Intel left a fascinating security flaw in its chips for 16 years – here's how to exploit it A design flaw in Intel's processors can be exploited to install malware beneath operating systems and antivirus – making it tough to detect and remove. "It's a forgotten patch to a forgotten problem, but opens up an incredible vulnerability," said Christopher Domas, a security researcher with the Battelle Memorial Institute, …
"Thanks for this interesting description of an interesting problem!"
Don't you mean "super-interesting" like in the article? I'm not sure if thats the Ring 0 to "very interesting"'s Ring 3 or perhaps its just another silly americanism that grates on the ears. I suppose Ring -1 would be "Awesome interesting".
Errata started in 1995 eh? Wasn't that about the time the NSA quit fighting against allowing the proles in the US (see harassment of Zimmerman) to use strong open public key encryption (as opposed to pushing the Clipper chip fail they came up with)? Guess we now know why.
And then he recognized the profile. I wonder what this means, he asked himself. Strangest thing I've ever seen. Most things in life eventually can be explained. But - Joe Chip on a fifty-cent piece?
It was the first Joe Chip money he had ever seen.
He had an intuition, chillingly, that if he searched his pockets, and his billfold, he would find more.
This was just the beginning.
There have been a few debates on El Reg over the years, where the *real* nerds have pointed out that all the FOSS in the world can be compromised if the compilers are hooky.
At which point I (and others) have logically progressed that argument and pointed out that it's no good having faith in a compiler you wrote if you are then going to run it on a chip whose architecture and firmware you hadn't had control off. To a general air of "when has a chip ever had a bug ?".
Stories like this demonstrate that you really need to draw an arbitrary line beyond which you are forced to accept you can't ensure 100% security.
True, but at least Linux will run on open architectures like OpenRISC, a platform that Windows will probably never colonise. So the truth is that, while there is a limit to how much we control, we control a damn sight more than any Windows user can hope for.
We know about this flaw now, and so it's theoretically possible to guard against the possibility of exploits where possible or to replace the aging boxes affected by the flaw.
There is no complete guarantee.
No, there isn't, but the fact remains there's a greater guarantee here than on other OSes.
The only true guarantee is to go and build it yourself. For most of us though, we're willing to take a RISC.
"We know about this flaw now,"
Yes we know about it. We also know how drugs get into prisons, yet every day prisoners around the world get stoned.
Security is like virginity and balloons: one prick and it's gone. One little vector is all you need.
Sure Windows has more vectors, and they're likely easier to attack, but basically we have a situation that you just have to assume anyone can get to anything they want to.
Not much different to the physical world really. Locks can be picked, cops can be bribed. Blackmail and threats will get a sufficiently determined and resourced person anything they want.
Security is like virginity and balloons: one prick and it's gone
A sophomoric reducto ad absurdam. No one who actually studies security in any serious way would make such a statement.
Security is not a binary condition. It's a measure of relative costs under a threat model.
"True, but at least Linux will run on open architectures like OpenRISC, a platform that Windows will probably never colonise."
Only because there is no demand for it. OpenRISC doesn't really protect you from anything as there are so many other hardware and software dependencies involved.
Windows already supports Arm, IA-32 and x64 which are by far the largest current market segments. And Windows has previously supported Alpha, MIPS, Itanium and PowerPC, so additional processor support is not a problem if there was a need for it...
@Vogon:
Considering the slippery slope MS has decided to start down, and the state of ALPHA MS when it was dropped, I wouldn't expect that MS will get much past putting Windows on more than one or two Arm processors. Far too many proprietary tweaks in those. I'll admit NT/2k on alpha smoked like little else I've seen run under the windows 'brella, but as it was, there was bugger all beyond the OS you could run there other than highly proprietary code (was used in OTA payment transfers app, in house software, one off case). And, yes, MS got windows running on MIPs, sadly in every case I saw, it ran off cliffs with astonishing regularity.
The problem with Windows NT on "other platfoms" is a tale of two cities.
One is the NT OS (ancestry being VMS and Multics) - which is incredibly solid, has permission models which Unix can only dream of and runs just fine on other architectures
The other is the GUI layer, which is a tangled clusterfuck combined with a sucking quagmire and throws virtually all the finer points of the OS permissions out the window.
The fact that Microsoft tied the two together so indivisibly means that the entire mess is best avoided.
This post has been deleted by its author
"Windows already supports Arm, IA-32 and x64 which are by far the largest current market segments. And Windows has previously supported Alpha, MIPS, Itanium and PowerPC, so additional processor support is not a problem if there was a need for it..."
That's a rather rosy viewpoint to take of Windows cross-architecture support. Windows supports x86 and x86_64, yes. Support for anything else has to be qualified, and a lot of it was never very useful.
Windows has had some kind of ARM support for years. It's biggest success in this area was Windows CE/Windows Pocket PC. Of course Windows CE and company wasn't really the same operating system as Windows on the desktop. It had its own set of software and not much in common other than a standard approach to the UI. It fell into obscurity with the rise of the touch UI and the operating systems that relied on that scheme for mobile devices.
