Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Intel Security China Communications Government Privacy United States

Intel Told Chinese Firms of Meltdown Flaws Before the US Government (engadget.com) 134

According to The Wall Street Journal, Intel initially told a handful of customers about the Meltdown and Spectre vulnerabilities, including Chinese tech companies like Alibaba and Lenovo, before the U.S. government. As a result, the Chinese government could have theoretically exploited the holes to intercept data before patches were available. Engadget reports: An Intel spokesman wouldn't detail who the company had informed, but said that the company couldn't notify everyone (including U.S. officials) in time because Meltdown and Spectre had been revealed early. Lenovo said the information was protected by a non-disclosure agreement. Alibaba has suggested that any accusations of sharing info with the Chinese government was "speculative and baseless," but this doesn't rule out officials intercepting details without Alibaba's knowledge. There's no immediate evidence to suggest that China has taken advantage of the flaws, but that's not the point -- it's that the U.S. government could have helped coordinate disclosures to ensure that enough companies had fixes in place.
This discussion has been archived. No new comments can be posted.

Intel Told Chinese Firms of Meltdown Flaws Before the US Government

Comments Filter:
  • by Joe_Dragon ( 2206452 ) on Monday January 29, 2018 @08:16AM (#56025769)

    Intel needs there cheap labor to crush AMD by volume

    • Intel needs there cheap labor to crush AMD by volume

      Nice theory but it lacks any basis in reality. Intel is literally over 10X the size of AMD by revenue (~$60B versus ~$5B) and AMD is in no danger of catching up to Intel any time soon. Furthermore most of Intel's manufacturing sites [wikipedia.org] are in the US. They have precisely ONE chip fab in China versus NINE in the US. Approximately 75% of Intel's chip fabrication occurs in the US.

      People tend to think of AMD as a close competitor but they aren't. Intel spends over double AMD's total revenue on R&D alone (~

      • by Anonymous Coward on Monday January 29, 2018 @09:03AM (#56026021)

        Intel simply has an insurmountable cost advantage over AMD.

        Time and time again we've heard this argument that some incumbent has an "insurmountable advantage". Then what happens? Some competitor comes along and crushes the incumbent!

        Web browsers are a good example of this. Netscape had huge market share for a few years. Then IE came along and rather quickly the tables had turned. IE became the dominant browser for a number of years. Then all of a sudden Phoenix/Firebird/Firefox comes along, and it takes a huge chunk out of IE. Of course, Mozilla didn't listen to its users and started making unwanted changes to Firefox, so Chrome came along and utterly destroyed both Firefox and IE. Now Chrome is the dominant browser by a huge margin.

        Linux is another example of this effect in progress. Linux managed to see a lot of server and embedded use, and even a small amount of desktop use. But we've seen things like systemd ruin Linux's reliability in server environments, causing users to move to more reliable OSes like FreeBSD and OpenBSD. Linux has failed to provide a good desktop environment, so we see users using macOS or Windows instead. Linux is even failing in the embedded arena, with many users now choosing the better-licensed NetBSD, or the more reliable QNX, or even creating their own embedded OSes, like Google appears to be doing with Fuchsia [wikipedia.org]. It's looking more and more likely that Linux, despite seeing significant use, will become a dead/irrelevant OS much like Windows XP now is.

        An "insurmountable advantage" is often not insurmountable at all.

        • by Anonymous Coward

          Linux managed to see a lot of server and embedded use, and even a small amount of desktop use. But we've seen things like systemd ruin Linux's reliability in server environments, causing users to move to more reliable OSes like FreeBSD and OpenBSD.

          How many (real business, not home toy) servers have been switched to *BSD from Linux because of systemd?

          I suspect the answer is that you have precisely zero evidence of any such thing happening.

          Meanwhile, back in the real world, Red Hat goes from strength to stren

        • by mbkennel ( 97636 )
          "Time and time again we've heard this argument that some incumbent has an "insurmountable advantage". Then what happens? Some competitor comes along and crushes the incumbent!

