete nonsense. Firstly, the Intel security mitigations are absolutely necessary for "single user computers" because modern "single user computers" happen to run software which comes from the internet and other sources. The issues break isolation at the hardware level, and you don't need to have a multi-user computer to have security-relevant isolation between processes.

    Secondly, nobody is going to exfiltrate data purely through attacks that target Intel's security issues - that would be grossly inefficient. Any attacker is going to use the Intel security issue to gain more access to the system, and once they have a sufficient level of access, they can use it to efficiently exfiltrate any amount of data that they'd like.
  • voicequal - Friday, August 7, 2020 - link

    It's probably good to have the mitigations available for front end systems, but there are many back end cases where performance would be preferable to the marginal increase in security.
  • timecop1818 - Saturday, August 8, 2020 - link

    Again, nobody cares. "happen to run software". Yeah, I know exactly what software is running and why. Nobody, and I mean absolutely NOBODY cares about your shitty desktop PC. But now you have to deal with retarded mitigations that make already lazily written shitty software even shittier.

    A "virus" in 2020 is a retarded .exe made with python2exe attached to email with a "omg click me to win 20,000,000 GBP", its pretty damn obvious what it's going to do if executed.

    > through attacks that target Intel's security issues - that would be grossly inefficient
    We all know this data was just some shit leftover in a file share. Also most of it is just useless rubbish anyway.

    It is 1000000000% easier to social engineer access, obtain physical access by breaking a window, obtain physical access by beating up a guy leaving some office and grabbing his keycard, etc.

    I bet you fucking run several copies of AV software which is why you need 32core AMD shitheap to compute, cuz 30 of them are busy scanning every fucking text file you open for "viruses".
  • Carmen00 - Monday, August 10, 2020 - link

    Since my doctorate is in the field of information security, I have to say that this made me laugh - and also cry a bit, because it is exactly this attitude that actively prevents OS vendors from allowing users full control over their machines. The classic case-in-point is Sasser, a worm for which the patch had been issued over 2 weeks earlier, but which many admins and ordinary users had decided not to apply (or not yet decided to apply - the effects were the same). The resulting carnage downed critical organizations for hours or days.

    Sasser does not stand alone, of course. Decades of experience have taught us that users strongly believe that they know enough about risk and infosec to make good choices, and also that they are most often grossly mistaken. We live in a world filled with zombie botnets because of this. Nor does more education rectify the problem: study after study shows that despite strong security messaging, many users will give up their passwords for something as trivial as a candy-bar. Users also fail to realize the subtlety of the risks that they are faced with on the internet, and this is why browser manufacturers have had to essentially create mini-OSes with sandboxing to keep users safe from their poor choices (and even then, users find ways to screw themselves over). Unless you have at least 2-4 years of deep experience with infosec, it's difficult to properly comprehend the modern risk landscape, and it's very easy to make poor decisions through ignorance alone. There are few users who will immerse themselves in the field to that extent, which means that it really is up to vendors, at a practical and pragmatic level.

    Your response joins a long line of arrogant user statements that claim, despite all observable facts, to know better than trained infosec professionals. Congratulations, I suppose? And please understand that you (and people like you) are the reason that we cannot have some very nice things, such as developer access to ring-0. You are the reason that OS vendors HAVE to apply Intel's mitigations whether you like them or not, because they simply cannot trust you to make reasonable and informed decisions.

    I fully understand that this response will not change your mind one whit and research shows that, if anything, you will become even more adamant that you are right. That's OK; I'm not writing it for you. I'm writing it for other people who may run across it because research also shows that if you don't have your ego on the line, you actually can learn a lot from the experts.

    I wish you the best of luck on the internet, timecop1818. You'll certainly need it.
  • K_Space - Tuesday, August 11, 2020 - link

    Thanks Carmen00; comments like these makes AT worth it... and timecop1818 for the laughs :P
  • Spunjji - Tuesday, August 11, 2020 - link

    Savage. Flawless victory and a genuinely useful response for other readers, too. Thanks Carmen00.
  • Spunjji - Tuesday, August 11, 2020 - link

    Cool cool. An assortment of slurs, grossly overstated pompous claims about security and then the creation of an elaborate strawman to beat on.

    If physical access is sO mUcH eAsIeR then why is my organisation under constant threat of IT attacks but hasn't had a break-in in years? 🤔
  • PeachNCream - Tuesday, August 11, 2020 - link

    "...retarded mitigations..."

    Isn't Intel responsible for writing the code for those mitigations? Does that not imply the problem in the performance decrease is caused by Intel? How does that fit into your view of the company and your loyalties if you despise it for poor performance? That seems conflict with your established brand loyalties.
  • ZoZo - Friday, August 7, 2020 - link

    You don't need to exfiltrate 20GB, only a few bytes for the password.
  • Spunjji - Friday, August 7, 2020 - link

    It's sweet that you think they would exfiltrate the data when, in reality, they would just exfiltrate information that gives them access to that data.

