Inside each of our smartphones and laptops is a central piece of software known as the “Processor”. It acts similar to the brain for human. People who buy computers want to achieve two things: faster and better looking computers. “My computer is too slow, I need a faster one”. Consequently, manufacturers of processors have put a lot of emphasis on increasing speed.
When the automobile industry started off, seatbelts and crash bags did not exist. It wasn’t until a number of casualties on the road that it became a standard feature of almost every car today. The computer industry is going through the same phase right now. Processors that were designed like the first racing cars are experiencing their security problems. In the beginning of the year, Spectre and Meltdown have caused a number of large companies such as Google, Facebook, Amazon to update their datacenters with security updates for their Intel processors.
Intel has been very selective with informing their customer base, despite holding close to 90% of the Processor market on desktop and laptops. Recently, I watched closely as Operating Systems such as OpenBSD and DragonflyBSD made requests to Intel to be part of the security process for a new set of processor flaws. Surprisingly, Intel chose to work closely with a few vendors only. This caused a number of issues as some Operating Systems had access to documentation to fix their products while others did not. In search of answers, I sent a public email to Intel as a customer. Unexpectedly, the email was reproduced on a number of high profile websites. A few hours later, Intel published a document that anybody could consult.
So frustrating has been the experience that OpenBSD & DragonflyBSD developers decided to work together, independently discover security flaws and provide fixes. This has created 2 camps working on the same problem. I was able to get my hands on the details of those vulnerabilities and I believe that there needs to be better discussion around them. I would recommend disabling Hyper-threading in your BIOS until the flaws become public.
Why are only a few customers allowed in? Why is the embargo process taking so long? How many website owners choose to buy cloud storage from other companies? What will happen to small and medium companies in Mauritius? On Saturday, hackers.mu – a security group in Mauritius – is going to talk about those issues at 2pm at Flying Dodo and how it fits the Mauritian context.