Now Windows supports ARM in a different way. It's approach this time is similar to that of Android to run common software on multiple architectures with a virtual machine or something like one. Of course that approach has its limits, but it has its advantages as well. The problem for Windows here is that there is not a lot of software that runs that way. Most of the applications for Windows, especially the popular ones, only run on X86 variants. Windows has ARM support, but not for the programs people think of when they think of Windows.
Windows used to have Apha, MIPS, and PowerPC support back in the late nineties. However, not that many apps were ever released for those architectures (and almost all of the few that did were server applications), and Microsoft ended support. Again, the Windows applications for x86 wouldn't run on those systems. A similar situation existed for Itanium later on.
So yes, Windows has nominally supported a number of architectures at different times, but none of them have had the applications available to make Windows a real success. At this point Windows has basically been stuck with x86 based architectures. Theoretically, if x86 based architectures were to be cancelled, then application vendors would port their applications to whatever Windows moved to. However, that is not likely to happen.
Of course open source software tends to adjust to different architectures more easily. Most Linux applications have been compiled for a number of architectures because they are open source. This makes is so Linux has been ready for ARM, MIPS, Power, or Itanium, etc. desktops and servers for a while.
However, this doesn't make Linux (as in GNU/Linux, the operating system) ideal for mobile devices. Right now, Android and iOS are the successes there. Will convergence ever actually happen (with Windows RT/Modern UI, Ubuntu Snappy, Android, or whatever)? I'm not sure. There are many issues to be dealt with. It seems to me that you would need to have either two sets of applications that ran on the same base, one for mobile interfaces and one for desktop interfaces, or you would need to have one set of applications that had dual interface modes.
" .... To a general air of "when has a chip ever had a bug ?". ... "
You may not be aware of the CPU errata driver that loads new microcode into the CPU at boot on many OSs. So to those espousing the above - get off my lawn and back to school with you! You may be too young to remember such classics as the FDIV bug.
All levels of a computing device, from case to application (and not stopping at the keyboard, for that matter), have bugs and design flaws in them.
To el reg: thanks for a great article.
"All levels of a computing device, from case to application (and not stopping at the keyboard, for that matter), have bugs and design flaws in them."
Very true. However it doesn't change the fact that System Management Mode was a profoundly stupid idea, probably one of the dumbest Intel ever had. This isn't the first hack involving it and it almost certainly won't be the last.
I definitely don't like the idea of placing the reserved memory area for SMM at the end of the first 512 megabytes of memory. That means that the largest array one can use on one's computer is 512 megabytes smaller than all RAM available. Although I suppose the virtual memory hardware means that memory can look contiguous when it really isn't, so this only comes up if one is turning that off for maximum speed...
> " .... To a general air of "when has a chip ever had a bug ?". ... "
> classics as the FDIV bug.
I remember (many many moons ago) arguing with a colleague about the use of non-Intel chips (in this case AMD). He was adamant against the use of non-Intel on the basis that "Intel were the premier chipmakers and produced chips with no errors - you always knew where you were with Intel". Then the next day the news of the FDIV bug came out..
Sadly, he didn't change his worldview even when faced with the evidence. So we carried on buying Intel-only computers despite the cost premium.
This post has been deleted by its author
Quite
Even if you have the full source code for the CPU, have you checked the compiler that then compiles the code into gates... and the software that then writes the gates to silicon.
These days even memory controllers have CPUs and code in them. Your disk driver has 2 or 3 ARM cores in it. Got the code for them? Checked it? Checked the compilers?...
A dma and a small state machine are all that is required to make your whole motherboard address space visible over an ethernet port. It would be an afternoon's work to hide that inside an ethernet controller.
After a while you just have to make some assumptions like you do in the physical world.
After a while you just have to make some assumptions like you do in the physical world.
You always, right from the beginning and at every moment thereafter, have to make assumptions about security. You have to make assumptions about everything. Descartes showed that with his "Evil Genius" thought experiment, and he's hardly the only one to have made the argument.
The epistemological scandal is inescapable. There's no way to guarantee that you know anything with certainty.
To a general air of "when has a chip ever had a bug ?"
Those people are crazy, they happen all the time. I think the issue is more when has a chip had a security bug that somebody found and it hasn't been possible to mitigate it with a microcode update. I don't think it's ever happened before.
Given the timing of the introduction and precisely where this bug is in the CPU one has to start asking themselves rationally if it was intentionally introduced and if Intel should be doing a product recall; that's the major issue here.
You CAN have security - at least security against external world attacks. (Seeing that human error produces far more incidents that the most assiduous attackers, that may not be 100%.)
All you need to do is to dig up some sand, then extract some pure silicon from it, then design your fab plant......
