Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hyperthreading Considered Harmful

Posted by CowboyNeal on from the not-just-for-performance dept.

cperciva writes "Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw. This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately. I will be presenting this attack at BSDCan 2005 at 10:00 AM EDT on May 13th, and at the conclusion of my talk I will also releasing a paper describing the attack and possible mitigation strategies."

24 of 392 comments (clear)

  1. Sysadmins have been advised... by Anonymous Coward · · Score: 4, Funny

    to give their hyper-threading processors some Ritalin.

  2. Another hit for Intel by Anonymous Coward · · Score: 0, Funny

    Man, talk about getting hammered...Itanium, AMD, and now this....

    1. Re:Another hit for Intel by Anonymous Coward · · Score: 1, Funny

      But wait, a security issue that doesn't affect Microsoft? The sky is falling...

  3. Whoosh!!! by EmagGeek · · Score: 4, Funny

    Shit, did anyone see that blur???

    Yeah, I think that was Intel's server market going right out the window at Mach 10...

    1. Re:Whoosh!!! by CleverNickedName · · Score: 2, Funny

      Actually, I think it was the article flying overhead.

      --


      Unfortunately, I am not Wil Wheaton
  4. Quick fix by Junior+J.+Junior+III · · Score: 5, Funny

    I am counteracting the harmful effects of hyperthreading by eating a high-fiber diet. So far, I haven't had any problems.

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  5. This is SERIOUS!!! by AltGrendel · · Score: 3, Funny
    SCO: This affects OpenServer 5.0.7 if an update pack is applied and SMP is installed; it also affects UnixWare 7.1.4 and 7.1.3 with hyperthreading enabled, but hyperthreading is disabled in UnixWare by default. This is covered by advisory SCOSA-2005.24.

    Ooooo, I'm SCARED!

    --
    The simple truth is that interstellar distances will not fit into the human imagination

    - Douglas Adams

  6. Re:Where's the details? by Anthony · · Score: 4, Funny

    Maybe there are still unsold tickets for BSDCan05.

    --
    Slashdot: Where nerds gather to pool their ignorance
  7. hmm.. by ebilhoax · · Score: 2, Funny
    I will be presenting this attack at BSDCan 2005 at 10:00 AM EDT on May [Friday] 13th ...

    Jason? Is that you? (or your evil geeky twin brother?)

  8. May I be first to say... by game+kid · · Score: 3, Funny

    ...I'm glad I'm stuck with a 1-gig Pentium III.

    --
    You can hold down the "B" button for continuous firing.
  9. Extreme Edition... by Sialagogue · · Score: 4, Funny

    With Moore's Law still holding up, isn't it a little early to be using up names like "Extreme Edition?" So, I'd like to propose my own corollary to Moore's Law:

    "The microprocessor industry will run out of hyperbole long before they run out of transistors."

    --
    The only acceptable defense of scientific results is to say that they were the product of the Scientific Method.
    1. Re:Extreme Edition... by grouse · · Score: 3, Funny

      Am I the only one that noticed that the natural acronym for Intel Pentium Extreme Edition is "I PEE?"

  10. Re:Where's the details? by hotdiggitydawg · · Score: 1, Funny

    Come now... Google, Apple, et. al. all get Slashdotted for the most inconsequential stories, devoid of details. Why should the little guys miss out on some "Google Founder's cat stuck up tree again" Slashvertising?

  11. Re:/. premature? by Spacejock · · Score: 2, Funny

    There's only a remote possibility people will RTFA when it DOES exist. To calculate the possibility you're talking about will require hours of CPU time. Actualy, hours * ~1.5 CPU time, because for some strange reason my HT is now disabled.

    --
    Hal Spacejock: Science Fiction with Nuts
  12. Google Adbar by bLanark · · Score: 2, Funny

    Did anyone else notice the Intel advert for "Hyper Threading Linux" at the top of the google ads on the article page?

    I wonder how much revenue he'll get from this announcement?

    And I note that if you are a SCO user, you always had disabled hyper threading anyway. Not sure what to make of that.

    --
    Note to ACs: I won't mod you up, even if you are being funny or insightful. So take a chance! It's not real life!
  13. Oh dear. by Morky · · Score: 5, Funny

    I guess I need to shut off hyperthreading on our app server before the users who can't sort an Excel spreadsheet have a chance to expliot the vulnerability.

  14. In other news.. by peterprior · · Score: 4, Funny

    ...it appears Windows XP Starter Edition may be the most secure option after all...

  15. Article in a nutshell by john_anderson_ii · · Score: 2, Funny

    Hyperthreading is teh suck because I found a flaw.

    I'm not going to tell you how it works until I get a chance to stand up in front of a buch of people and sound smart. In the meantime you can disable HT.

    I can write.

    The flaw affects BSD's and OpenServer for sure.

    I'm unemployed, so give me money to find more flaws.

    Intel rocks!

    Yup...that's pretty much it. Or did I miss something?

    --
    Be Safe! Sleep with a Marine. Semper Fi!
  16. hohum by BigBadBus · · Score: 2, Funny
    Don't you think you're carrying this Friday 13th theme a bit too far?

    --
    My web domain.
  17. HT Explot PATCH:MST-00013 by fishpick · · Score: 2, Funny

    Microsoft has issued a patch in response to this "significant" security threat
    You can download RIDDILIN.EXE to address the hyper-thread exploit from their update site...
    Bill Gates assures me in a very personal email, installing this patch will fix the flaw, send me $5 for every other person who installs it... and Intel's stock will go up too. It's win-win...
    Everyone should do it...

  18. SCO Unix variants... by Per+Abrahamsen · · Score: 5, Funny

    As we all know, this includes Linux :-)

  19. Re:Same Guy? by merdaccia · · Score: 2, Funny

    Your post made Firefox crash. Please close your tags.

    --

    *blinking cursor*

  20. Not quite by Anonymous Coward · · Score: 1, Funny

    "which is commonly held as the finest academic institution in the world."

    Only in Oxford.

    Everywhere else its pretty clear its Cambridge.

  21. Re:On the other hand by aftk2 · · Score: 2, Funny

    Tommy: "A lot of people go to college for seven years..."
    Richard: "Yeah. They're called doctors."

    --
    concrete5: a cms made for marketing, but strong enough for geeks.