Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Kaspersky To Demo Attack Code For Intel Chips

ScuttleMonkey posted more than 6 years ago | from the also-releasing-a-paint-by-number dept.

Security 303

snydeq writes "Kris Kaspersky will demonstrate how attackers can target flaws in Intel microprocessors to remotely attack a computer using JavaScript or TCP/IP packets, regardless of OS. The demo will be presented at the Hack In The Box Security Conference in Kuala Lumpur in October and will show how processor bugs can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler. The demonstrated attack will be made against fully patched computers running a range of OSes, including Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux, and BSD. An attack against a Mac is also a possibility."

cancel ×

303 comments

Sorry! There are no comments related to the filter you selected.

Heh... (5, Funny)

pushing-robot (1037830) | more than 6 years ago | (#24186435)

At least I know I'm safe because I run... Oh, crap.

Re:Heh... (5, Interesting)

hostyle (773991) | more than 6 years ago | (#24186561)

I wonder if running inside a VM could at all mitigate the attack.

Re:Heh... (5, Funny)

mweather (1089505) | more than 6 years ago | (#24186971)

Sure, if you run the host computer with an AMD chip. But that would be silly.

Re:Heh... (3, Funny)

mjs_ud (849782) | more than 6 years ago | (#24186565)

Time to pull the ethernet cable out. Would someone like to send me the slashdot articles via USPS? There aren't any potential problems with that solution are there? Wait...please send anthrax free too.

Re:Heh... (1, Funny)

Darkness404 (1287218) | more than 6 years ago | (#24186875)

There aren't any potential problems with that solution are there?

Except if you want them to arrive on time, have friendly support, sort through them getting lost in the mail and the rest of the joys that our government has imposed on us.

Re:Heh... (2, Funny)

mweather (1089505) | more than 6 years ago | (#24186991)

You haven't used UPS, FedEx or DHL recently, have you?

Re:Heh... (1)

negRo_slim (636783) | more than 6 years ago | (#24187005)

and the rest of the joys that our government has imposed on us.

Like .42 USD postage? I highly doubt if anyone but the government ran our postal system we'd see anything but higher rates.

Re:Heh... (0)

Darkness404 (1287218) | more than 6 years ago | (#24187099)

Like .42 USD postage? I highly doubt if anyone but the government ran our postal system we'd see anything but higher rates.

But we would have competition. And speedy service. And plus, with really expensive postage, people wouldn't make you mail much stuff anymore, and that is a plus.

Re:Heh... (2, Funny)

XnavxeMiyyep (782119) | more than 6 years ago | (#24187179)

We still do have competition. UPS, FedEx, etc. The government just supplies a cheap alternative that people elect to use.

Re:Heh... (5, Funny)

phorm (591458) | more than 6 years ago | (#24186661)

At least I know I'm safe because I run...

AMD?

Re:Heh... (2, Funny)

Anonymous Coward | more than 6 years ago | (#24186755)

Transmeta?

Via?

Sparc?

Re:Heh... (4, Funny)

Kamineko (851857) | more than 6 years ago | (#24186889)

Cut it out! No amount of magic spells are going to mitigate this damage!

Re:Heh... (1)

14erCleaner (745600) | more than 6 years ago | (#24187059)

MS-DOS 2.1.

Re:Heh... (4, Funny)

elrous0 (869638) | more than 6 years ago | (#24187073)

For the first time in a two years, I'm actually glad I went with AMD.

Re:Heh... (2, Funny)

Kamineko (851857) | more than 6 years ago | (#24186727)

An Amiga? :)

Re:Heh... (4, Interesting)

at_slashdot (674436) | more than 6 years ago | (#24186741)

At least I know I'm safe because I run... Oh, crap.

I'm sure AMD fans will make a point that they are protected in this case.

Re:Heh... (2, Funny)

cleatsupkeep (1132585) | more than 6 years ago | (#24186917)

At least I know I'm safe because I run... Oh, crap.

I'm sure AMD fans will make a point that they are protected in this case.

But on the flip side, they run AMD. :-).

Re:Heh... (4, Insightful)

g0bshiTe (596213) | more than 6 years ago | (#24187191)

Possibly, but as an AMD user myself I can't help but wonder if what can be done on Intel with this won't also open Pandora's box on AMD using the same or similar methods.

Re:Heh... (1)

brunokummel (664267) | more than 6 years ago | (#24187253)

At least I know I'm safe because I run... Oh, crap.

