Ars Technica on Intel releasing microcode updates to combat the historic Spectre vulnerability:

After recommending customers not use its microcode fix for Broadwell and Haswell chips, Intel has issued a new microcode update for Skylake processors that gives operating systems the ability to protect against the Spectre flaw revealed earlier this year.

The Spectre attacks work by persuading a processor’s branch predictor to make a specific bad prediction. This bad prediction can then be used to infer the value of data stored in memory, which, in turn, gives an attacker information that they shouldn’t otherwise have. The microcode update is designed to give operating systems greater control over the branch predictor, enabling them to prevent one process from influencing the predictions made in another process.

Intel’s first microcode update, developed late last year, was included in system firmware updates for machines with Broadwell, Haswell, Skylake, Kaby Lake, and Coffee Lake processors. But users subsequently discovered that the update was causing systems to crash and reboot. Initially, only Broadwell and Haswell systems were confirmed to be affected, but further examination determined that Skylake, Kaby Lake, and Coffee Lake systems were rebooting, too.

In response, consumers were advised not to use the new microcode, and operating system features that leveraged the new capabilities were disabled.

Although this update addresses the Spectre issue, the actual fix is going to take years. An architecture update is required to fully solve this, and the Meltdown, issues.

This makes me wonder how many other unknown vulnerabilities remain in Intel chips that, say, national intelligence agencies are aware of but Intel is still in the dark.

TechCrunch reports:

Intel notified some of its customers of the security flaws in its processors, dubbed Spectre and Meltdown, but left out the U.S. government as part of that. Some of the companies Intel notified included Chinese technology companies, though the report suggests there is no evidence that any information was misused. An Intel spokesperson said that the company wasn’t able to tell everyone it planned because the news was made public earlier than expected.

So the real questions are: did China inform Russia of these vulnerabilities, and has Russia created tools to leverage these exploits? Why would Intel hide this information from the United States government?

This goes back to something I am adamantly against: withholding news of vulnerabilities of this nature so the intelligence communities can stockpile and leverage internally developed exploit kits to their so-called advantage.

A few self-proclaimed experts on the cyber security industry are cheering for a potential divestiture of Intel Security:

A divestiture could come as part of Krzanich’s broad restructuring of the company away from PC-dependent businesses. In April, Krzanich said he would cut some 12,000 jobs and shift resources towards higher growth areas. Since the announcement, Intel has already cut back on some of its mobile chip lines that failed to get traction.

“The sale of McAfee would contribute to Intel’s employee reduction target without actually costing exiting employees their jobs,” Argus Research analyst Jim Kelleher said in a recent report. “Intel may also sense that the time is right for cybersecurity industry consolidation.”

Cyber security is a tough industry to be in these days. Symantec is attempting to make a come-back, after years of missteps, with their recent acquisition of Blue Coat. Cisco, FireEye, Palo Alto, and the myriad other vendors are all trying to do what Intel Security can already do: integrate the various products into a single cohesive piece of defense and automated remediation technology.

On the one hand, Intel is a huge company and is likely weighing down Intel Security. It is obvious the mothership is uninterested in integrating security technology at the chip level otherwise it would have already happened.

On the other hand, Intel is a huge company and capable of backing a vital business like Intel Security, providing the business unit with much needed financial resources and management expertise.

It will be very interesting to see how this shakes out over the next month.

VentureBeat discusses some plausible reasons why separating Intel and McAfee (aka Intel Security Group) is smart for both businesses:

There were a few small combinations that emerged but the pair never pulled off a bigger play, mainly because there was insufficient focus from management on making it happen. As time passed after the acquisition, it seemed that the separation between McAfee and Intel grew instead of shrinking. And 2-3 years ago, it was clear that McAfee, even as it changed its name to Intel Security, was primarily a standalone operation and not a fully integrated Intel technology play.

Of course, changing market dynamics haven’t helped. The PC market is currently troubled, with shrinking unit sales and an extended refresh cycle. That limits any benefits to Intel, as McAfee (as well as its competitors) struggle to get back to the growth of previous years. And with all of the uptake of mobile devices, most of which are not protected at all, there is minimal sales potential for McAfee in this growth market. This lowers any possible upside in volumes to make up for the reduction in PC sales. Most mobile device security is provided by an entirely new breed of player, and McAfee never sufficiently made the transition. Although it did make a few acquisitions along the way, none materialized into anything significant, due primarily to lack of focus on this emerging market by McAfee management.

Ex-McAfee CEO and current Forescout CEO, Mike DeCesare along with Vice President of Global Sales, Steve Redman, lack the necessary vision to drive a large ship like McAfee to where it needs to go. On the other hand, Chris Young, and the management team he has assembled, seem very intelligent and poised to make the right moves to get McAfee skating to where the puck will be rather than where it is right now.

Part of me wonders if Chris Young was brought onboard with the knowledge of the endgame: clean things up and get McAfee in tip-top condition so the business unit can be sold for a profit. If the was the goal, it is a tough job considering Intel paid $7bn for McAfee five years ago.