Now why might I not be surprised? Aside from the fact that a multi-billion dollar agency with some of the better hackers on the planet might detect it and keep it hidden since the same head mo-fo in charge is also responsible for offensive operations as well as defensive.... Hell, they probably never needed an order to make such a modification. Given the sheer complexity of systems today at the component level (software and hardware), such a vulnerability was bound to happen. Just go spelunking to find it. Which gives more credence to the accidental occurance since Intel found and fixed it.
"Hell, they probably never needed an order to make such a modification"
This is far more likely.
Giving orders for such things means that someone will blab eventuallly. Finding holes and keeping sctum means that knowledge never leaves the lab which found it.
Remember this is the same NSA which advised against a bunch of password space not being used in the 1970s and it took 30 years for the holes in the DES algorithm behind that advice to be unearthed by civilians.
ISTR a bunch of discussion at the time that they gave up on Clipper along the lines that they must've found a better backdoor - and in such cases where they suddenly go quiet on something I'd say that's a deliberate hint that they're not allowed to release something but civilians should be paying attention to what's NOT being said.
This may be an ignorant question because I have not looked in detail at Intel based architectures since 286 days but if you have the ability to run code at ring 0 aren't there other ways to access these negative levels? Anything that cna be a bus master or capable of memory writes, for example if you have access to a device with DMA capability can't you use it to write whatever you want wherever you want or does the Intel architecture prevent access to certain locations?
Digital Equipment Corp made the first page of virtual memory no access in VAX/VMS, because 0 is such a special number for pointers, unused values etc. The resulting exceptions identified pointers set to null etc. Maybe hardware designers should make physical address 0 no access for similar reasons.
On the Amiga while running Enforcer, the interrupt pointer memory location 0 was remapped to internally catch null pointers. It was one thing (Mungwall and Steve Tibbets' VirusX the other two) that was run while I was screening uploads to the Amiga Fora on CompuServe. Which should explain my zero patience with null pointers even though it's my code doing the checking on x86/x64.
If a miscreant has root or administrator access, then you are stuffed anyway. So while this is fascinating, it's hardly a worry.
Four year old + CPUs would have been prehistoric in 1995 but isn't really old at all in 2015. (ironic that NT & UNIX & OS/2 etc could use a 1995 Pentium Pro properly but Win95 went slower on it).
Now if the bus on a lithium battery pack could inject code, then I'd be worried.
"If a miscreant has root or administrator access, then you are stuffed anyway."
If you perform regular audits, system monitoring, and other checks you can pick up malware installed in the OS. If all else fails, you can wipe everything... "Bang! And the malware's gone!"
If this bug is exploited, the code lives in the CPU's firmware. Virus scanner? Nope, can't see it. Reformat and reinstall? Nope, still there. As with love, our "normal approach is useless here".
"requires root" when you're talking about exploiting systems isn't any sort of barrier. Now one assumes on systems with not unreasonably old CPUs if you get rooted then your hardware is junked. You have no way of finding or removing something put there with this so why wouldn't you make that assumption.
System compromises tend to chain a bunch of exploits together (for example web app -> shell unpriv -> root), now they can add a little something extra to the end; and that something is a pretty nasty kick in the hardware teeth.
Do you own a dedicated server hosting business? How do you know your systems aren't compromised with this? Oh, yeah, you don't.
"ironic that NT & UNIX & OS/2 etc could use a 1995 Pentium Pro properly but Win95 went slower on it"
That's because PPro ran 16-bit code very slowly. Intel did caching changes in PII (OK, quick search suggests segment register caching was the fix).
tomshardware.com/reviews/intel-pentium-ii,20.html
Many devices have DMA access to memory - does the MCH block access to the SMM RAM area from DMA devices (eg a graphics card or a disk drive)? If it does not then there is a much bigger hole.
As the SMM code is loaded from the BIOS - any technique that allows the BIOS to be reflashed also allows the SMM to be reprogrammed.
Back in the dim and distant, when I was messing with Z80 CPU dev kits with PIO's for my HNC, the PIO control registers (to generate NMI's on particular input combinations etc.), were at fixed addresses and not mapped (or remappable) to memory locations. I realise I'm comparing a dingy to a supertanker, but why on a Pentium class CPU is the APIC control register mapped to memory and not at some hard coded address which is off limits to anything other than the SMM?
When peripherals and controllers are included on the CPU, it is, at least with Intel, the case that they are relocatable to allow them to be reconfigured to fit around RAM or other external devices. This goes way back to the 80186/80188 (effectively an 8086/8088 with on-board interrupt, DMA and timer controllers, and a few extra instructions) mostly used for embedded systems. The on-board systems could be moved around the memory or IO map even as long ago as 1982 on this slightly larger dinghy.
This post has been deleted by its author
-- I thought I was the only person on the planet who knew about it's existance. --
You, me, and all the wannabe PCjr cloners who heard the rumors that "peanut" would be 80188-based and pre-bought carloads. Than someone noticed that PC-DOS used "reserved for future expansion" interrupts as system calls, and Intel had assigned them to things like the on-board DMA engine. Other rumors suggest that IBM (and only IBM) were allowed to return their 80188s for credit on the 8088s they ended up using, but I was never a Rat Mouth confidante and as my Gran used to say upon hearing a rumor "Were you there?" Nope.