I'm sure AMD fans will make a point that they are protected in this case.

Well I'm an AMD fan I'm sure feel protected against his code, on the other hand I guess you are not as afraid as me from having a CPU meltdown in case the fan over my heatsink stops working....=)

Re:Heh... (0, Redundant)

sokoban (142301) | more than 6 years ago | (#24186939)

At least I know I'm safe because I run... Oh, crap.

Seeing that you post on Slashdot, I highly doubt that you run.

Or that you get laid on a regular basis, for that matter.

Re:Heh... (1)

Deadplant (212273) | more than 6 years ago | (#24186957)

I'm safe because I run each new browser session using a disposable PC on the moon. (i use a telescope and wireless keyboards)

Re:Heh... (5, Funny)

jimbolauski (882977) | more than 6 years ago | (#24187007)

My Chinese knockoff fentium processor will be safe.

That's Nothing, This November I'm Going To... (5, Funny)

ergo98 (9391) | more than 6 years ago | (#24186477)

...demonstrate how you can make a 1GW fusion reactor out of nothing but a sweaty gym sock and the corpse of a field mouse.

No, seriously. 100%. Cross my heart.

Re:That's Nothing, This November I'm Going To... (0, Offtopic)

ergo98 (9391) | more than 6 years ago | (#24186495)

Which I can do based upon my knowledge of how the catalytic converter in an 86 Ford Escort works.

You just wait.

Re:That's Nothing, This November I'm Going To... (5, Funny)

Thelasko (1196535) | more than 6 years ago | (#24186729)

I'd be more impressed if you demonstrated a working 86 Ford Escort.

Re:That's Nothing, This November I'm Going To... (1)

Gazzonyx (982402) | more than 6 years ago | (#24186911)

Does it have to have a roof? (true story!)

Re:That's Nothing, This November I'm Going To... (3, Funny)

Yvan256 (722131) | more than 6 years ago | (#24186603)

Macgyver is that you?

Re:That's Nothing, This November I'm Going To... (1, Funny)

Anonymous Coward | more than 6 years ago | (#24186699)

Show me this field mouse. What kind of 'field' was the mouse in? Define sweaty and also sock. Gym had better have a refined definition also. I trust you on the rest. No, really. 100%. Cross my heart.x

Re:That's Nothing, This November I'm Going To... (5, Interesting)

ergo98 (9391) | more than 6 years ago | (#24187045)

Okay, seriously -- based upon nothing but an overly bold claim featuring some massive technical faults, people are actually believing this? My post should be +5 insightful, not funny, because it really isn't intended to be funny.

Are people perhaps thinking this is Eugene Kaspersky or something? This guy is no relation to him.

Maybe, just maybe, someone really is going to sit on an epic, world shaking fault until an October security conference, but every bullshit detector is ringing as loudly as it can ring right now.

October will roll around and some guy will demonstrate some edge condition non-issue and say "Oh, did they misinterpret and overstate? Those bastards!"

Re:That's Nothing, This November I'm Going To... (1)

elrous0 (869638) | more than 6 years ago | (#24187101)

We're going to need a bigger mouse.

Re:That's Nothing, This November I'm Going To... (1)

Kamineko (851857) | more than 6 years ago | (#24187115)

You're still 210 megawatts short though.

Re:That's Nothing, This November I'm Going To... (1)

Hordeking (1237940) | more than 6 years ago | (#24187307)

You're still 210 megawatts short though.

So, when do we go back to the future?

GNU Hurd Wins Again (4, Funny)

y86 (111726) | more than 6 years ago | (#24186485)

It's OK I run hurd.

Re:GNU Hurd Wins Again (3, Funny)

jamieswith (682838) | more than 6 years ago | (#24186607)

Yeah, you have nothing to worry about - not even the virus writers make programs for hurd!

Plan 9 baby (3, Funny)

Bananatree3 (872975) | more than 6 years ago | (#24186705)

I run Hurd through an emulator on a Plan 9 box. hack that!

Masochist (1)

pxc (938367) | more than 6 years ago | (#24186753)

That's a lot of work. If you were smart like me, you would have done what I did and saved that time by building an x86 clone in your mom's garage!

java: write once... (3, Funny)

Anonymous Coward | more than 6 years ago | (#24186523)

...hack everywhere

I WIN (0)

Anonymous Coward | more than 6 years ago | (#24186547)

I don't have an OS installed on my computer.

Nyah nyah.

