Pentium Computers Vulnerable to Attack?

An anonymous reader writes "One of the latest security scares is coming from security experts at CanSecWest/core '06 in the form of a possible hardware-specific attack. The attack is based on the built-in procedure that Pentium based chips use when they overheat. From the article: 'When the processor begins to overheat or encounters other conditions that could threaten the motherboard, the computer interrupts its normal operation, momentarily freezes and stores its activity, said Loïc Duflot, a computer security specialist for the French government's Secretary General for National Defense information technology laboratory. Cyberattackers can take over a computer by appropriating that safeguard to make the machine interrupt operations and enter System Management Mode, Duflot said. Attackers then enter the System Management RAM and replace the default emergency-response software with custom software that, when run, will give them full administrative privileges.'"

But how?

[telbij]

I'm no security expert, but I don't see how this inherently indicates any particular vulnerability:

Cyberattackers can take over a computer by appropriating that safeguard to make the machine interrupt operations and enter System Management Mode, Duflot said. Attackers then enter the System Management RAM and replace the default emergency-response software with custom software that, when run, will give them full administrative privileges.

How do they 'enter System Management RAM'? Presumably this is a local attack where you plug in some hardware to do this while the computer is asleep. How could this possibly work over a network? You also have to make the machine overheat...

Any more knowledgeable speculation on the real threat posed by this?

Eh?

[Savage-Rabbit]

Yet another reason AMD is better than Intel!

Why? I don't think anybody immunized AMD against screwing up, they are just as capable of it as Intel.

I wonder if this affects the new Intel Macs?

I'll reserve the right to modify my opinion after familiarizing myself with the details of the nature of this vulnerability. As a first guess I'll hypothesize that this probably depends on how easy the OS running on the affected Intel box makes it for a remote attacker to exploit this hardware flaw.