Tim Paterson did pay attention to Intel's reserving interrupts when he wrote QDOS/86-DOS for Seattle Computer Products, the lowest interrupt used by DOS was int 20H. It was IBM and maybe Microsoft that used the reserved interrupts for the PC's ROM-BIOS. IBM also made the blitheringly stupid mistake of using the NMI for the 8087 co-processor despite Inetl clearly stating the the NMI was NOT to be used for the 8087.
There were certainly 80186 processors fitted in some of the hardware I had to deal with 20 years ago.
I'm sure there was one in the original version of 6 port serial card which I had to deal with almost daily, a horrible ISA card that needed a 128K hole in the PC's memory map to function. Finding a suitable hole wasn't that easy, and was made worse when customers wanted two or even three of these in one machine. You could just about get them to work on EISA based systems, but not all of them. Anyway....
There may have also been one in a fax processor board we also used.
Tandy/Radio Shack had a whole line of models that were 81086. NEC v20 and v30 chips used in things like my HP 95LX, 100LX, and 200LX had 80186-compatible instruction sets.
Anyone who says the 80186 never existed is an idiot with a poor grasp of the history of the field and no willingness or ability to use a web search engine.
I used to program Burroughs/Unisys B2x series computers (designed by Convergent Technologies) in the 1980s - the B25 used the 80186. More info here:
https://en.wikipedia.org/wiki/Convergent_Technologies_Operating_System
Some of IBM's XStations used 80186s, with TI TMS34020 or similar as the GPU.
Can we wax nostalgic about the 34020 too? When I was at IBM, circa 1990, I wrote code for the thing, for a document-imaging system that I don't think was ever released. Mostly I pushed ddx routines for X11 down to the card, actually, which makes me wonder if any of that code ended up on the XStations.
We hit a bug in early versions of the 80186, if an interrupt came in while my dma transfer was going on, the interrupt controller set the ack pin during the transfer of the last byte. Thus the last byte was regularly corrupt - but to a consistent value, which turned out to be the relevant interrupt number.
Nonono, ring -3 is where the Master Control Program lives. But it's all very hush-hush you know...
There is no security in any sense of the word since microsoft and intel stole computing, our whole world was undermined by what can be at best be called "design" stupidity and at worst intentional sabotage for the purpose of espionage.
Given that every ms and intel offering was unfit for purpose how about they are both made to release all patents and all documentation into the public domain that or they can return all the cash they extracted over the last four decades.
Hopefully then someone with ethics can create, without legal interferance, the secure computing platform we have been denighed since home computing changed from microcomputers to "PERSONAL",ha, computers
This post has been deleted by its author
My purpose is to be able to do all those unix compatable operations and yet not loose my personal information in the process.
You can buy a PC with windows for very little but the hidden cost of recovering your identy isn't made plain at point of sale.
I suppose if you are unlikely to get credit or own nothing of value then it is no real loss using windows or even volenteering for medical experimentation. However those that do have something to loose have been using windows in the mistaken belief that by buying a product these companies wouldn't treat you as a criminal without the right to privacy.
That we hear so many reports of data going astray and "experts" saying it is impossible to make a finished product without bugs and security holes this says just how much we have all been sold down the river
Any large scale piece of software will have bugs, it's inevitable - humans make mistakes, especially when it comes down to the lower levels of working with memory pointers etc. or even lower down and working with bits of machine code. Very few people can truly visualise what a tiny change in one part of the code might do to the rest of it - they think they can, but that's where bugs come from.
An operating system is not a small trivial piece of software. All software that does anything useful has bugs.
"Any large scale piece of software will have bugs" - this is a lie, yes people can make mistakes during coding however they should all have been removed before a professional company starts selling a product as finished. That this lie has been so throughly accepted by those without a understanding of what used to be called a professional approach to coding says why PCs and their software get away with being so buggy.
That Microsoft have managed to convince the world that software engineering is more complex than any other human activity shows just how guillible most people are.
Computing has to be the most contained and controlled of all the sciences and yet without the external conditions other sciences have to counter the leaders in the field can't/don't make it work.
The only people who cannot envisage "what a tiny change in one part of the code might do to the rest of it" should not be allowed to call themselves Software Engineers or talk about this subject as though they had a clue.
I can forgive the ignorant for failing to understand that in professional Software Engineering the code is modular and should be self contained. This way when you make each module secure within a complex system then you have a chance to make the whole system secure, this sadly is something that MS do not or need to do. Microsoft can instead sell buggy code and the idea that it is impossible for anyone to create anything complex without fking it up and people like you believe them and spread their lies to others.
Before there was Microsoft there were complex operating systems that worked without bugs admittedly MS are coding for a generic hardware platform but then again that is what abstraction is for.