Don't worry. . . (2, Funny)

Zenaku (821866) | more than 6 years ago | (#24186557)

I'm sure Intel will release a patch. ;)

They may (5, Informative)

Sycraft-fu (314770) | more than 6 years ago | (#24186611)

Their new processors can have their microcode updated, and indeed they do update it with BIOS updates. Dunno if people would bother to update their BIOS to patch it, but yes Intel processors can be patched in the field.

Re:They may (4, Informative)

Gazzonyx (982402) | more than 6 years ago | (#24186805)

Yeah, most Linux distros have a microcode update service, although it has to be enabled in the kernel at compilation time, IIRC.

Re:They may (4, Insightful)

slimjim8094 (941042) | more than 6 years ago | (#24186817)

If this can consistently crash my computer regardless of OS or browser, I'd sure as hell update my BIOS.

This is a big deal.

Re:They may (2, Funny)

hostyle (773991) | more than 6 years ago | (#24186979)

If this can consistently crash my computer regardless of OS or browser, I'd sure as hell update my BIOS.

This is a big deal.

I guess they'll be calling it the Ron Burgundy exploit.

Re:They may (2, Interesting)

arodland (127775) | more than 6 years ago | (#24186833)

They also do volatile microcode loading IIRC, so you could deliver an OS "driver" that runs early at boot and closes the window... provided the flaw is within the realm of microcode patching anyway.

Re:They may (3, Interesting)

peas_n_carrots (1025360) | more than 6 years ago | (#24186963)

Microcode patches can't fix every type of CPU errata. In some cases a microcode patch might cripple the CPUs performance so badly as to make the fix impractical.

Re:They may (1)

nih (411096) | more than 6 years ago | (#24187121)

but yes Intel processors can be patched in the field

get orf moi field!

Not totally a pipe dream? (1)

rewt66 (738525) | more than 6 years ago | (#24186663)

Don't Intel processors contain a flash area? And, if so, what can it be used for? Can it be used in some way to fix or bypass this?

Re:Not totally a pipe dream? (1)

trb (8509) | more than 6 years ago | (#24186853)

Don't Intel processors contain a flash area? And, if so, what can it be used for? Can it be used in some way to fix or bypass this?

If the processor has a flash area that can be used to patch processor bugs, I imagine that a crafty black hat could put bugs in there too.

Re:Don't worry. . . (4, Funny)

ymail.com (1311471) | more than 6 years ago | (#24186855)

If Intel doesn't release that hardware patch, it's time to go play in another Sandbox.

Or else go back to 1999 where Pentium III machines with Intel's processor ID enabled in CMOS enable shoppers to have an "enhanced online experience" while they run IE 4.01 from Windows machines that aren't behind a firewall ... to safely prove who they are to websites.

Re:Don't worry. . . (1, Interesting)

Anonymous Coward | more than 6 years ago | (#24186959)

Go ahead, laugh. But you *can* make changes to the bios which can mediate some of the bugs, and you *can* make software changes to the writable control store [wikipedia.org] that either intercepts or works around the various eratta.

Java or Javascript? (4, Insightful)

Yvan256 (722131) | more than 6 years ago | (#24186577)

... remotely attack a computer using JavaScript or TCP/IP packets ... can be exploited using certain instruction sequences and a knowledge of how Java compilers work

So is it Java or Javascript? Either the summary is wrong or this guy doesn't even know the difference between the two.

Re:Java or Javascript? (3, Funny)

xzaph (1157805) | more than 6 years ago | (#24186617)

Obviously, it's Javascript implemented in Java.

Re:Java or Javascript? (0)

Anonymous Coward | more than 6 years ago | (#24186667)

Obviously, it's Javascript implemented in Java.

But why would you abuse the Java compiler then? wouldn't you exploit the Javascript interpreter?

Re:Java or Javascript? (0)

caffeinemessiah (918089) | more than 6 years ago | (#24186679)

So is it Java or Javascript? Either the summary is wrong or this guy doesn't even know the difference between the two.

knowledge of how Java compilers work != will be exploiting a Java compiler flaw

There may be (probably are) methodological similarities between Java compilers and JavaScript interpreters that make them both vulnerable to this attack.

