tramp wrote:gimmeapill wrote:Because they are not exploitable by the same bad guys (or at least that we know so far)?
Hmm, first, the question is whom do you call to the "bad guy's" and later, as a fact, the attacks against port 16992 and 16993 been exploded since then.
To quote the Register, the world of bad guys divides between the "Spooks" and the "Crooks".
Protecting against the crooks already goes a long way - and this is the only sensible thing to do in the long run.
Protecting against the second kind has historically proven more tricky. ex: If you want to be protected from firmware level exploits, well, you should probably avoid most consumer grade hardware and operating systems in the first place.
And assuming this is even practically possible, you're probably not going to have a very enjoyable multimedia experience...
So, no matter how hard to swallow are the Meltdown and Spectre patches, there seems to be (for once) a consensus across the whole industry - everyone should get them, happy or not.
You can always choose tho disable completely or cherry pick in case of a proven performance impact.
There's a very good whitepaper by Red Hat in case anyone missed it:
Regarding port scanning on 16992 and 16993: you don't open those to the outside, do you?
So this is pretty much business as usual so far.
Things might however become hairy if OS level exploits against IME show up - but that is unfortunately the kind of exposure needed to have Intel actually take action...