The particular "fault" under discussion here can at best be seen as the right hand not knowing what the left is doing, through not caring enough to fix a stupid error, onto intentionally leaving backdoors.
There is no excuse for this "fault" to exist in "finished" products and to be fair intel should be recalling and replacing said "faulty" equipment
> Now that is what I call a secure PC!
You forgot:
Crush it with a Victorian Steam Press (hack that!)
Collect crushed bits in hand-forged steel box and weld shut
Cover steel box in concrete. We recommend at least 30cm thickness.
By rowing boat, take box to nearest deep ocean trench. Preferrably one of at least 2KM depth
Push box over side. Before pushing, check to make sure you are not actually tethered to it.
Run like hell when the Deep Old Ones come after you for littering.
This post has been deleted by its author
No processor that accepts a microcode load (Pentium and earlier?)
No storage device more advanced than a 3.5" FDD or an MFM HDD
No USB of any type
Removable (and removed) jumpers to disable writing to the BIOS storage and NVRAM
Probably some other things I overlooked.
That still won't keep people from installing root kits and other malware, but it might at least prevent putting them where they are effectively invisible and very difficult to remove.
Knowing what we know now about how active the U.S. government has been in the manufacturing of "flaws" in computers and networks and using all methods to get the cooperation of companies it takes a certain sheep like attitude to consider such design a forgotten flaw.
Even more so if we look back to the paranoia and fear governments were openly expressing about the new technology and the assurances they were getting from various government agencies that the situation was under control and more funding would ensure it would stay that way.
It might help those who can recall the past to keep in mind what we have learned since then and that the phrase "Trust Us" is used most often by those who should not be trusted.
I doubt that the Powers that Be got any less malicious. Less implausible is the idea that the NSA / GCHQ got word that their backdoor was about to be compromised, and had to abandon the technique for fear of embarrassment.
Which raises the question ..... What did they replace it with? (Bear in mind that it would not be entirely unfeasible for a government agency to compromise a system recovery tool, that might be downloaded by a sysadmin for some emergency repair work. Do you make your own emergency boot disks? Or do you just download a well-known one as and when any problems may arise? Did you check the installation "scripts" carefully to be sure there were no statically-compiled binaries among them? Do you keep a recovery USB stick in a safe place at all times? Because someone who knows what's on that, and can persuade you to reach for it, as good as has physical access to your hardware.)
Did any computer security types disappear in extreme sports accidents, or suffer nervous breakdowns, around that time? I can't believe they wouldn't have tried to silence the person who discovered the exploit anyway, even in spite of removing the flaw from future processors.
Of course, it's even more probable that this was a simple design error with unintended consequences, and not put there deliberately. Although, we should not rule out the idea that the NSA / GCHQ ever made use of the technique while it existed. Illegally-obtained evidence has been used in the past to justify fishing expeditions for better evidence that would be admissible in court -- and provide plausible deniability for the Agencies.
There's already some good ones here, but it seems to me the Tinfoil Hatters are beating their same old drums. Come on shiny-crinkly headwrappers, you can do better than this ?!!
What changed significantly in 2011 that Intel changed stuff at this level?!! What is the new backdoor for [Bad Guy of your pet peeve]?!! Why would [omnipotent Agency X] not simply Disappear the knowledge of this feature, or is it a move to direct attention from something else?!! See? It's easy to come up with Stuff!
On a more serious note for the peeps who know more about this than I'll ever need : Wouldn't you have to be pretty careful not to create bugs/artefacts in the operation of the hardware that would show in one way or another? This is pretty high-brow stuff, well outside of script-kiddie territory, it's not as if you have much room to work with to pull this off, and then do anything actually'"useful", after all.
Why do governments fear securable computers? What on earth can people do with computers that's so scary to them? I get terrorists might co-ordinate via email or cell phone .. but otherwise their fear seems overrated? And doesn't email meta-data alert them already? Why is it such a big deal to governments?
Why is it such a big deal to governments?
Ministers know how pencil & paper work, they aren't frightening. They haven't a clue how computers work, though, so they're scared shitless that they might be caught out not doing something, and hence lose votes.
Governments aren't scared of secured private computers. They don't vote (at least not in a paper based mandraulic voting system).
No, what governments fear is the things that some seriously nasty people do with them. Things like child pornography, financial fraud, ddos blackmail, cryptolock extortion, etc. And that's before you start considering how they can be used to command and control terrorist acts or influence other vulnerable people in bad ways.
What the likes of Google, Facebook, Apple, etc. are risking is being seen to have been in possession of vital information prior to a 9/11 style attack but to have not passed it on. Hopefully an attack of that scale never happens ever again. However, what would their reputation be like after such an event?
On your point about using computers for child porn/plotting your reign of terror/ hiding your drug money/ swindling the guillible/blackmail etc all these things existed before computers were common place and you can bet the guilty took measures to hide/encrypt the data.
your other points, DDOS, cryptoblock extortion have been made possible by the security holes left in so the authorites can "catch the baddies at it".