Re:Java or Javascript? (4, Informative)

MindStalker (22827) | more than 6 years ago | (#24186757)

The official conference website says the same thing
http://conference.hackinthebox.org/hitbsecconf2008kl/?page_id=214 [hackinthebox.org]

Reading the conference website sounds like he is saying the can crash computers through forced tight loops via multiple languages, javascript, java, even TCP/IP

Huh? (3, Insightful)

antifoidulus (807088) | more than 6 years ago | (#24186583)

will show how processor bugs can be exploited using certain instruction sequences and a knowledge of how Java compilers work

Huh? Javascript != Java!!!!

Re:Huh? (1)

0xygen (595606) | more than 6 years ago | (#24186747)

There are a couple of JavaScript compilers which target the JVM, eg Mozilla's Rhino. It is quite a common way of compiling for a cross platform target.

Re:Huh? (0)

Anonymous Coward | more than 6 years ago | (#24186797)

Which is what will make his achievement all the more impressive, I'm sure. What's more impressive, an Einstein discovering the theory of relativity or a Cletus managing to clean out Fort Knox without even a mild understanding of the security measures involved?

Randomize Something? (2, Insightful)

bill_mcgonigle (4333) | more than 6 years ago | (#24186593)

a knowledge of how Java compilers work

Hrm, seems like he's counting on things happening in a certain sequence. So, perhaps a JVM could do more stuff in an unpredictable order? Perhaps using an SSA representation and context switching threads? Yeah, slightly more expensive, but let Firefox turn it on for me when I'm running untrusted code.

Re:Randomize Something? (0)

Anonymous Coward | more than 6 years ago | (#24186861)

Yeah, why fix the root issue with the CPU itself when you can do something stupid like that.

We just need a CPU Patch!! (1)

postbigbang (761081) | more than 6 years ago | (#24186597)

No... wait....

Re:We just need a CPU Patch!! (1)

slimjim8094 (941042) | more than 6 years ago | (#24186793)

Exactly. There's absolutely no way that a processor could ever be made to be updated. It's not like those X86 instructions are implemented in code or anything. Hah. What would they call that, microcode or something? Completely stupid. :P

Re:We just need a CPU Patch!! (1)

postbigbang (761081) | more than 6 years ago | (#24186881)

Does this mean we need to buy VIA and AMD? And maybe their STOCK???? How embarrassing for Intel. How maniacal for the rest of us that now need to patch most things we've bought in the past few years. Perhaps buying a G4 Mac was a good idea after all.....

That's it... (4, Funny)

Thelasko (1196535) | more than 6 years ago | (#24186631)

no amount of tinfoil can protect me from this exploit. Only one thing left to do...

*unplugs ethernet adapter*
[NO CARRIER]

Re:That's it... (1)

corsec67 (627446) | more than 6 years ago | (#24187155)

I think I have your cable right here [flickr.com] .
I hope your computer is all right.

Re:That's it... (2, Funny)

ColdWetDog (752185) | more than 6 years ago | (#24187227)

*unplugs ethernet adapter*
[NO CARRIER]

Hate to break the news to you, but that "ethernet" cable you unplugged was a phone cord leading to a modem. And you thought you had broadband ...

But you can't hear me now, can you?

Publicly available? (3, Funny)

AlHunt (982887) | more than 6 years ago | (#24186637)

"I'm going to show real working code...and make it publicly available," Kaspersky said,

Indeed. And are you going to make patches publicly available for all the hardware and operating systems in the world, too?

Re:Publicly available? (3, Informative)

pclminion (145572) | more than 6 years ago | (#24186989)

I see, so your argument is that if it can't be fixed by the discoverer, they should keep it obscure. That way, there is no incentive for the vendor to solve the problem since they don't even know about it. Thus, leaving the door open for other nasty people to discover it and exploit it with nobody aware it is even possible. Good plan you got there.

Re:Publicly available? (4, Insightful)

AlHunt (982887) | more than 6 years ago | (#24187097)

>I see, so your argument is that if it can't be fixed by the discoverer,
> they should keep it obscure.

Yeah, we could have the oft-heard chicken or egg debate. But we both know where it would end up. One side would say "disclose everything right away" and the other side would say "give the vendors a chance to fix it first". See how much time we just saved?

Speculative (0)

MouseR (3264) | more than 6 years ago | (#24186647)

An attack against a Mac is also a possibility

That's a bit of a conjecture isn't it? Can we at least have a demonstration?

Re:Speculative (-1, Troll)

Anonymous Coward | more than 6 years ago | (#24186719)

Give it up fanboy. It's just BSD, boo hooo.