    It's almost like you have no real idea how any of this works! 🤔
  • peevee - Tuesday, August 11, 2020 - link

    All you need is getting the password out, just a few bytes.
  • brucethemoose - Friday, August 7, 2020 - link

    On the contrary, it looks like yet another public, unsecured server that someone stumbled upon.

    Misconfigured cloud instances are the gift that just keeps on giving.
  • Krysto - Monday, August 10, 2020 - link

    And it somehow only happens on Amazon's cloud.

    Wait, I think I'm seeing a pattern here...

    Defaults ALWAYS matter. If you, as a developer, expect 100% of your users to NOT be idiots (and understand all of the complexities of your solution), then YOU are the bigger idiot. UX 101.
  • Lord of the Bored - Friday, August 7, 2020 - link

    I petition to rename this article
    "Intel's Chief of Cybersecurity and the Terrible, Horrible, No-Good, Very Bad Day."
  • FakThisShttyGame - Friday, August 7, 2020 - link

    Is it only me that it’s kind of coincide with their recent management changes
  • Valantar - Friday, August 7, 2020 - link

    It would be downright hilarious if this was posted by a pissed-off executive after getting the boot. Though I sincerely doubt that to be the case.
  • willis936 - Friday, August 7, 2020 - link

    The problem is nobody who deserves the boot is getting it. Everyone who has recently left will happily make a successful living elsewhere. The rats are steering the ship.
  • PeachNCream - Friday, August 7, 2020 - link

    In all fairness, they are letting Murthy Renduchintala go.
  • Spunjji - Friday, August 7, 2020 - link

    Even if the rats left, they'd still happily make a living elsewhere. That's the Joy of Corporatism!
  • Luminar - Friday, August 7, 2020 - link

    Okay, let's just switch from corporatism to communism.
  • Oxford Guy - Friday, August 7, 2020 - link

    Switch? It’s the same thing with different labeling.
  • Spunjji - Tuesday, August 11, 2020 - link

    State capitalism a-la Soviet Russia / China is not equal to communism, but tbh I don't really care, because I don't see how to produce the latter without it degenerating into the former and - more crucially - this was just a comment on how the imperviousness of executives really sucks.
  • Spunjji - Tuesday, August 11, 2020 - link

    Did we all collectively time-travel back to the 1950s? Why is is that the most popular response to pointing out manifest issues with our current variant of global capitalism is, once again, "but muh communism"?

    I'm not a communist, but you seem like a jackass.
  • eastcoast_pete - Friday, August 7, 2020 - link

    Do the data include Intel's real supply situation and fab availability? Or information on what went wrong and is still going wrong with their 10 nm and 7 nm process? That would be interesting to know!
  • peevee - Tuesday, August 11, 2020 - link

    Extremely interesting!

    Somebody has 20GB of reading to do.
  • Oxford Guy - Friday, August 7, 2020 - link

    So, unlike Assange, this Kottmann isn’t going to be put into a glass cage in a courtroom after being put on house arrest for how many years in a random embassy?
  • Oxford Guy - Friday, August 7, 2020 - link

    And Greenwald is apparently sitting on 95% of the Snowden archive while claiming that the only people interested in its contents are lunatic fringe. I’m not seeing much symmetry between these three examples.
  • Spunjji - Tuesday, August 11, 2020 - link

    🙄
  • yeeeeman - Monday, August 10, 2020 - link

    WHERE IS THE QUALCOMM VULNERABILITY NEWS?
    When Intel has the tiniest vulnerability, the press is booming. In 5 minutes every single hardware outlet is putting that news up front, first page, boom.
    When new vulnerabilities that affect ARM, AMD, IBM CPUs also appear, nothing. Absolutely nothing.
    I guess that is not interesting enough for you.
    Shame on you.
  • Spunjji - Tuesday, August 11, 2020 - link

    I'm seeing news about it all over the place - mostly mainstream news sites rather than tech, though.
  • PeachNCream - Tuesday, August 11, 2020 - link

    It is interesting that Anandtech does not report on major vulnerabilities. Ripple20, for instance, never made it on AT's radar and the Qualcomm matter appears as though it too will slip past them.

    To be fair, Anandtech is not an information security site and does not have the staffing or expertise to understand cybersecurity at more than a superficial level so perhaps that is best left to those with more specialized experience and AT should continue to republish press releases covering gaming motherboards, video cards, and the most recent new goo-gaw phone without regard for information security.
  • DigitalFreak - Monday, August 10, 2020 - link

    Probably more people interested in it to find exploits than to steal their 14nm++++++++++++++++++++++ secrets.
  • M O B - Tuesday, August 11, 2020 - link

    Perhaps a security researcher finally got tired of Intel lying about existing vulnerabilities and that dump includes proof of various half fixes.

Log in

Don't have an account? Sign up now