... and there's the AMD suit

Subject: General Tech | January 18, 2018 - 03:27 PM |
Tagged: Intel, amd, spectre, meltdown, Lawsuit

The lawsuit against Intel was launched last week and yesterday a similar case was launched against AMD by a shareholder, alleging that the company knew about their vulnerability to Spectre and hid that information causing detrimental affects to stock prices.  There were several interesting points in the way the two cases differ, which The Register highlighted.  The first is the timing, Intel's case encompasses the time from 27 July 2017, to 4 January 2018 while AMD's lawsuit starts the day of their last end of year report, 21 February, 2017.  Not only does this encompass a longer period of time that the suit against Intel, it starts well before 1 June, 2017 when Project Zero first informed AMD of the vulnerability.  Also worth noting is that AMD's stock prices are higher than they were at the beginning of 2017 which makes any damage to share prices hard to demonstrate.

The various companies that are vulnerable to Spectre, Meltdown or both need to make right by this but it is somewhat interesting to see the disparity between these two specific cases.

View Full Size

"Responding to the class-action lawsuit, an AMD PR rep told The Reg: "We believe these allegations are without merit. We intend to vigorously defend against these baseless claims."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

January 18, 2018 | 05:16 PM - Posted by ReadThislawerzBeforeYouJump (not verified)

"1 June, 2017 when Project Zero first informed AMD of the vulnerability", so AMD needs time to do some testing of its own and test any Proof Of Code and then more time to engineer a fix before the vulnerability should be disclosed. AMD would get more lawsuits from any premature disclosure if there where no fixes available and Google's project Zero gives a 90-day-deadline in the problem is being ignored, and these problems where not being ignored by AMD/Others.

There is also the question of Google's Project Zero being convinced that there may be more time necessary than only 90 days because of the Hardware nature of the Meltdown and Spectre Bugs and that's a bit different than simply some software fixes as it also includes microcode fixes. So did Googles' Project Zero itself hold off on revealing anything after that 90 day deadline due to the severity/complexity of the problems related to remediation of the Meltdown and Spectre issues in both hardare and OS/Software.

There are a lot of issues to consider and any lawsuits with ill conceived timelines are not going to make it past any initial judicial findings on justifiable delays in reporting any vulnerabilities until the remediation steps are finished and can be pushed out.

There are necessary steps necessary to revealing any security vulnerabilities and the proper patches have to be engineered and Google’s Project Zero/other security researchers can be asked for more time if the complexity of the problems requires more time. This, after all, affects more than just AMD and Intel x86 designs it affects all the other ARM/Power/Sparc/etc microprocessors and mainframes also.

Here is an interesting article from the Verge(1) so this timeline needs to be looked at and this was no normal set of security issues for sure.

According to the Verge Article:

"Project Zero’s official policy is to offer only 90 days before going public with the news, but as more companies joined, Zero seems to have backed down, more than doubling the patch window. As months ticked by, companies began deploying their own patches, doing their best to disguise what they were fixing. Google’s Incident Response Team was notified in July, a month after the initial warning from Project Zero. " (1)

"Keeping Spectre secret

How an industry-breaking bug stayed secret for seven months — and then leaked out"

[Spam Filter Blocking link so fix the link with the proper hyperlink info]

w w w theverge Dot com/2018/1/11/16878670/meltdown-spectre-disclosure-embargo-google-microsoft-linux

January 19, 2018 | 03:28 AM - Posted by Marco (not verified)

I wonder how they would make the case they knew about Spectre, even if you suspected BTB could be used as a sidechannel the way Spectre did it was far from obvious. Unlike Meltdown, which was a pretty straightforward exploit all considering.

January 19, 2018 | 10:20 AM - Posted by Tracy (not verified)

Guess what, Intel's CEO months before the Meltdown flaw was announced sold all $27 million dollars worth of his stock in Intel. No one has to tell me, that Intel didn't know about the Meltdown flaw before hand.

With Intel's flaw, it goes all the way back to first gen i7 cpu's and there is no word, when or if those cpu's including Haswell chips, like I have will ever get the bios fix.

January 19, 2018 | 10:43 AM - Posted by OhHowWithoutFairCompetitionEnforcedTheCornersAreCut (not verified)

Don't forget the laptop OEMs as they will most likely not be providing the proper microcode fixes with any new firmware updates on the older laptop SKUs with millions of SandyBridge and IvyBridge based SOC's in laptops out there.

Those first generation Intel core i series laptops need the same sorts of fixes and fat chance that will happen.

But you know before folks knew about Meltdown and Spectre that Intel was an abusive monopoly ineterest and people did not see any problem with that. And now folks are shafted with their mostly Intel SOC based laptops that may never see any fixes from the laptop's OEMs. So Intel chose performance over security and wasted billions on Contra Revenue to buy its way into the mobile market and that did not work out so well for phones and tablets but Intel doninated the laptop markets with kickbacks for decades even when AMD's APUs offered better graphics.

At one time everybody was happy with Intel Inside until Meltdown/Spectre came along and see where monopolies get the consumer in the long run.

January 19, 2018 | 10:21 AM - Posted by Tracy (not verified)

I have no respect for companies such as this, not when they keep secrets like this, or in the case of Intel start selling stock before it's announced.

January 23, 2018 | 05:15 AM - Posted by Spunjji

You might want to re-read the post. AMD are being accused of keeping something secret that they didn't even know about in the time-frame presented. The case is absurd.

January 20, 2018 | 11:05 PM - Posted by Mr.Gold (not verified)

This is going to be impossible to prove...

AMD is the LEAST vulnerable of all. (intel, arm, apple, etc..)

I can already see all party joining against this and plaintiff just being money bags for the lawyers....

January 23, 2018 | 08:56 AM - Posted by Johan Steyn (not verified)

This case is probably financed by Intel to try and get focus shifted from them. They are very capable to do this and has done unethical stuff before.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

This question is for testing whether you are a human visitor and to prevent automated spam submissions.