Re:Speculative (4, Informative)

Anonymous Coward | more than 6 years ago | (#24186811)

An attack against a Mac is also a possibility

That's a bit of a conjecture isn't it? Can we at least have a demonstration?

OMFG! From the summary:

Attack Code For Intel Chips ... regardless of OS

Re:Speculative (1)

peas_n_carrots (1025360) | more than 6 years ago | (#24186891)

The article states the vulnerability is at the CPU level and can be exploited on any OS. Are you claiming Mac OSX isn't an OS?

Re:Speculative (1)

MouseR (3264) | more than 6 years ago | (#24187053)

Nope. But I'm saying every OS use the chip differently. For example, Windows apps share the same memory space (well, far pointers do anyhow). So this does affect what a CPU-level attack could do. That and other issues I'm sure.

So, saying a specific CPU attack could also affect another system is speculative. I'm willing to concede there's a risk but simply FUDding the issue around is just not constructive.

Re:Speculative (2, Informative)

cnettel (836611) | more than 6 years ago | (#24187235)

Nope. But I'm saying every OS use the chip differently. For example, Windows apps share the same memory space (well, far pointers do anyhow). So this does affect what a CPU-level attack could do. That and other issues I'm sure.

Win 3.1 called and wants it memory model(s) back. Win32 has a 32-bit flat memory space (or 64-bit on x64), all pointers are the same size, segments do not matter and each process has a local space. Some pages might be shared, of course, but that's done through memory mapping, like in (mostly) any other OS. WinCE has/had some interesting slots, though.

Re:Speculative (1)

hexhacker (599187) | more than 6 years ago | (#24186899)

Not this mac... it's a G5.  And my other box is SPARC. =)

Re:Speculative (1)

MouseR (3264) | more than 6 years ago | (#24187075)

You cheat!
But it was implied it was about Mac OS X on Intel Macs.

Re:Speculative (1)

mrsteveman1 (1010381) | more than 6 years ago | (#24187147)

Yea, well MY other box is in moms basement. It is totally immune to your "real world" problems.

SPARC machines running Solaris are safe! (1, Funny)

Anonymous Coward | more than 6 years ago | (#24186665)

That's right. Another pro for Sun machines.

Wait as second... (2, Funny)

djsath (1014027) | more than 6 years ago | (#24186687)

I thought it was the year of the Linux desktop

Quote (3, Insightful)

kellyb9 (954229) | more than 6 years ago | (#24186767)

... Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux, and BSD. An attack against a Mac is also a possibility.

Why don't they just say... "any computer that has an Intel chip?".. shock value I guess.

Re:Quote (0)

Anonymous Coward | more than 6 years ago | (#24187013)

Why don't they just say... "any computer that has an Intel chip?"

Because that wouldn't continue the incorrect perception that Mac's are immune to a virus.

Re:Quote (2, Informative)

krgallagher (743575) | more than 6 years ago | (#24187039)

What about a Sun workstation [sun.com] ?

Which ones? (5, Interesting)

Taibhsear (1286214) | more than 6 years ago | (#24186771)

Do we have a list of the processors affected by this? Or is this issue in ALL Intel processors?

Im sure his Anti Virus will stop it :) (2, Funny)

Jackie_Chan_Fan (730745) | more than 6 years ago | (#24186773)

And slow windows to a crawl.

filter (1)

TheSHAD0W (258774) | more than 6 years ago | (#24186807)

I wonder if these exploits can be prevented using a filter in the compiler?

It must depend some on the OS (5, Informative)

jd (1658) | more than 6 years ago | (#24186809)

For starters, OS' running on either virtual or simulated processors rather than physical ones won't necessarily use the physical instructions that have the vulnerabilities, no matter what the physical processor that the OS is technically using. (If I run Linux under ArcEm, and run ArcEm on an Intel processor, unless ArcEm itself uses the broken instructions, I cannot see how an attacker can reach the Intel processor from the Linux environment for the attack to take place. This is important because the composite environment is nothing more than a really heavy, multi-layer OS as far as the applications are concerned, and this attack is supposedly independent of OS.)

If it's via Java, then it must also depend some on the implementation. I doubt that IBM's java engine uses the same calls to the processor as Sun's, which means that there is further abstraction that the claim has to somehow deal with.

