마지막 날의 가장 공진 뉴스 중 하나는 MDS에 새로운 취약점 클래스의 발견이다 (마이크로 아키텍처 데이터 샘플링).
나는t is peculiar that owners of PCs, 인터 AMD 프로세서와 경쟁 장착, 위험 벗어; 생산자는 그의 제품은 새로운 취약점의 영향을받지 않습니다 확인.우리의 기사에서 이것에 대해 읽기: Zombieload 및 회사: 연구원은 인텔 프로세서의 취약점의 새로운 클래스를 발견
Concerning Intel, it seems like experts were mistaken when thought that after story with 붕괴 과 Spectre vulnerabilities they cannot be surprised. New scandal continues to gain momentum and recently was investigated that Intel allegedly tried to get more time and buy silence of researchers from 암스테르담 자유 대학 that found new vulnerabilities in Intel processors.
“Intel offered to pay the researchers a $40,000 “reward” to allegedly get them to downplay the severity of the vulnerability, and backed their offer with an additional $80,000. The team politely refused both offers”, — Dutch publication Nieuwe Rotterdamsche Courant reports.
The case is obligatory condition of remuneration payments in Intel is signing standard non-disclosure agreement on confidential information. 그래서, if proposition is accepted, researchers oblige to be silent about vulnerabilities and discussing this top-secret information with the narrow circle of authorized employees.
In Intel explain such approach by the necessity of allocating time on investigation of issues and development of respective patches while disclosing of data prior to these interventions increases risk that attackers will use gaps before than they will be closed.
Researchers allegedly were not satisfied by this variant and they decided to refuse from reward to be able to share information about vulnerabilities and related risks with the public.
And here it all fits: updates of processors’ microcodes and relevant patches from vulnerabilities for different software just started to deploy for susceptible devices to a new class.
