Hacker News new | past | comments | ask | show | jobs | submit login

I would truest the message "has been exploited" but not the message "has not been exploited". Who could state the latter with any sincerity? Intel could do state this only with confidence if they'd monitor every of their systems sold, which I sincerely hope is not the case. If you have vulnerable, critical systems you need to consider them being exploited. The bug was there for years and for all what we know at least state actors have been going to great lengths to exploit vulnerabilities they could get hold of.

That's correct. You can't prove a negative, so this is always true in the context of a potential breach.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact