Intel has fixed a pair of flaws in its chips ahead of a planned demonstration of remote attacks on them by security researcher Kris Kaspersky. Kaspersky – no relation to the Russian security firm – was due to demonstrate the findings of his CPU malware research at the Hack in the Box conference Malaysia in October, in a …
The power of press
While AMD was given all that hell over their infamous TLB bug, zero consequences for Intel.
Place your Bets
"It also casts Intel's denials of a warning by Theo de Raadt that flaws in the Core 2 architecture could be exploited in a new light. " ...... suggesting that they are even more serious than they originally discovered/thought/were told?
Yes, I Think so whenever you can compromise the CPU right through to ITs Cores. Seems like the only way to Solve that is to Parachute in Crack Code Special Forces and/or Pay the Hack whatever IT Needs ....... for Further XXXXPloration of what would be Myriad Possibilities/Vulnerabilities/Opportunities.
And if the Truth be Told, that would be the Cheapest Option by a Very Long Way. Anything Else has the Possibility, and I would even Share the More Definite Probability, of Costing an Absolute Fortune. And if the Truth be further told, that would not even be a Cost, it would be an Astute Investment that would make Absolute Fortunes.
Good for Intel (sort of)
It's nice that Intel has gotten around to fixing vulnerabilities in their chips (after being shown the light), but it still seems that all of the ga-zillion existing Intel chips out there are still vulnerable. This looks like a hard-coded flaw to me, not something that could be patched by a BIOS update, for example. I don't suppose Intel will do much about that unless forced. (not that I really blame them, as a recall would make the Sony battery fiasco look like small potatoes in comparison)
a balanced response by Intel
This seems sensible and pragmatic, just wish I was as clever as KK and could earn squillions by promising not to reveal flaws / exploits that I had discovered ;-)
PH is flawed and has revealed, did she earn squillions?
I really, really wish to see this über-exploit code, but it seems Intel just paid off KK's silence. Bad.
By knowing how these compilers will react to certain bits of code, it is theoretically possible to exploit bugs at the hardware level.
OS and Browser vendors work around bugs all the time
There is no executable code in a TCP/IP packet. This is pure simple fact. The code becomes executable by exploiting code that processes and propagates the packets. Therefore any of these bugs are obviously patchable within the TCP/IP stack. So forget that angle of attack. The operating system vendors should be made aware of the problem of course though.
Let me also point out that taking advantage of JIT compilers can be used to compromise processors without bugs as well.
So, would someone please tell me how this is an issue?
Nonsense. There are plenty of language implementations that are pure interpreters. They may tokenize source as they parse it, and then operate on the token stream; but the only machine code that's executed is that of the interpreter itself.
CPUs only execute machine code, but it is possible, indeed common, to build programming-language implementations that don't execute directly on the CPU.
And nothing in the ECMAScript standard demands that it be JIT-compiled.
So they've patched the remotely exploitable issues
That was bound to happen eventually...
So I'm more concerned about the claim that the CPU is causing damage to the hard drives. I can't say I'm surprised that something was found to be screwing up harddrives - although I'll admit to being surprised it is the CPU.
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
- Pic 7 AMAZING experiments set for Mars Rover 2020 – including oxygen generation
- Worstall on Wednesday YES, iPhones ARE getting slower with each new release of iOS
- Plug and PREY: Hackers reprogram USB drives to silently infect PCs