Major Intel CPU vulnerability
-
@jaredbusch said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
Given that we already know that the plan came AFTER it was already insider trading
You have yet to prove this statement. Nothing else you have said matters until you show proof.
@StorageNinja on the otherhand clearly showed proof that is was.
How did he show proof? I've seen nothing of the kind yet.
-
@storageninja said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
Pretty cut and dry insider trading, I wonder how much of hiding this flaw from the public was solely to hide the insider trading?
" To avoid charges of trading on insider knowledge, executives often put in place plans that automatically sell a portion of their stock holdings or exercise some of their options on a predetermined schedule, typically referred to as Rule 10b5-1(c) trading plans. According to an SEC filing, the holdings that Krzanich sold in November — 245,743 shares of stock he owned outright and 644,135 shares he got from exercising his options — were divested under just such a trading plan.
But Krzanich put that plan in place only on October 30, according to the filing. "
The plan was created in 2015 per Bloomberg.
You can also see the history of transactions here.Since the plan was set up, Krzanich has had a common trading pattern. In February, he gets his equity payout under Intel’s performance-based incentive plan. For fiscal years 2015, 2016 and 2017, he received 89,581, 87,061 and 278,868 shares, respectively. Then in the last quarter of each of those years, he makes sales that are proportionate to the awards he got. In the last quarter of 2015, he sold 70,000 and in 2016 he sold more than 50,000. And this year, the sale was much larger in light of the large payout he got in February.
Looks like he traded on 11/29.
Market Close was at $43.95 that day. Market Close today is $44.74 today. I expect Intel shares to go up as people realize public clouds need to buy 20% more compute this quarter (and it's too late to qualify to move those workloads to ARM/AMD systems, nor can AMD/GF handle an order that large).While I know insider trading doesn't require you actually make money off of it, I'd argue he missed out on gains by not waiting to sell until now. Intel is clearly fine, and while this is painful for a lot of people who have to go do patching, the market isn't punishing Intel in any serious way.
Note: the stock has doubled under Brian as CEO. This design decision was made in 1995 (well technically earlier given how long it takes to get something out the door).
Equifax is different in that their trades were NOT scheduled. Those yahoos are going to jail or to pay a token fine and promise not to do it again.
Also, EqualFax has only recovered 1/2 of its losses from the breach.Full SEC yadayadayada disclaimer, I hold no Intel, but am considering a long position in the near future.
This above is not "proof" in any way as equal sources say that a NEW trading plan was put in place and the one from 2015 was not followed. Which we know from observation, as the results weren't part of the pattern. Everything we know from sources after this is that this article was mistaken and had bad info that skipped that the NEW plan was AFTER the chip issue was known and that there WASN'T a pattern followed. Which is obvious, has he never did what he did before, ever.
-
The filing showed that the sales were part of a 10b5-1 plan, which was created on Oct. 30, just a month before Krzanich sold the shares. The 10b5-1 is a trading plan that company executives set up to sell stocks they own at a pre-determined time so that they are not accused of insider trading.
The reports about a 2015 plan appear to be misdirection to make people miss that there was a replacement plan put in place months after he know about the chip flaw. How much "proof" do you want? The "proof" that @StorageNinja isn't proof at all and relies solely on information like this not arising. That there was "a plan" before hand is a red herring.
-
One month before does not make an SEC pattern. This wasn't just not a pattern, it was basically a single transaction.
-
I really like the sources WordFence / Defiant uses:
-
-
-
Fedora and Spectre update: https://fedoramagazine.org/update-ongoing-meltdown-spectre-work/
-
Easily examine and understand any Windows system's hardware and software capability to
prevent Meltdown and Spectre attacks. -
@danp said in Major Intel CPU vulnerability:
Easily examine and understand any Windows system's hardware and software capability to
prevent Meltdown and Spectre attacks.Anyone tried this?
