There’s a dangerous, fundamental flaw built into pretty much every computer on the planet — a flaw that could allow attackers to access even the most secure information on your computer. That flaw has existed for more than two decades. And we’re just finding out about it now.

On Wednesday, researchers announced a series of major security vulnerabilities in the microprocessors at the heart of the world‘s computers for the past 15 to 20 years.

Saudi Crown Prince Mohammed bin Salman is to travel to Paris to meet French President Emmanuel Macron at around the end of February or early March, Saudi Foreign Minister Adel al-Jubeir told French TV CNEWS.

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affects many modern processors and operating systems including Intel, AMD, and ARM.

Note This issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.

Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services. See below for more details.

Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years. In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services.

Wenn Geheimdienste sich eine Sicherheitslücke bei Computern wünschen dürften, dann würde sie so aussehen wie die, die Sicherheitsforscher nun entdeckt haben. Sie klafft nicht etwa in irgendeinem Programm oder einem Betriebssystem, betrifft nicht nur einen Hersteller. Sie sitzt dort, wo Herz und Hirn von Computern sitzen: Im Prozessor. Nahezu alle Intel-Prozessoren seit 1995, …

(20.4.2014) Facebook and Google seem very powerful, but they live about a week from total ruin all the time. They know the cost of leaving social networks individually is high, but en masse, becomes next to nothing. Windows could be replaced with something better written. The US government would fall to a general revolt in a matter of days. It wouldn’t take a total defection or a general revolt to change everything, because corporations and governments would rather bend to demands than die. These entities do everything they can get away with — but we’ve forgotten that we’re the ones that are letting them get away with things.

Computers don’t serve the needs of both privacy and coordination not because it’s somehow mathematically impossible. There are plenty of schemes that could federate or safely encrypt our data, plenty of ways we could regain privacy and make our computers work better by default. It isn’t happening now because we haven’t demanded that it should, not because no one is clever enough to make that happen.

So yes, the geeks and the executives and the agents and the military have fucked the world. But in the end, it’s the job of the people, working together, to unfuck it.

Main Core is the code name of an American governmental database that is believed to have been in existence since the 1980s. It is believed that Main Core is a federal database containing personal and financial data of millions of United States citizens[clarification needed] believed to be threats to national security.[1] The data which is believed to come from the NSA, FBI, CIA, and other sources,[1] is collected and stored without warrants or court orders.[1] The database‘s name derives from the fact that it contains „copies of the ‚main core‘ or essence of each item of intelligence information on Americans produced by the FBI and the other agencies of the U.S. intelligence community“.

(13.11.2013) In actual fact, unbeknownst to the user, almost every computer has multiple operating systems running at the same time, managing various different parts of the computer — and worryingly, these OSes are usually proprietary, closed-source, bug-ridden, and have extensive, low-level access to your data.

Take your smartphone, for instance.

(12.11.2013) The insecurity of baseband software is not by error; it‘s by design. The standards that govern how these baseband processors and radios work were designed in the ‘80s, ending up with a complicated codebase written in the ‘90s – complete with a ‘90s attitude towards security. For instance, there is barely any exploit mitigation, so exploits are free to run amok. What makes it even worse, is that every baseband processor inherently trusts whatever data it receives from a base station (e.g. in a cell tower).

(15.6.2016) The purpose of AMT is to provide a way to manage computers remotely (this is similar to an older system called „Intelligent Platform Management Interface“ or IPMI, but more powerful). To achieve this task, the ME is
capable of accessing any memory region without the main x86 CPU knowing about the existence of these accesses. It also runs a TCP/IP server on your network interface and packets entering and leaving your machine on certain ports bypass any firewall running on your system.

Die Schwachstellen sollen mehr als zwei Jahrzehnte zurückreichen und nicht nur Intel-Prozessoren betreffen.

Immerhin gibt es bislang keine Hinweise darauf, dass die Schwachstellen von Kriminellen ausgenutzt wurden …

I think somebody inside of Intel needs to really take a long hard look at their CPU‘s, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be written with „not all CPU‘s are crap“ in mind.

Or is Intel basically saying „we are committed to selling you shit forever and ever, and never fixing anything“?