[Cryptography] INTC: Insecurities Inside; from trust to rust

[Henry Baker]

FYI --

https://www.theregister.co.uk/2018/01/25/intel_spectre_disclosed_flaws_november/

Intel alerted computer makers to chip flaws on Nov 29

Total coincidence: That's the ***same day*** Chipzilla's CEO sold off his shares

By Rebecca Hill 25 Jan 2018 at 17:46

Intel quietly warned computer manufacturers at the end of November
that its chips were insecure due to design flaws, according to an
internal Chipzilla document.

French tech publication LeMagIT reported this week it had obtained a
top-secret Intel memo sent to OEM customers on November 29 under a
confidentiality and non-disclosure agreement, meaning the hardware
makers were banned from discussing the file's contents.

That date is about six months after the chip maker was warned in June
2017 about the blunders in its blueprints by researchers at Google and
university academics.

On Wednesday this week, LeMagIT's Christophe Bardy revealed the first
page of that 11-page document, titled "Technical Advisory", from the
Intel Product Security Incident Response Team.  It describes the
security vulnerabilities we now know as Meltdown and Spectre, and when
it planned to go public.

It stresses that the issue should remain absolutely confidential.
Recipients should "encrypt any sensitive details using our PGP key" if
they had "any questions, requests for technical details or proposed
coordination with other parties", the note added.

The flaws would be publicly disclosed in an Intel security advisory on
January 9, Intel said in its memo (failing to predict El Reg's scoop
on January 2.)

The date of the disclosure to OEMs is likely to raise eyebrows as it
happened on the same day Intel chief exec Brian Krzanich sold shares
in his company worth $25m before tax.

Intel has denied any impropriety, saying Krzanich's decision to sell
was part of a standard stock sale plan that had been organized in
October.

At the end of November -- when the general public was none the wiser
-- the stock dump was seen as notable because Krzanich sold about half
his Chipzilla shares, keeping the minimum of 250,000 required under
his employment contract.

After The Register revealed the processor design flaws, Intel's stock
price dropped at least eight per cent -- enough to trigger lawsuits
from investors seeking to recoup their losses.

The company's quarterly results are due out later today -- and execs
will no doubt be preparing for a grilling from analysts on the earning
call.

https://seekingalpha.com/article/4140338-intel-intc-ceo-brian-krzanich-q4-2017-results-earnings-call-transcript

...  I would like to share a few words about security.
We've been around the clock with our customers and partners to address
the security vulnerability know as Spectre and Meltdown.  While we
made progress, I'm acutely aware that we have more to do, we've
committed to being transparent keeping our customers and owners
appraised of our progress and through our actions, **building trust.**

**Security is a top priority for Intel,** foundational to our products and
it's critical to the success of our data-centric strategy.  Our near
term focus is on delivering high quality mitigations to protect our
customers infrastructure from these exploits.  We're working to
incorporate silicon-based changed to future products that will
directly address the Spectre and Meltdown threats in hardware.  And
those products will begin appearing later this year.

However, these circumstances are highly dynamic and we updated our
risk factors to reflect both the evolving nature of these specific
threats and litigation as well as the security challenge more broadly.
Security has always been a priority for us and these events reinforce
our continuous mission to develop the world's most secured products.
This will be an ongoing journey, but we're committed to the task and
I'm confident we're up to the challenge.  To keep you informed, we've
created a dedicated website and we're approaching this work with
customer first urgency.  I've assigned some of the very best minds at
Intel to work through this and we're making progress.

...

In 2018, our highest priorities will be executing to our strategy and
meeting the commitments we make to our owners and our customers.  This
concludes our commitment to restoring customer confidence in the
security of their data.

...

Our PC-centric business was down 2% in a declining PC market and it
continues to be a great source of profitability.

...

we don't expect any material impact of this security exploit on
our spending or product cost or any of that.

----------------
Bottom line: no one gives a cr*p about security -- especially in PC's.

"Intel shares surge to 17-year high"
"Intel shares hit dotcom-era highs"

"We're working to
incorporate silicon-based changed to future products that will
directly address the Spectre and Meltdown threats in hardware."

Translation: NSA told us we had to make HW changes, as SW changes
are trivial to reverse.

"Our PC-centric business was down 2% in a declining PC market and it
continues to be a great source of profitability."

This quote says it all; translation:

"Our PC business is a cash cow, but since it isn't growing, we won't
be investing any money into it."

It's time to build open source PC's using non-Intel chips.