» 뉴스 » 인텔은 MDS 취약점을 발견 한 연구자의 침묵을 구입하려고

인텔은 MDS 취약점을 발견 한 연구자의 침묵을 구입하려고

One of the most resonant news of the last days is discovery of new vulnerability class on MDS (마이크로 아키텍처 데이터 샘플링).

나는t is peculiar that owners of PCs, equipped with competing with Inter AMD processors, are out of risk; producer confirmed that his product is not affected by new vulnerabilities.

Read about this in our article: Zombieload 및 회사: 연구원은 인텔 프로세서의 취약점의 새로운 클래스를 발견

Concerning Intel, it seems like experts were mistaken when thought that after story with 붕괴Spectre vulnerabilities they cannot be surprised. New scandal continues to gain momentum and recently was investigated that Intel allegedly tried to get more time and buy silence of researchers from 암스테르담 자유 대학 that found new vulnerabilities in Intel processors.

“Intel offered to pay the researchers a $40,000rewardto allegedly get them to downplay the severity of the vulnerability, and backed their offer with an additional $80,000. The team politely refused both offers”, — Dutch publication Nieuwe Rotterdamsche Courant reports.

The case is obligatory condition of remuneration payments in Intel is signing standard non-disclosure agreement on confidential information. 그래서, if proposition is accepted, researchers oblige to be silent about vulnerabilities and discussing this top-secret information with the narrow circle of authorized employees.

In Intel explain such approach by the necessity of allocating time on investigation of issues and development of respective patches while disclosing of data prior to these interventions increases risk that attackers will use gaps before than they will be closed.

Researchers allegedly were not satisfied by this variant and they decided to refuse from reward to be able to share information about vulnerabilities and related risks with the public.

독서  슈퍼맨 팬들은 위험에: NSSC 전문가들은 가장 일반적인 암호 목록을 생성

And here it all fits: updates of processors’ microcodes and relevant patches from vulnerabilities for different software just started to deploy for susceptible devices to a new class.

출처: https://www.techpowerup.com

[합계: 0    평균: 0/5]

트로이 킬러 소개

메모리 스틱에 트로이 킬러 휴대용 운반. 당신은 당신이 어디를 가든 당신의 PC가 어떤 사이버 위협에 저항 도울 수 있는지 확인하십시오.

또한 확인

오라클 웹 로직 취약점

오라클 웹 로직 서버에서 중요한 취약점을 제거하기 위해 긴급 패치를 출시했습니다

이 회사는 실제 공격이 사이버 범죄자의 알 수없는 그룹이 적극적으로 이미 말했다 …

MMC의 취약점은 시스템에 대한 제어를 복용 허용

마이크로 소프트 관리 콘솔 (MMC), 구성 및 시스템 성능을 추적하기 위해 시스템 관리자가 사용, …

회신을 남겨주