          Web browsers are a good example of this. Netscape had huge market share for a few years. Then IE came along and rather quickly the tables had turned."

          That's a foolishly incommensurate example.

          Changing market share in browsers doesn't cost multiple times billions of dollars in physical fabrication. The marginal cost to replicate either
        • Time and time again we've heard this argument that some incumbent has an "insurmountable advantage". Then what happens? Some competitor comes along and crushes the incumbent!

          AMD has had over 30 years to "crush" Intel and hasn't been able to get it done. Not a lot of reason to believe they are going to suddenly succeed after decades of playing a (distant) second fiddle. While it's not impossible that AMD invents something miraculous that Intel cannot match, it is deeply improbable. And while they would risk anti-trust litigation, Intel could put AMD out of the CPU business in very short order if they were given a free hand to do so. They could simply lower costs to below AMD

        • The above argument is valid in software, where the only assets that a company has is its IP. It's not true for semiconductor companies where their manufacturing capabilities and other advantages do matter.

          While theoretically, it's conceivable that a semiconductor company could surface that makes Intel completely irrelevant, it's inconceivable that that company could be AMD. AMD had some opportunities in the early 2000s - the best one when they acquired the DEC Alpha design team and produced the K7 and i

      • by TheRaven64 ( 641858 ) on Monday January 29, 2018 @09:06AM (#56026033) Journal

        Intel is literally over 10X the size of AMD by revenue

        That's slightly misleading, because it assumes that all of Intel is competing with all of AMD. They have some competing business units, but they are not entirely direct competitors. For example, Intel has a huge network business unit (NICs, ICs for switches) and a large storage division, one of the two largest FPGA manufacturers, and it owns its own fabs. AMD no longer owns its own fabs, so doesn't require the same economise of scale to get the cost per wafer down (the fabs that make AMD chips also make chips for a load of other companies, so can benefit from large economies of scale).

        Just because Intel is ten times the size doesn't mean that Intel's x86 chips are getting ten times (or even double) the investment that AMDs are.

        People tend to think of AMD as a close competitor but they aren't. Intel spends over double AMD's total revenue on R&D alone

        The vast majority of that is on process technology, which is no longer a business that AMD is in (and where the returns have been very low for the past 5 years).

        • That's slightly misleading, because it assumes that all of Intel is competing with all of AMD. They have some competing business units, but they are not entirely direct competitors.

          I don't think it is misleading at all. You are correct that it's not 100% apples to apples but let's not pretend that a vast amount of AMDs revenue isn't directly competitive with Intel.

          AMD no longer owns its own fabs, so doesn't require the same economise of scale to get the cost per wafer down

          Incorrect. AMD doesn't get to escape those costs by outsourcing. While it may be cheaper than they could accomplish on their own (AMD is likely too small to achieve minimum efficient scale) it doesn't mean they can achieve cost parity with Intel and in fact you can tell they haven't by reading their financial statements.

          • AMD doesn't get to escape those costs by outsourcing

            AMD doesn't escape them, but they get to share them. The cost of developing a new process tech is huge (on the order of $10bn+). If you're selling ten million chips, then that's $1,000 per chip. You need to get a good hundred million chips out of the fabs before they start to bring the cost per chip down low enough that you can sell them. Even adding a 20% profit margin on for Global Foundaries and others, AMD benefits far more from having to pay less than 40% of the total R&D costs than they lose f

            • AMD doesn't escape them, but they get to share them.

              Sharing them only helps if your competition cannot fully utilize their own production capacity. That is not the case here. Intel has substantial production capacity which they (so far) are able to utilize efficiently and don't have to pay any margin leakage. Furthermore there are substantial advantages to be had from being vertically integrated. Any time you rely on a third party to produce something there are a host of frictional problems that add costs. Sometimes these are worth dealing with but the

    • At least when I worked for them, they did not do much work in China, and what work was done required some pretty significant security. They were definitely not equal partners. Meanwhile the "labor" was on US soil or in Malaysia.