Given that the "baddies" know that putting anything on a computer is a mistake and will not be doing it then wouldnt it be better if the rest of us weren't treated like criminals.
Given that the criminals are using the authority's backdoors to invent new crimes and we no longer have any private life outside the home or even in the home if you have a camera on any internet enabled device. Then it makes you wonder who exactly the authorities are really targetting as a threat
"On your point about using computers for child porn/plotting your reign of terror/ hiding your drug money/ swindling the guillible/blackmail etc all these things existed before computers were common place and you can bet the guilty took measures to hide/encrypt the data."
All that certainly happened before, but now it's far too easy to do those things on a large scale and far too easy to get away with it.
your other points, DDOS, cryptoblock extortion have been made possible by the security holes left in so the authorites can "catch the baddies at it".
So you think that it's all some kind of super organised plot on behalf of the tech industry and all governments worldwide? You don't think it's just the result of flawed and lazy humans not bothering or simply making mistakes in their work / hobby? Jeez, who are those guys and what planet do they come from?
"Given that the "baddies" know that putting anything on a computer is a mistake and will not be doing it then wouldnt it be better if the rest of us weren't treated like criminals."
You're pretty naive, aren't you. A lot of baddies are also lazy idiots...
Today's computers and networks are a problem. On the one hand we all want security, reliability fun and convenience. On the other hand there's too many well meaning but naive people creating networks and software that are more useful to baddies than goodies. They themselves rarely suffer the direct consequences of the abuse of their creation by criminals, blackmailers, fraudsters, shooters, paedophiles and terrorists. Which is great for them, not so great for those who do get robbed, conned, abused, shot, blown up or maimed.
There is currently no good answer to this dilemma.
Tell me someone we can trust who agrees with your points, by trust I mean not being paid to continue the existing situation which I would say clearly targets more innocents that criminals.
I would say that yes there has historically been many intentional "errors" in code and hardware for the purposes of anticompetition, antiprivacy. Anyone who has been in IT since they allowed russia etc to buy computer equipment will know what I am talkign about
Yes criminals can be just as stupid and niave as the rest of the sheeple however statistically there are less people using computers for nafarious reasons than otherwise and yet all are abused. The bot nets etc could not exist if the underlying OS and hardware were secure but clearly since they do exist the system builders are at fault.
That the underlying IT systems are compromised for whatever reason means that by far the biggest loosers are the good guys who now have zero privacy, zero protection and zero chance of being put first for a change
Governments, well Western ones at least, don't fear private computers.
They want to provide their chums in the computer hardware and software business with lucrative contracts selling to the "intelligence" services. The politicians want the board of directors jobs and kickbacks offered for drumming up business for their pals.
Governments aren't about helping the people or the country they're about helping the members of the government make more money.
Governments couldn't give a shit about terrorism, illegal drugs or child pornography. They want power and money.
Not so much the securable computer per se, more as another item on the checklist (toolchain) for someone that will be likely to be a threat to governments, the people running them, and the wealthy that the government answer to at the end (if they want to remain in office). Look at what 9/11 resulted in? Massive loss of wealth even discounting the loss of lives among "the people that matter." Sony? Charlie Hebdo? How about that gang that the FBI is pulling down using pre-published financial news to get a jump in the financial markets. Now that one will probably have legs. Lots of legs!
Now to be able to break into the systems the hackers depend on? Yeah, that pretty much hits the "Priceless" button with a sledgehammer. And any other technique that can be brought to bear, damn the cost. After all (not true but said anyway) we can pass that cost to the serfs.
"Why does the government fear private computers?"
Rapid mass communication for the plebs. We the plebs must not be allowed unfettered instantaneous communication. Even if you haven't imagined how unthinkably terrible a local "arab spring" would be for "the 1%" you can rest assured that they have... a long time ago... and multiple layers of robust "safeguards" are already in place.
...but apart from that obvious fear... it's also a somewhat broader and more innate opportunity... The great democracies have a long and proud tradition of doing all they can to monitor and subjugate their subjects. This is the very means by which they built and maintain that status as the "great democracies." It's a tradition stretching back unbroken to long before the little "democracies" slogan was concocted. Imagine for a moment how Queen Elizabeth's (no, the other one's) ministers would have felt and responded if a communications industry had fallen into their laps which, despite using opaque "magic box" apparatus which was far beyond the complete understanding of any of the plebs, was practically universally adopted by them. What would they have done with that? Of course, you'd not really be imagining anything. It just happens to have happened 400 or so years later. And why shouldn't they be doing what comes so naturally? What's to stop them?
It's a "power" (control) thing.
@AC,
"Rapid mass communication for the plebs. We the plebs must not be allowed unfettered instantaneous communication. Even if you haven't imagined how unthinkably terrible a local "arab spring" would be for "the 1%" you can rest assured that they have... a long time ago... and multiple layers of robust "safeguards" are already in place."