Now, on the opposite side of the argument, there's the issue of what happens if the claim is justified. If this is a remote exploit that is truly OS-independent, then it is a remote exploit that can hit OpenBSD, Trusted Solaris, and other secure OS'. These are OS' used for commercially-sensitive work and classified work. If they are potentially vulnerable to attack, that could seriously impact a lot of organizations that, well, really aren't going to like it. In the event of a conflict flaring up between Intel and the US Marines, we may see them moving the bombing practice areas for their aircraft into the North American mainland after all.

Re:It must depend some on the OS (5, Informative)

the_brobdingnagian (917699) | more than 6 years ago | (#24187095)

Now that you mention OpenBSD, I recall an email from Theo de Raadt (2007-06-27 17:08:16 - source [marc.info] ):

Note that some errata like AI65, AI79, AI43, AI39, AI90, AI99 scare the hell out of us. Some of these are things that cannot be fixed in running code, and some are things that every operating system will do until about mid-2008, because that is how the MMU has always been managed on all generations of Intel/AMD/whoeverelse hardware. Now Intel is telling people to manage the MMU's TLB flushes in a new and different way. Yet even if we do so, some of the errata listed are unaffected by doing so.
As I said before, hiding in this list are 20-30 bugs that cannot be worked around by operating systems, and will be potentially exploitable. I would bet a lot of money that at least 2-3 of them are.

And from TFA:

"It's possible to fix most of the bugs, and Intel provides workarounds to the major BIOS vendors," Kaspersky said, referring to the code that controls the most basic functions of a PC. "However, not every vendor uses it and some bugs have no workarounds."

Sounds like the the same issues to me.

Bombing practice areas for their aircraft:? (0)

Anonymous Coward | more than 6 years ago | (#24187213)

Will DemocRATS be the target?

From a secure, undisclised bunker in Paraguay,
Kilgore Trout

Oh noes (0, Offtopic)

wumpus188 (657540) | more than 6 years ago | (#24186823)

JavaScript can has Java compiler?

Re:Oh noes (1)

ypctx (1324269) | more than 6 years ago | (#24187131)

While I can imagine a can full of JavaScript, what I don't understand is, what use would have a Java compiler inside such a can.

Patch this! (0)

Anonymous Coward | more than 6 years ago | (#24186837)

Does that mean you can patch your Java compiler?

you say tomato... (4, Insightful)

DragonTHC (208439) | more than 6 years ago | (#24186901)

They call it a flaw, while I call it a backdoor.

I'm very surprised (1)

dmcq (809030) | more than 6 years ago | (#24186941)

Having been involved in compiler work I'm very surprised. I've had to code round some processor faults (and very annoying they are to diagnose too) but I would never have expected that what went out could be subject to attacks like this.

Foiled Again (0)

Anonymous Coward | more than 6 years ago | (#24186949)

Now I have to wrap the whole house in aluminum foil!!

take control of the compiler? (1)

ypctx (1324269) | more than 6 years ago | (#24187031)

... how Java compilers work, allowing an attacker to take control of the compiler ...

Now I know why javac stole my vacation pictures. It was driven by an attacker!

This exploit is extremely limited in scope... (2, Informative)

BUL2294 (1081735) | more than 6 years ago | (#24187117)

...unless there is CPU errata that Intel hasn't fixed for years. We've got the chicken-little "the sky is falling" reaction going on here but (unless I'm seriously misguided) Intel fixes their errata.

My personal view is that such malware may only be able to take over a very small percentage of systems out there. The scope may be limited to something as (relatively) rare as an Intel Core 2 CPU within a specific FSB range and specific stepping. Throwing all those factors together, I doubt any such errata would encompass more than 10% of the PCs out there. Considering how many different variations of CPUs are out there--Intel/AMD/Via, Pentium-D/Core 2/Xeon/Pentium-M/Pentium 4, FSB differences, stepping, etc.; such malware might be extremely dangerous for a very small subset of Internet-connected PCs.

Now, if a malware author knows of a CPU bug that Intel/AMD does not know about, then this could be extremely serious, encompassing multiple generations of CPUs...

hitb presentation link (1)

bkoehler (784923) | more than 6 years ago | (#24187335)

http://conference.hitb.org/hitbsecconf2008kl/?page_id=214 [hitb.org] - Remote Code Execution Through Intel CPU Bugs

After I RTFA I found the hitb.org abstract; better than Inforworld, but still not too informative.

i've read a number of story summaries in my time (3, Informative)

circletimessquare (444983) | more than 6 years ago | (#24187349)

and this one ranks among the hallowed few best described as "excuse me, i just crapped my pants"

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>