      Telling Lenovo about a security hole isn't entirely surprising, they are a good high-volume consumer of Intel products. I would probably notify Lenovo, HP, Dell at the same time. Alibaba is a little more confusing, combined with the knowledge that telling a Chinese corporation anyth

    • Did you find a way to mod-up this meaningless drivel yourself??
    • Intel needs there cheap labor to crush AMD by volume

      Intel needs AMD to prevent it being hit by anti trust legislation. A minnow competitor is enough to keep that at bay.

    • Intel needs there cheap labor to crush AMD by volume

      Intel has stagnated, and lost the imagination to innovate. Further, it has a stagnant bureaucracy following the rule "We do it this way because we always did it this way".

      Dumping employees is a cost cutting exercise, but not a creativity exercise. AMD had to fight to stay alive and to develop a superb set of products. Now you, "Intel" have to look at AMD and their management structure, and how they get things done, done right.

    • Or Intel genuinely hates Trump, as he gave them a tough time over their offshoring practices, and the Charlottesville incident last year gave Brian Krzanich the pretext to quit the presidential economic advisor's council. So Intel chose to give Beijing the first heads up before DC
  • If you are BASED in the US and hold GOVERNMENT CONTRACTS, then the Chinese (STILL a US ENEMY) should be the LAST to be informed of Exploits. This was a ridiculous, and a DANGEROUS misstep on Intel's Part. They need to "FEEL" This mistake Monetarily.
    • by AvitarX ( 172628 ) <me&brandywinehundred,org> on Monday January 29, 2018 @08:23AM (#56025817) Journal

      How is China a US enemy?

      • Re: (Score:2, Funny)

        by Anonymous Coward
        I think he miss-spelled 'supplier'
      • Chine is, and has been for a VERY LONG TIME, a US Enemy. They CERTAINLY are not listed among US Allies. Considering their Human Rights Abuse Track Record, its also a perfectly valid position.
      • How is China a US enemy?

        They are a "communist" dictatorship. The "communist" is very sketchy, but the dictatorship is real.

        The fact that they are a good trade partner has helped us avoid a war, cold or otherwise. But they're definitely an enemy, and we should be very concerned about them. Their economy has gone through a rapid expansion but is cooling off, but their living conditions and government has not changed much. This is likely going to cause us problems down the road as they struggle to keep the p

        • but their living conditions and government has not changed much.

          Uhm, what? If there is a country on Earth where people have experienced a DRASTIC improvement of their "living conditions" (I assume that by this you mostly mean the standard of living) over the past few decades, then it's China. Few places in the world have seen the improvement China has. This is the main reason why their government has not changed - people see their lives improving steadily, so they do not feel it is necessary to change.

      • by DarkOx ( 621550 )

        I personally find that people who see a "grey" everywhere are mostly cowards who are afraid to stand up, say, do, what is right etc. The world IS a pretty black and white place.

        It is however possible for nations to co-exist in a state that is neither ally nor hostile. It should be possible to have fairly neutral trade relations without being antagonistic or buddy buddy lets all share each others secrets, five eyes... All it takes is a basic set of rules both parties can agree to play by. This should espe

        • The world is a pretty black and white place only if you are a kid or mentally ill (borderline personality disorder for example).

      • They aren't officially. They US government doesn't declare tham an ally or an enemy.

        However, the US has nuclear missiles targetted at China ready to be launched in minutes. China has nuclear missiles targetted at the US ready to be launched in minutes. For practical purposes that surely makes them more enemies than friends :)

      • you stupid? oh, you are a shill. i see.
        • by AvitarX ( 172628 )

          No, just think that enemy is a pretty harsh word for a country we have normal diplomatic relations, no war (or even proxy war), and a lot of trade with.

    • by MachineShedFred ( 621896 ) on Monday January 29, 2018 @08:58AM (#56025993) Journal

      Enemy? Was there a declaration of war from the Congress that everybody but you missed?

      I think the word you are looking for is "rival". And countries having rivals can sometimes be a good thing - it keeps everybody honest.