CRN is speculating on five potential destinations for Intel Security. I found this one the most intriguing:

Cisco has been betting big on its security portfolio over the past year, focusing on building out a holistic set of security solutions that it says will outpace competitors Palo Alto Networks and FireEye. That “Security Everywhere” push has led to multiple recent acquisitions, including Lancope, OpenDNS, Portcullis and Neohapsis. Most recently, Cisco said this week that it plans to acquire cloud security startup CloudLock for $293 million. Partners said Cisco’s deep pockets and a desire to continue expanding its portfolio would likely put it in the running for companies that could be interested in Intel Security.

Guess where Chris Young worked prior to joining Intel?


An apparent design flaw in older Intel processors appears to open the chips up to rookit attacks, according to presentation at Black Hat by Christopher Domas, a security researcher with the Battelle Memorial Institute:

By leveraging the flaw, attackers could install a rootkit in the processor’s System Management Mode (SMM), a protected region of code that underpins all the firmware security features in modern computers.

Once installed, the rootkit could be used for destructive attacks like wiping the UEFI (Unified Extensible Firmware Interface) the modern BIOS or even to re-infect the OS after a clean install. Protection features like Secure Boot wouldn’t help, because they, too rely on the SMM to be secure.

The attack essentially breaks the hardware roots of trust, Domas said.

Intel did not immediately respond to a request for comment. According to Domas, the chipmaker is aware of the issue and has mitigated it in its latest CPUs. The company is also rolling out firmware updates for older processors, but not all of them can be patched, he said.

To exploit the vulnerability and install the rootkit, attackers would already need to have kernel or system privileges on a computer. That means the flaw can’t be used by itself to compromise a system, but could make an existing malware infection highly persistent and completely invisible.

The ability to install a rootkit at the chip level is both fascinating and terrifying at the same time. Security on the chip is the exact reason why Intel acquired McAfee, so hopefully we will begin to see the fruits of that labor at some point in the near future. Chips need just as much protection as software.

Disclosure: I work for Intel Security.

I am not sure if this is mere clickbait or if the Richard Stiennon actually believe what he wrote, but apparently he is under the impression that Intel should spin off McAfee just as they are in the midst of finally integrating the two companies together. He even offers up five reason for why he feels this would be a smart move:

Here are five good reasons for Intel to reverse the blunder of 2010.

1. Symantec is coming back. Symantec too has made its mistakes. Up until Intel acquired McAfee, Symantec held the record for blunders. It acquired a data center behemoth, Veritas for $14 billion in 2004. Only recently has Symantec decided to reverse that decision.

During the last four years Symantec has been a tad rudderless. It is too bad McAfee was no longer in a position to gain market share. That opportunity was left to the other vendors in the space, Sophos, Eset, and Trend Micro, to name three. On top of that a slew of endpoint security vendors have cropped up to address the failings of traditional signature based AV. Cylance, Bit9/CarbonBlack, CounterTack(which just announced the acquisition of Mantech’s Cyber Security products, the remnants of HBGary). Even FireEye, (the company Dave Dewalt went on to lead to an IPO after handing off McAfee to Intel) has made an endpoint security play with the acquisition of Mandiant.

One of the reasons I would attribute to McAfee having only flat revenue (as opposed to plummeting) since the acquisition is that its largest competitor, Symantec, has been stalled out itself. That is about to change. After Symantec finally spins off Veritas it is coming back with a vengeance.

Seriously, Symantec is making a comeback? In what universe?

2. Brand confusion. Branding is important in the security space and Intel is attempting to re-brand McAfee to “Intel Security.” It’s a great name but does nothing for the $55 billion a year Intel brand and confuses buyers of McAfee products. Regardless of the Intel acquisition, McAfee was headed towards a branding train wreck as the weirdest character in an industry known for its oddballs, John McAfee, came out of hiding from an experimental drug retreat in Belize to make a come back, first with a truly strange YouTube video, and now on the lecture circuit. This is a golden opportunity to spin off McAfee with a clean name.

Because, you know, Intel Security is not a clean name, right?

Read the rest of the article for a what seems to be a humorous look into the mind of someone who is out of touch.

WSJ on Cylance hiring Malcom Harkins, the Chief Information Security Officer from Intel:

He said he decided to leave Intel after taking a sabbatical last summer and thinking about how he could have a bigger impact on the understanding of cyber-risk, mitigation and management.

At a startup, he said, with “every decision and action, you can immediately see the visible impacts of that…I’ve never been in a smaller company or startup.”

Mr. Harkins knew Cylance founder and Chief Executive Stuart McClure since the latter’s previous company Foundstone was acquired by McAfee, which in turn was acquired by Intel. Mr. McClure stuck in Mr. Harkins’ mind, he said, because of a book Mr. McClure wrote that predicted more than a decade ago the tech risk of cybersecurity.

“I think the perfect storm of risk has hit, with the vulnerability cycle and the malware we’re seeing on devices,” Mr. Harkins said.

He also chose Cylance, whose technology uses mathematical models and machine learning to block bad or unknown items before they execute their payloads, because the technology is effective enough to lower both risks and security costs, he said. It also doesn’t penalize users by hogging processor and memory resources like some other malware prevention technologies he has seen.

Disclosure: I work for Intel Security.