What utter rot. Apart from the fact that we pretty much all have multiple means of instant communications, a local "Arab Spring" happens once every 5 years here in the UK, or 4 years if your an American. It's called an election, it's much better organised and it does actually result in a change of government if that's what people actually vote for. If a government hasn't done well enough it will lose the next election, as has frequently happened within your lifetime.
"The great democracies have a long and proud tradition of doing all they can to monitor and subjugate their subjects."
More commonly known as law enforcement, something that voters are generally very much in favour of at election time. Everyone voting generally wants criminals to be subjugated with maximum vigour. If you think otherwise, try standing as a candidate at the next election and see how far you get on an openly anti law enforcement billing. You'd be lucky to keep your deposit. A population gets the laws and government it votes for.
"Imagine for a moment how Queen Elizabeth's (no, the other one's) ministers would have felt and responded if a communications industry had fallen into their laps which, despite using opaque "magic box" apparatus which was far beyond the complete understanding of any of the plebs, was practically universally adopted by them. What would they have done with that?"
You've not heard of Francis Walsingham, or pen and paper?
Looking at Iraq, Syria, Bahrain, Yemen, Jordan, Egypt, Libya, and Tunisia to name a few, is it clear that we should want a local "arab spring"? Really?
"Mulitiple layers of robust 'safeguards': for example? And under what plausible conditions would they likely be used?
What subjugation would that be? For monitoring, aside from objections to wire sniffing that some might not describe as surveillance as long as it was limited to machine filtering, what outcomes exceed limits that a majority would think reasonable (limited to Europe/EEC, Five Eyes, South Korea, Japan for discussion purposes)?
Governments are established to govern, and police are hired to enforce the laws. News articles notwithstanding, in the countries identified above, they usually do so without interfering excessively with the majority of the population. When they do, courts often will curtail the excesses, and those who object can try to persuade legislators to change the laws, or try to replace the legislators so as to try to change the laws from within. The fact that they may fail to do so may not mean they are corrupt or under control by the 1% or other enemy of the people; it may simply mean that the majority who elect the legislature and executive are not dissatisfied enough to vote for change. And like it or not, no established government, however legitimate, is going to put up with attempts to overthrow it by means outside the law.
It's not about 'terror' or 'drugs' or whatever the current whipping boy is this decade, it's about having control and the easiest way to keep control is to know what everyone is saying.
As one man (or his speech writers) said 'You're either with us or against us' and having oversight on what your population thinks and says is one hell of a way to keep people on side and marginalise those who aren't.
Because you're regularly just plain wrong on many levels but....
Here's a clue, CPU speed isn't worth jack unless you can get the data in and out of a chip as fast possible.
Now go away and work out why Intel dominates the market where sustained I/O speed is important (and another clue for free, that's pretty much everywhere except where little boys toss off over benchmarks)
Actually until well into the '90 the PC just wasnt that fast compared to the alternatives of the time.
High cpu and fpu applications typically used the alternatives because the intel archetechure just wasnt up to it.
In actuallity MS and intel won out because of component prices, litigation from USPO patents and back room deals with government officials. With the profits they either bought up, crippled or outright destroyed their competition. Only recently have the better technologies like ARM been allowed a lookin and that was because the US lost control of their far east suppliers.
intel stopped being an asset to computing after the 8080 and Microsoft were always greedy grabbers, the latters only input to this subject was their 4k interpreter and their subsequent demands for cash in an environment where coders were proud to give the fruit of their labours away.
So no these companies did not win the home computing race by being the best system designers, they were given the prize by western governments who allowed their home grown products to be destroyed on the promise of dominion over the coming age of information.
We were all sold out by the people we elected and we all voted for the removal of privacy and security furtheris still going on today.
NSA controls the electrons! Entanglement processes run at the chip foundry by really creepy janitors means every quantum jump by an electron in a processor chip is mirrored at the sister chip in Ft Meade.
Now that I've revealed that, my life is in grave dan
This post has been deleted by its author
Most security bugs seem to stem from executing data as code. Can some knowledgeable reg reader explain to me why this cannot be resolved in hardware. Eg physical ram that is only ever treated as data and separate chips registers and caches for code. Is it infeasible for some performance reason? Not assuming current architectures, consider also a 128bit word, where one half is guaranteed to be data,or something else "thinking out of the box"
It's called the Harvard Architecture and it was designed to increase throughput to/from memory but does separate data from code. However we quite like to load programs into memory so they can be run, we like to JIT compile scripts and so on - so it could never offer any more security than write protecting pages in our Von Neumann machines.
The reason they died out is probably the slight problem of where you put the extra pins on a microprocessor to access 2 separate memory systems. Nowadays we could just multiplex them but it makes more sense to treat it just gobble the extra bandwidth directly.
There used to be computers with seperate data and code ram for secure systems but we dont have them anymore instead we have intel, windows and compiled rather than machine code operating systems.