      • by nine-times ( 778537 ) <nine.times@gmail.com> on Monday January 29, 2018 @09:27AM (#56026179) Homepage

        They're more like a "frenemy", as much as I dislike the word.

      • it keeps everybody honest.

        Could you tell that to the current administration? I would have gone with "it keeps everybody on their toes".

    • Fine them for what? For not handing the info to the NSA so they could spy on the world instead? Could I be present for that trial? And that reason for the judgement? Because that's the ONLY thing you could sensibly cite as a reason. Care to explain that to the rest of the world?

      There is exactly nothing the US can (officially) do now without looking ridiculous and provoke some kettle and pot comparisons.

    • China is an economic competitor to the US. Being roughly the same geographic size, but a population 10x the amount of the United States. The fact that China hasn't killed us economically isn't due to anything the U.S. has done, but a failure in China to fully use its resources.
      Now China is the supplier using Intels chips. When Intel told them first, it allows them to do something about it. Telling the US Government will just cause yelling, screaming and hearing, but not actual work towards solving the pro

      • by epine ( 68316 )

        China is an economic competitor to the US. Being roughly the same geographic size, but a population 10x the amount of the United States.

        Of which 8x are liabilities, rather than assets.

        You can't even send China's bottom billion into battle without somehow having to feed them. If China declared war on Russia, the general M.O. would be to launch an invasion of Moscow in the early spring, while providing the troops with no warm clothing should the invasion fail to conclude promptly. That would be the Chinese a

    • by Megol ( 3135005 )

      And you prefer that the country we know attack internal and external targets using exploits should have the ability to exploit others?

      Fuck you.

    • Comment removed based on user account deletion
    • by HiThere ( 15173 )

      Enemy is perhaps too strong a term, though adversary is definitely appropriate.

      I think a more appropriate punishment would be preferring other suppliers over Intel in all government contracts, and perhaps canceling some contracts that have already been awarded.

  • by thegarbz ( 1787294 ) on Monday January 29, 2018 @08:20AM (#56025799)

    Talk about a non-story. Vendors told of problems that only vendors can fix before non-vendors involved.

    News at ... fuck it, this is not news. It belongs in the Daily Flail.

  • Or not? (Score:4, Informative)

    by TimothyHollins ( 4720957 ) on Monday January 29, 2018 @08:23AM (#56025811)

    There's no immediate evidence to suggest that China has taken advantage of the flaws, but that's not the point -- it's that the U.S. government could have helped coordinate disclosures to ensure that enough companies had fixes in place.

    Not to mention it would have been really handy for NSA to take advantage of the flaws for a while to spy on the Chinese government.

  • Come again please? (Score:4, Insightful)

    by bickerdyke ( 670000 ) on Monday January 29, 2018 @08:42AM (#56025901)

    it's that the U.S. government could have helped coordinate disclosures to ensure that enough companies had fixes in place.

    With all the NSA disclosures of the last years, the US government did not exactly proofed themselves as more reliable when it comes to fixing things as compared to keeping them private and using them to spy on others.

    Please note that I'm NOT saying Chinese, Russian or any other government would be trustworthier, so skip those replies

  • He has to do it.

    He has to NUKE EM NOW!

  • You're pissed that for a change a different secret service gets to spy on the world with a 0day?

  • by hey! ( 33014 ) on Monday January 29, 2018 @09:27AM (#56026185) Homepage Journal

    calling the accusations "speculative and baseless" is not actually a denial.

  • "When the last Capitalist is hung he will sell us the rope to do it" - Nikita Khrushchev While China is no longer a Communist state they learned the lessons well. The oligarchy that will rule the world will not be based in the West.
  • Why is it automatically assumed US would do good, but China bad? Haven't we seen Wikileaks? I am 100% sure US would keep it secret and use this however they could dream about. They are no Robin Hood. Works, not words define who you are. Both regarding person or country.
  • How does one ensure proper punishment for a Corporation?

  • ... who is worse: Chinese firms or US government?

The more they over-think the plumbing the easier it is to stop up the drain.

Working...