"Fusing" and "ghost" Two major CPU vulnerabilities have caused global concern because of the seriousness of the problem and the wide range of effects. Into February, just as we think about the loopholes in things almost quieter, but also been exposedMalicious software that exploits the "fusing" and "ghost" vulnerabilities will be available.
This can not help thinking, these chips are there any other loopholes were not exposed? Or how to find more loopholes, which in advance to repair, to be well-intentioned to use?
Well-known hardware hacker Huang Xin Guo yesterday in the blogSend a documentSaid: After the incident, many people expressed anger Intel. Indeed, in fact, things could have been handled better, especially in terms of transparency and information sharing among relevant user groups that could have worked together to deploy effective patches in a timely manner. Many people are now asking Intel to pay for or get back the chip, but let me emphasize that I want Intel to be more transparent in sharing bugs and source code. The more eyes you stare at the code base, the more bugs you can find and patch.
If Intel is willing to release full microarchitecture hardware design specifications, microcode, firmware, and software source code (such as AMT / ME), the community will work together to find out more security bugs hidden in Intel hardware and then Intel will be able to waive it Any claims related to Specter / Meltdown exploits, such as recall of chips.
Wong Shin-kuo also believes that the open source community can use the Specter and Meltdown crises as a chance to change the status quo, pushing closed-source chip makers to share their complete design documents without compromising consumer protection, making the hardware more transparent and more open.