Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attacking Multicore CPUs

Posted by CmdrTaco on from the i-just-use-a-mallet dept.

Ant writes "The Register reports that the world of current multi-core central processing units (CPUs) just entered is facing a serious threat. A security researcher at Cambridge disclosed a new class of vulnerabilities that takes advantage of concurrency to bypass security protections such as anti-virus software The attack is based on the assumption that the software that interacts with the kernel can be used without interference. The researcher, Robert Watson, showed that a carefully written exploit can attack in the window when this happens, and literally change the "words" that they are exchanging. Even if some of these dark aspects of concurrency were already known, Watson proved that real attacks can be developed, and showed that developers have to fix their code. Fast..."

7 of 167 comments (clear)

  1. Fast? by JordanL · · Score: 5, Insightful

    and showed that developers have to fix their code. Fast...
    Ummm... no. In a world where the list of things that most developers need to fix is quite lengthy, some of which renders your average app unusable or even dangerous, fixing an exploit of a hardware configuration which has no proven virii in the wild is not at the top of the list.

    Yes, it's important to be proactive. No, such a difficult and obscure attack is not something that is priority one.
    --
    FanFictionRecs.net
    1. Re:Fast? by Anonymous Coward · · Score: 5, Informative

      "No, such a difficult and obscure attack is not something that is priority one"

      Thread one sends a command to the OS and knowing that it will take time x to complete

      Thread two waits (x-d) before overwriting the buffer used to store the command (after the OS has checked it for validity, but before the OS has actually processed it)

      what's obscure about that?

    2. Re:Fast? by Anonymous Coward · · Score: 5, Funny

      Perfect, another moron who thinks idiot is plural.

  2. Again? by DeHackEd · · Score: 5, Informative

    Looks like a variation (or maybe a dup) of this.

  3. Damn it by Frogbert · · Score: 5, Funny

    You see, Its these kind of computing professionals that make me feel like a fraud when people call me a computer genius.

    Stop raising the bar you tool!

  4. Re:So what? by Warbothong · · Score: 5, Insightful
    I remember watching an episode of the BBC's (very Microsoft dominated (as in, something major happens with Linux or Ubuntu or whatever, nothing. Some low-down Microsoft employee makes a comment about something he thinks might possibly someday become slightly relevant to some tiny niche and they spend 10 minutes on it)) Click program ( http://www.bbcworld.com/click ) and they had some "experts" (read: marketing guys) saying what the benefits of dual-core CPUs could be. All they could come up with was "You can use one core to do all of your normal activities, and use the other core to run antivirus and antispyware and firewall software constantly".

    I almost cried.

  5. Er, that's an OLD attack by davecb · · Score: 5, Informative

    It works on any multiprocessor, including an
    IBM 360/168 mainframe, where I first encountered it.

    --dave

    --
    davecb@spamcop.net