General Discussions

Maybe Intel will give a discount to certain sized businesses to switch to a unaffected Intel processors. But I seriously doubt that will happen unless as you mentioned a Class Action lawsuit is filed against Intel.

Good chance of AMD to take advantage and maybe offer special prices on replacing affected Intel processors with AMD processors or computers.

Either way is a lose-lose situation for businesses with many Intel computers.

It would be a great PR move to offer a discount or rebate for Intel CPU owners by AMD if they buy a new AMD system.  I could see companies like Dell an HP getting on board with move like that. The likely behind the scenes backlash by Intel though would be brutal. 

I am just glad that so far AMD seems to be mostly unscathed by these issues. 

I was thinking the same thing. Need to wait until other Security firms can test and verify the bug found by Positive Technology.

But if found to be true and verifiable than companies that have Intel computers with sensitive data, no matter how remote of a chance of being hacked, will be vulnerable.

With a home computer I would say the use of a compromised chip is negligible. The problem in the corporate world is the term "due diligence". A company responsible for sensitive data has to show that they have done a reasonable job thwarting a potential malware attack. This has already had precedent setting cases in court. So continued use of a processor that ends up getting breached would likely greatly increase any jury award against a company that compromised data. It would also give insurance companies normally on the hook for covering damages and escape clause. So while expensive to fix it is still cheaper than what the theoretical damages could be. 

Interesting, Good explanation. So does "due diligence" come into affect on a possible security issue that hasn't be verified by other sources yet or an security issue that has be verified by several sources?

As far as I know there is no major checklist anywhere to make sure you cover your bases. However IT professionals are expected to stay on top of current trends, both malware itself and the protection against it. Our company for instance is audited by a 3rd party yearly for its IT planning, security and implementation. They specifically look at what security you are using and that is it up to date, how you are handling patch management etc... The new thing last year was the inclusion of specifically asking about hardware and bios and firmware patching. This is an area in the past that is hugely overlooked. It is also an area that I have done a good job of realizing the potential for intrusion. I have made sure to the best of my ability that hardware drivers and firmware are up to date as these are huge areas where intrusion begins.  These type of audits are often required by insurance and or lending institutions that financially back your business. 

I would say that in the case of an unknown security breach happening due to an unpublished or never before exploited hack being a sole reason for insurance being able to deny a claim unlikely. However if you couple that with for instance a router that is outdated and unsupported and having Windows 7 machines on your network and having unpatched work stations, combined with not having you infrastructure properly locked down. Then you have not done due diligence and you have given everyone all the ammunition needed to sue you and not cover your losses. 

I go to a major tech summit every May in my town and the past 4 years this has been the biggest topic at these meeting.

Last summer I put in a new Sonic Wall that has much better security than my older Cisco Small Business router that was announced as end of life and would be getting no more updates. So say for instance this summer we get hacked. I can show that I put in place a new better and supported router. I can show that all my servers and workstations are running currently supported OS's and have all critical patches installed. I can show they are running security software that is up to date and that can be a simple as Windows Defender.  I have a couple of Widows 7 machines that run proprietary equipment that it is impossible to update, however on those machines I have blocked access from them using the internet and document when it was done. That is an example of doing "due diligence".

The problem is that while I can't really prove what I am saying, my best guess is that likely half of all small business are not doing even a minimal job of securing IT infrastructure and their customers data. 

One of the comments made at the Tech Summit a couple years ago though made me really reflect on just how trivial all you do to protect you environment really is. The speaker was commenting on how the really good high level hackers, like government level or corporate sponsored could have software running and you would never know it. The best malware doesn't bog down you machine or make itself known in any way. It just silently does its job and you hope that eventually your malware detection software will catch it. 

Seems like the new vulnerabilities found on AMD processors can be patched either through Hardware or software or both. It mentions that AMD doesn't have a fix yet.

Whereas, The Intel bug in the article, you need to physically replace the processor for a 10th generation Intel to fix it.  That is if the Intel bug can be validated by other security sources.

If the Intel bug is validated than it is a big difference between AMD bugs which seems to be fixable with a patch and Intel which isn't fixable even with a patch. The only fix for the newly discovered Intel bug, if true, is replacing the processor with a 10th generation Intel processor.

Another day, another vulnerability, and this one affects 10th generation Intel chips even with existing Meltdown-type fixes. Intel's response is that it's so difficult to take advantage of that it's not going to be, and that's likely true.

https://www.tomshardware.com/news/load-value-injection-vulnerability-found-in-intel-chips