[AusNOG] [AUSNOG] MS patches Intel memory management

Lloyd Wood lloyd.wood at yahoo.co.uk
Mon Jan 29 14:39:45 EST 2018

A better car analogy is the introduction of seatbelts,
which was eventually mandated by law. You could buy a car
without seatbelts, if you liked...

but in both cases, excessive speed is clearly a hazard.

From: Karl Auer <kauer at biplane.com.au>
To: ausnog at lists.ausnog.net 
Sent: Sunday, 14 January 2018, 12:26
Subject: Re: [AusNOG] [AUSNOG] MS patches Intel memory management

On Sun, 2018-01-14 at 11:20 +1100, Michelle Sullivan wrote:
> What will be as interesting is the word on why they are still
> selling flawed processors.... especially as they have indicated there
> is no way to fix it with an update.  Can you imagine selling a car
> that doesn't actually have working brakes and then saying, "not our
> problem it's working as designed"...

Well... no. The problem is "read only". If it kills people it will only
be as a (very) indirect consequence.

It's more like continuing to sell a car which will send photographs of
the contents of your glovebox to an attacker IFF the car contains
exactly four people, the driver is Swedish, and someone in a car
traveling behind you shines a torch up the exhaust pipe. I.e., both you
and the attacker have to meet some pretty rigorous preconditions for
the attack to succeed.

On the other hand, protecting your car against this attack prevents the
car from traveling at more than 70% of its advertised maximum speed. On
the other other hand, this will not affect most people most of the
time, since they rarely drive at more than 10% of the advertised
maximum speed.

So yes - it's a serious problem, but not a life-threatening one, unless
you want to get metaphorical about it.

As to warranty; IT consumers are notoriously underprotected in law. Not
sure why anyone would expect this case to be different...

Regards, K.

Karl Auer (kauer at biplane.com.au)

GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75
Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A

AusNOG mailing list
AusNOG at lists.ausnog.net

More information about the AusNOG mailing list