Basically security was abandoned in the lust for speed however now that hardware is so much cheaper we could return to secure computing if only we were allowed to.
Can some knowledgeable reg reader explain to me why this cannot be resolved in hardware.
It can to some degree. PDP-11's had separate I & D space, which in those days of 16- or 22-bit addressing also doubled the available memory space. IIRC there was a hardware signal which the processor used to indicate which memory it was accessing, so normal user programs could only read/write data memory, never Instruction memory. I'm fairly sure other microprocessors (some of the M68K family?) had similar options.
I'm not sure it would necessarily solve the problem, though. The processor is still in the loop to get the code off the disk initially and into the I space so that it can be executed, so it has to have a way to write into the I space at some point. That is usually done by switcthing the processor into one of the privileged modes (the inner "rings" as described here) at which point I-space is writable. Since this hack relies on getting the processor into a privileged mode so that memory can be remapped you could probably bypass the protection.
Or, of course, just not design buggy hardware :)
"So did 8086. Code segment, data segment, stack segment, et al. In practice these pointers were often set at the same address, which kind of defeats the point."
In Real Mode, once memory cleared 16 bits, the code and data segments could and frequently did occupy different 64K segments of memory. About the only time the CS and DS were the same was in Tiny (.COM rather than .EXE) compiles meant to fit completely into a single 64K segment.
Protected Mode meant 32-bit programming which meant access of up to 4GB of memory in an age where even 8 and eventually 256MB was considered high. This meant a flat memory model and that deprecated segments.
"(ironic that NT & UNIX & OS/2 etc could use a 1995 Pentium Pro properly but Win95 went slower on it)."
Not ironic at all. Intel assumed by the time the Pentium Pro shipped that contemporary OSes would be 32-bit (recall the PPro was under development for years before it shipped). So they made sure it ran 32-bit code very quickly, they made sure it *could* run 16-bit code but didn't worry about the speed of it. NT, UNIX, and OS/2 were full 32-bit OSes, Windows 95 was a shell over 16-bit DOS so it ran like crap on it. Intel was a bit pissed at Microsoft at the time for continuing to ship DOS shells instead of NT-based Windows exclusively. The Pentium2 actually ran 32-bit code *slower* than a Pentium Pro, it was just reworked to speed up 16-bit code.
Better processors that don't have little secrets hidden in them. I long for the days of a nice processor like the MC68060. Pity they didn't super-scalar it like other processors of the day. Would have been a nice processor to do business with.
That's what I get for programming for over 50 years.
The IBM 1620 was a wonderful machine to program.
Interesting. Maybe NASA using 8088's and suchlike was intentional because they suspected that newer chips might be vulnerable to things like this and related SEUs in the sub 1000nm transistors in subtle ways that error correction might miss. (think rowhammer)
I have it on good authority that they also run the chips at a fraction (the exact number is still classified) of the clock rate and different on each chip within its spec on main and backup systems so that a fault can't propagate via subtle power surges etc.
Its also intriguing to note that some of the new consumer level chips have active protection against power related instability and interference injection. Unused pins are now being joined to the Gnd plane rather than left floating so that this cuts off another avenue of attack.
More to do with charged particles dashing through the chips. Larger transistors at lower frequencies have much better radiation resistance. And differing frequencies can help to reduce interference, as you rightly noted.
ECC (if done correctly) will not miss anything. Rowhammering needs several write cycles to flip a bit, but ECC logic has to compare checksums on every RAS/CAS cycle. If one bit is off, it can be corrected. If several bits are wrong - checkstop.
Baked in template code?
I may have misunderstood the issue here (it's early and there's been no coffee yet) but doesn't that imply that template code is just code?
As such it's going to be held in a EEPROM/Flash device somewhere on the afflicted motherboard and therefore will be reprogrammable? (most manufacturers don't fit programmed chips to their products, they program in situ via some means that requires no local CPU involvement, JTAG, SPI, I2C or even proprietory means so even on a compromised system it's possible).
The fault lies within the cpu and to change code there requires a digitally signed/encrypted image to be loaded with your OS (intel just released an update of this type).
unfortunately this function is not in the microcode andis at best due to an utter brainfart that allows unrestricted access to any memory location, this obviously makes the cpu based security useless and results in you having to buy a new cpu to fix it.
A thought to consider.
I suggest that the problems showing up in some CPUs might actually be related to the microcode, this is updated by the BIOS usually and rarely causes a problem.
Some older LGA775 systems wouldn't even boot into DOS until this was fixed with an older CPU (typically this would be a P4 instead of a Celeron D/dual core/quad) and even the newer LGA-1066 have this annoying habit.
Yes, indeed buggy microcode can do this BUT its an entire new vector for malware to exploit the BIOS to insert known bad commands during initial bootup which then sit there until triggered.
The latest trend for malware is to *only* run using SSE3 or SIMD instructions so that nice new hexacore beast will be vulnerable but an older C2D won't unless emulating said instructions.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
