Security researchers are due to publish research on how an Intel chip flaw might be used for potentially malign purposes on Thursday. Both Joanna Rutkowska, of Blue Pill renown, and Loic Duflot have separately announced plans to release a research paper and proof of concept exploit code on how an Intel CPU caching vulnerability …
Chip goes malignant on Thursday, eh?
"Security researchers are due to publish research on how an Intel chip flaw might be used for potentially malign purposes on Thursday."
The chip will be used for malign purposes on Thursday? Does that mean we're safe if we just just shut off the affected equipment at 11:59 p.m. Wednesday and don't turn it on again until 00:01 a.m. Friday? ;)
Glad my new PC is AMD
Just built a new pc and am now more than happy I still stuck with AMD over all these years.
Interesting a mechanism designed to make the PC more secure through hardware would allow for a VERY malicious exploit. It reminds me of the times when the BIOS used to get attacked with viruses years ago. I thought those days were over... HAHAHA! yeah right, just joking!
Computers get more "advanced" and seem to just get more susceptible to attack, while their function to the user remains virtually unchanged: Open documents, web pages, multimedia, games (probably considered multimedia too), but for some reason we need an enormous OS and hardware to do it all now. Games may justify the hardware advancements, but the OS bloating with things the user would rather have as far away from their own computer if they knew what it all really did (for corporations and advertising agencies mainly). Linux excluded of course.
Mine's the one with, "WTF is my PC doing anyway??" on it.
So do tell
Which chips might be or are affected by this? Details Reg details.
Please allow me to be...
The first AMD Fanboi to pipe in... I'm glad i havent purchased a single Intel product in oh, 10 years now, ever since the first Athlon dropped... sounds like a good reason to keep right on using AMD's gear to me...
sparse on details
An explanation of what exactly this bug is would be nice.
But how to fix?
An ethical engineer would be more interested in how to fix a vulnerability than how to get their 5 minutes of cheap fame announcing that they were going to "research" how to exploit what is at this point a theoretical vulnerability. These folks are clearly more interested in getting published than actually accomplishing anything.
@AC - fame
The researchers can't fix it. Intel can. But as was noted, the flaw has been extant for years, apparently with no action on Intel's part.
So how do you suggest that they be more ethical, precisely, aside from shining a spotlight?
There's more at http://isc.sans.org/diary.html?storyid=6046 and even more on a PDF that the diary entry links to.
To summarise, the SMM code lives in a protected area of memory, but if you are already running at ring 0 you can trick the processor into thinking that this area of memory is cached and you can then prime the cache with your exploit prior to triggering an SMM interrupt.
It's cute, but if your system already has malware running at ring 0 then the ability of that malware to further conceal itself is the least of your worries.
That's my reading of it too - as the researchers say you essentially require admin access to a vulnerable machine to exploit this. However if this payload (in the form of a rootkit) was piggy-backed on some plain vanilla malware it could be very nasty.
The ability to conceal itself no-holds-barred is precisely the point: that after the regular malware is removed and the vulnerability patched the machine is still pWn3d.
Presumably if a fix is possible it will be a BIOS update for mainboards like the Intel DQ35 and, as this board will be the basis of many thousands of OEM machines, it is rather shocking that Intel haven't moved faster to fix it.
But what about mainboards based on the 965/945/915 chipsets? There's still plenty of those around - are they vulnerable too? And third-party chipsets?
Why oh why do *nix fanbois' go on about bloatware being an MS problem?
last time i installed lenny it was over a gig in size, installed 12 different text editors, 3 different GUI front ends, 4 different sound engines, 4 different programmers kits for everything from C to Java, and god knows what else.
bloatware is everywhere and linux is just as guilty as windows.
yes, you can prune linux down, but you can trim windows down too. as a standard install lenny installed more useless crap on my system than vista did. At least vista only gave me one of each application instead of 4 or 5.
Coat on back, runnin' like hell ;)