Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hyperthreading Considered Harmful

Posted by CowboyNeal on from the not-just-for-performance dept.

cperciva writes "Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw. This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately. I will be presenting this attack at BSDCan 2005 at 10:00 AM EDT on May 13th, and at the conclusion of my talk I will also releasing a paper describing the attack and possible mitigation strategies."

11 of 392 comments (clear)

  1. Sysadmins have been advised... by Anonymous Coward · · Score: 4, Funny

    to give their hyper-threading processors some Ritalin.

  2. Whoosh!!! by EmagGeek · · Score: 4, Funny

    Shit, did anyone see that blur???

    Yeah, I think that was Intel's server market going right out the window at Mach 10...

  3. Quick fix by Junior+J.+Junior+III · · Score: 5, Funny

    I am counteracting the harmful effects of hyperthreading by eating a high-fiber diet. So far, I haven't had any problems.

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  4. This is SERIOUS!!! by AltGrendel · · Score: 3, Funny
    SCO: This affects OpenServer 5.0.7 if an update pack is applied and SMP is installed; it also affects UnixWare 7.1.4 and 7.1.3 with hyperthreading enabled, but hyperthreading is disabled in UnixWare by default. This is covered by advisory SCOSA-2005.24.

    Ooooo, I'm SCARED!

    --
    The simple truth is that interstellar distances will not fit into the human imagination

    - Douglas Adams

  5. Re:Where's the details? by Anthony · · Score: 4, Funny

    Maybe there are still unsold tickets for BSDCan05.

    --
    Slashdot: Where nerds gather to pool their ignorance
  6. May I be first to say... by game+kid · · Score: 3, Funny

    ...I'm glad I'm stuck with a 1-gig Pentium III.

    --
    You can hold down the "B" button for continuous firing.
  7. Extreme Edition... by Sialagogue · · Score: 4, Funny

    With Moore's Law still holding up, isn't it a little early to be using up names like "Extreme Edition?" So, I'd like to propose my own corollary to Moore's Law:

    "The microprocessor industry will run out of hyperbole long before they run out of transistors."

    --
    The only acceptable defense of scientific results is to say that they were the product of the Scientific Method.
    1. Re:Extreme Edition... by grouse · · Score: 3, Funny

      Am I the only one that noticed that the natural acronym for Intel Pentium Extreme Edition is "I PEE?"

  8. Oh dear. by Morky · · Score: 5, Funny

    I guess I need to shut off hyperthreading on our app server before the users who can't sort an Excel spreadsheet have a chance to expliot the vulnerability.

  9. In other news.. by peterprior · · Score: 4, Funny

    ...it appears Windows XP Starter Edition may be the most secure option after all...

  10. SCO Unix variants... by Per+Abrahamsen · · Score: 5, Funny

    As we all know, this includes Linux :-)