-
@ambarishrh said in Major Intel CPU vulnerability:
@danp said in Major Intel CPU vulnerability:
Easily examine and understand any Windows system's hardware and software capability to
prevent Meltdown and Spectre attacks.Anyone tried this?
Took a look at the laptop I was working on today with it. Found out it hadn't applied the latest updates, and it had the correct status and explanation both times I ran it.
Steve Gibson is a software guy, not a security specialist (obviously), he normally writes good programs/utilities.
-
@ambarishrh said in Major Intel CPU vulnerability:
@danp said in Major Intel CPU vulnerability:
Easily examine and understand any Windows system's hardware and software capability to
prevent Meltdown and Spectre attacks.Anyone tried this?
Yep. I have on a Dell R230 and R620. It correctly identified that the R230 was fully updated and as patched as possible, and that the R620 was still waiting for the microcode and bios update from Dell. Nice and easy for validation once you've applied your patches and updates.
-
Alot of really good content in this thread. I am thinking I should rename it to reflect updates on Spectre/Meltdown. Any ideas on renaming it?
-
@irj said in Major Intel CPU vulnerability:
Alot of really good content in this thread. I am thinking I should rename it to reflect updates on Spectre/Meltdown. Any ideas on renaming it?
Spectre & Meltdown
-
Ami correct, Intel isnt even going to release patch for the vast majority of the cpus they sold in the last 10 years? That is what i care about, the 'ancient' 2013 cpus i have in my server room that wont be getting patched. Not to mention the 4930k i have at home that is still faster than most of what they sell today, but wont be patched either.
-
@momurda said in Major Intel CPU vulnerability:
Ami correct, Intel isnt even going to release patch for the vast majority of the cpus they sold in the last 10 years? That is what i care about, the 'ancient' 2013 cpus i have in my server room that wont be getting patched. Not to mention the 4930k i have at home that is still faster than most of what they sell today, but wont be patched either.
I wouldn't hold my breath, this vulnerability has bolstered their future sales for any diehard Intel fans.
-
@momurda said in Major Intel CPU vulnerability:
Not to mention the 4930k i have at home that is still faster than most of what they sell today, but wont be patched either.
Well yeah... a $1,000 CPU you bought years ago would of course be better than a <$200 CPU you buy today.
If you spend $1000 on a CPU today, it'll be WAY better than your 4930k.
It doesn't make sense to patch CPUs based on their performance level...
-
@tim_g It was 500 dollars. Bought in 2013. Still not getting a fix, that is the problem. Dont give a fuck how fast it is. Same with the Xeons in the server room.
This is the largest chipmaker in the world, they wont even make out a fix for over 2/3 of their customers. This would be like GM having antilock brake problems for 15 years on all cars, and only giving recalls out to cars sold in the last 3 years. total bullshit. -
@momurda said in Major Intel CPU vulnerability:
@tim_g It was 500 dollars. Bought in 2013. Still not getting a fix, that is the problem. Dont give a fuck how fast it is. Same with the Xeons in the server room.
This is the largest chipmaker in the world, they wont even make out a fix for over 2/3 of their customers. This would be like GM having antilock brake problems for 15 years on all cars, and only giving recalls out to cars sold in the last 3 years. total bullshit.The car analogy sold me. With this type of vulnerability the safety is very similar to having a brake problem.
-
@momurda said in Major Intel CPU vulnerability:
@tim_g It was 500 dollars. Bought in 2013. Still not getting a fix, that is the problem. Dont give a fuck how fast it is. Same with the Xeons in the server room.
This is the largest chipmaker in the world, they wont even make out a fix for over 2/3 of their customers. This would be like GM having antilock brake problems for 15 years on all cars, and only giving recalls out to cars sold in the last 3 years. total bullshit.There are federal mandates on how long automakers must make recalls.
I don't think such a thing exists for things like this. Should their be? Oh hell yeah! But frankly I don't expect it to be more than 5 years (though 10 would be great).
It would be awesome to see federal law - if you make a computer based/software based widget, you must provide security related fixes for 10 years.
LOL - like that will ever happen.
