The company hopes this will encourage researchers to uncover all the potential vulnerabilities in its chips so it can fix them before attackers find them.
A new paper from Princeton University and Nvidia researchers titled "MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols" has worked out yet more complex methods to use the vulnerabilities to extract some of the most sensitive user information on a system. Since then, researchers have found multiple Management Engine vulnerabilities as well as the recent Meltdown and Spectre flaws, two side-channel vulnerabilities. Its products should ultimately become more secure, however, and both its customers, both consumers and businesses, should be safer against attacks, too.
MeltdownPrime has yet to be used successfully against any real-world hardware, but SpectrePrime has been used to get at data on an Intel Core i7 CPU equipped MacBook.
Though Intel's stock has recovered following the fiasco, numerous commentators called out the company as well as Apple and AMD for a lack of transparency regarding how vulnerable their processors remain and the rumoured performance hits that may have resulted from patches.
Stocks Raising Investors Eye Brows: Lam Research Corporation (NASDAQ:LRCX)
Cowen & Co maintained Lam Research Corporation (NASDAQ:LRCX) on Thursday, December 10 with "Outperform" rating. (NASDAQ:FB). Lam Research Corporation (NASDAQ:LRCX) closed down -0.39 points or -0.23% at $172.56 with 2.83 mln shares exchanging hands.
Perhaps the biggest change: The programme is shifting from an invitation-only platform to general-access, whereby all security researchers signed up to the HackerOne platform will be eligible for rewards.
Meltdown and Spectre have been at the top of the cloud computing and enterprise data center priority list ever since Intel and a group of tech companies disclosed that design flaws dating back 20 years could expose nearly all the computers on the planet to so-called side-channel vulnerabilities. The award for disclosures under this is up to $250,000. In addition to the mentioned changes, Intel is also raising bounties across the board with awards of up to $100,000 for other areas. The more inclusive a program, the easier it will be for white hat hackers to participate and find vulnerabilities.
Intel wrote, "We will continue to evolve the program as needed to make it as effective as possible and to help us fulfill our security-first pledge".