Autor: Don Wright Data: Dla: dng Temat: Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)
Narcis Garcia wrote:
>El 15/08/17 a les 17:04, Hendrik Boom ha escrit:
>> What implications does this have for security? Allow me to shudder.
>As Far As I Know, CPU makes what software asks to do.
>If software doesn't call some CPU functions, those functions will not work.
The counter-argument is that hidden instructions may hide additional bugs
because they are not being used as much as published instructions. Even
without flaws, "private" instructions may do dangerous things such as
bypassing inconvenient security restrictions. And just like cheat codes in
games, the existence of such hidden functions is likely to leak to those
interested in exploiting them. [Everyone chant the Konami Code.]
Even if they stay in the "proper hands", how many flawless programs do you
know of from the big vendors listed in the Bloomberg quote? If these
instructions aren't being used, as Narcis Garcia suggests, why did the
vendor ask for the instruction in the first place?
And finally, when a program does something "impossible" that costs you
money, which of the dozens of vendors of code running simultaneously accepts
the blame? --Don