Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hyperthreading Considered Harmful

Posted by CowboyNeal on from the not-just-for-performance dept.

cperciva writes "Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw. This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately. I will be presenting this attack at BSDCan 2005 at 10:00 AM EDT on May 13th, and at the conclusion of my talk I will also releasing a paper describing the attack and possible mitigation strategies."

20 of 392 comments (clear)

  1. Sysadmins have been advised... by Anonymous Coward · · Score: 4, Funny

    to give their hyper-threading processors some Ritalin.

  2. Whoosh!!! by EmagGeek · · Score: 4, Funny

    Shit, did anyone see that blur???

    Yeah, I think that was Intel's server market going right out the window at Mach 10...

    1. Re:Whoosh!!! by CleverNickedName · · Score: 2, Funny

      Actually, I think it was the article flying overhead.

      --


      Unfortunately, I am not Wil Wheaton
  3. Quick fix by Junior+J.+Junior+III · · Score: 5, Funny

    I am counteracting the harmful effects of hyperthreading by eating a high-fiber diet. So far, I haven't had any problems.

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  4. This is SERIOUS!!! by AltGrendel · · Score: 3, Funny
    SCO: This affects OpenServer 5.0.7 if an update pack is applied and SMP is installed; it also affects UnixWare 7.1.4 and 7.1.3 with hyperthreading enabled, but hyperthreading is disabled in UnixWare by default. This is covered by advisory SCOSA-2005.24.

    Ooooo, I'm SCARED!

    --
    The simple truth is that interstellar distances will not fit into the human imagination

    - Douglas Adams

  5. Re:Where's the details? by Anthony · · Score: 4, Funny

    Maybe there are still unsold tickets for BSDCan05.

    --
    Slashdot: Where nerds gather to pool their ignorance
  6. hmm.. by ebilhoax · · Score: 2, Funny
    I will be presenting this attack at BSDCan 2005 at 10:00 AM EDT on May [Friday] 13th ...

    Jason? Is that you? (or your evil geeky twin brother?)

  7. May I be first to say... by game+kid · · Score: 3, Funny

    ...I'm glad I'm stuck with a 1-gig Pentium III.

    --
    You can hold down the "B" button for continuous firing.
  8. Extreme Edition... by Sialagogue · · Score: 4, Funny

    With Moore's Law still holding up, isn't it a little early to be using up names like "Extreme Edition?" So, I'd like to propose my own corollary to Moore's Law:

    "The microprocessor industry will run out of hyperbole long before they run out of transistors."

    --
    The only acceptable defense of scientific results is to say that they were the product of the Scientific Method.
    1. Re:Extreme Edition... by grouse · · Score: 3, Funny

      Am I the only one that noticed that the natural acronym for Intel Pentium Extreme Edition is "I PEE?"

  9. Re:/. premature? by Spacejock · · Score: 2, Funny

    There's only a remote possibility people will RTFA when it DOES exist. To calculate the possibility you're talking about will require hours of CPU time. Actualy, hours * ~1.5 CPU time, because for some strange reason my HT is now disabled.

    --
    Hal Spacejock: Science Fiction with Nuts
  10. Google Adbar by bLanark · · Score: 2, Funny

    Did anyone else notice the Intel advert for "Hyper Threading Linux" at the top of the google ads on the article page?

    I wonder how much revenue he'll get from this announcement?

    And I note that if you are a SCO user, you always had disabled hyper threading anyway. Not sure what to make of that.

    --
    Note to ACs: I won't mod you up, even if you are being funny or insightful. So take a chance! It's not real life!
  11. Oh dear. by Morky · · Score: 5, Funny

    I guess I need to shut off hyperthreading on our app server before the users who can't sort an Excel spreadsheet have a chance to expliot the vulnerability.

  12. In other news.. by peterprior · · Score: 4, Funny

    ...it appears Windows XP Starter Edition may be the most secure option after all...

  13. Article in a nutshell by john_anderson_ii · · Score: 2, Funny

    Hyperthreading is teh suck because I found a flaw.

    I'm not going to tell you how it works until I get a chance to stand up in front of a buch of people and sound smart. In the meantime you can disable HT.

    I can write.

    The flaw affects BSD's and OpenServer for sure.

    I'm unemployed, so give me money to find more flaws.

    Intel rocks!

    Yup...that's pretty much it. Or did I miss something?

    --
    Be Safe! Sleep with a Marine. Semper Fi!
  14. hohum by BigBadBus · · Score: 2, Funny
    Don't you think you're carrying this Friday 13th theme a bit too far?

    --
    My web domain.
  15. HT Explot PATCH:MST-00013 by fishpick · · Score: 2, Funny

    Microsoft has issued a patch in response to this "significant" security threat
    You can download RIDDILIN.EXE to address the hyper-thread exploit from their update site...
    Bill Gates assures me in a very personal email, installing this patch will fix the flaw, send me $5 for every other person who installs it... and Intel's stock will go up too. It's win-win...
    Everyone should do it...

  16. SCO Unix variants... by Per+Abrahamsen · · Score: 5, Funny

    As we all know, this includes Linux :-)

  17. Re:Same Guy? by merdaccia · · Score: 2, Funny

    Your post made Firefox crash. Please close your tags.

    --

    *blinking cursor*

  18. Re:On the other hand by aftk2 · · Score: 2, Funny

    Tommy: "A lot of people go to college for seven years..."
    Richard: "Yeah. They're called doctors."

    --
    concrete5: a cms made for marketing, but strong enough for geeks.