feature article
Subscribe Now

Profiteering from Spectre and Meltdown

The 'Panic Yields Profits' Postulate

OK, I’ve got to say something. Within the past week, I’ve seen numerous examples of companies trying to profiteer from the panic surrounding Spectre and Meltdown – and generating even more panic in the process. In my view, this is unethical and irresponsible. As engineers, this kind of corporate behavior damages public trust in our profession, in our work, and in us personally. We have to do all we can to correct and defuse this kind of damaging behavior.

Let’s think about a couple of examples. This week, Office Depot sent out an email to their list, with the subject line “PROTECT Your Devices from Meltdown and Spectre.”

OK, Office Depot, that sounds serious. Tell us more.

The nicely-formatted HTML email continues with an image of a hooded figure in a room full of monitors.

Editor’s note 1:  When black-hat hackers are doing their work, do they always wear hoodies and light the room only in blue LEDs, with the light coming from below to give them that particularly menacing flashlight-under-the-chin telling scary stories around the campfire vibe? They should.

Anyway, the headline over the scary image is “Are You at Risk? Don’t worry, we’ve got you covered.”

Editor’s note 2: No, they do not “have you covered.” More about that later.

The copy continues “Recently identified security vulnerabilities have allowed hackers to easily attack PCs, phones, cloud providers, and other devices…”

Editor’s note 3: No, they haven’t. I’m gonna speculate that at this point no hacker has exploited Spectre or Meltdown. Ever. Further, they certainly could not do it “easily.” The experts who discovered these vulnerabilities in the lab certainly never implied that it was easy. As far as we can tell, these vulnerabilities went undiscovered in just about every computer on earth for over 2 decades, despite relentless attacking by countless brilliant hackers. “Easily?” Nope.

“…These security flaws, known as Meltdown and Spectre, may allow malicious programs to access your information that you think is inaccessible. Don’t worry. Office Depot Office Max is here to help!”

Editor’s note 4: “ARE here to help”

“Bring your devices to any Office Depot Office Max and let our Tech Experts help protect your devices” [SIC]

Editor’s note 5: Just don’t let our Grammar Experts near your sentences.

The email goes on to offer various services – a “FREE Computer Diagnostic,” a $79.99 Premium PC Tune Up,” and a $119.99 (regular $199.97) MAXIMUM PROTECTION option.

Editor’s note 6: As everyone reading this probably knows: none of these services will tell you if Spectre or Meltdown has been used on your computer. None of them will prevent Spectre or Meltdown from attacking your computer in the future. In fact, none of these services will do anything whatsoever about Spectre or Meltdown – with the slight possible exception of giving you back some of the performance you may have lost when you updated your OS with the free patch that DID give you some protection against Spectre and Meltdown.

The email concludes with, “Don’t let these threats hijack your New Year – Office Depot and Office Max has you covered.”

Editor’s note 7: (sigh)

Another example falls more in the realm of “creative PR” than the Office Depot “let’s profit by throwing gasoline onto a public panic fire.” An editor briefing request came out from a company called “Condusiv Technologies.” Condusiv sells IO reduction software that is designed to improve the performance of PCs. They’ve been around awhile, and they make some fairly heady claims about the speedups a normal PC can realize from IO reduction.

The editor briefing request, however, carried the headline “Expert Says Intel Chip Flaw Fallout Overstated, Simple Solution Exists.” OK, not bad. Definitely not Office Depoting the public panic level. Simple Solutions are nice. What is yours, Condusiv?

It turns out the “simple solution” to Spectre and Meltdown is this: “Condusiv software is a safe, simple and effective solution to overcoming the inevitable performance degradation due to the chip flaws. The software can improve the performance of Windows computers by 50% or more.”

Editor’s note 8: So Condusiv actually does nothing to stop Spectre or Meltdown. It isn’t a “simple solution” – or any kind of solution at all. The OS patches handle that. Condusiv just tries to speed up your PC – regardless of Spectre, Meltdown, or the OS patch. The only connection is that the patch may happen to hurt your performance, so Condusiv wants to sell you some of it back. Of course, the kind of performance they’re trying to sell is completely unrelated to the kind you lose with the OS patch, but the public (and technology editors, apparently) don’t need to be burdened with that level of honesty.

We are living in an age where a large segment of our population is heavily dependent upon and engaged with technology they do not understand. As the creators of that technology, we bear some responsibility for the public trust. When businesses profiteer on engineering flaws and cause or inflame public panic in the process, everyone loses. The public loses confidence in technology, and the deliberate spread of misinformation causes needless stress, wastes time and money, and harms the reputations of all involved.

We should not stand by and let this kind of behavior pass.

 

Leave a Reply

featured blogs
Jun 18, 2021
It's a short week here at Cadence CFD as we celebrate the Juneteenth holiday today. But CFD doesn't take time off as evidenced by the latest round-up of CFD news. There are several really... [[ Click on the title to access the full blog on the Cadence Community sit...
Jun 17, 2021
Learn how cloud-based SoC design and functional verification systems such as ZeBu Cloud accelerate networking SoC readiness across both hardware & software. The post The Quest for the Most Advanced Networking SoC: Achieving Breakthrough Verification Efficiency with Clou...
Jun 17, 2021
In today’s blog episode, we would like to introduce our newest White Paper: “System and Component qualifications of VPX solutions, Create a novel, low-cost, easy to build, high reliability test platform for VPX modules“. Over the past year, Samtec has worked...
Jun 14, 2021
By John Ferguson, Omar ElSewefy, Nermeen Hossam, Basma Serry We're all fascinated by light. Light… The post Shining a light on silicon photonics verification appeared first on Design with Calibre....

featured video

Kyocera Super Resolution Printer with ARC EV Vision IP

Sponsored by Synopsys

See the amazing image processing features that Kyocera’s TASKalfa 3554ci brings to their customers.

Click here for more information about DesignWare ARC EV Processors for Embedded Vision

featured paper

Make wearable and IOT audio effortless with a plug'n'play class D amplifier

Sponsored by Maxim Integrated

A power-hungry display is not the most efficient medium for interfacing with battery-powered portable, wearable, and IoT devices. For this reason, low-power audio is fast becoming a more popular alternative. In this design solution, Maxim Integrated reviews the class D digital audio amplifier and discusses the constraints of some current solutions before presenting a cleverly packaged IC that requires minimal configuration to quickly bring high-quality audio to these applications.

Click to read more

featured chalk talk

ROHM's KX132-1211 & KX134-1211 Accelerometers

Sponsored by Mouser Electronics and ROHM Semiconductor

Machine health monitoring is a key benefit in the Industry 4.0 revolution. Integrating data from sensors for vibration detection, motion detection, angle measurement and more can give a remarkably accurate picture of machine health, and timely warning of impending failure. In this episode of Chalk Talk, Amelia Dalton chats with Alex Chernyakov of ROHM Semiconductor about the key considerations in machine health monitoring, and how a new line of accelerometers for industrial applications can help.

Click here for more information about Kionix / ROHM Semiconductor KX134 & KX132 Tri-axis Digital Accelerometers