Kaspersky To Demo Attack Code For Intel Chips

snydeq writes "Kris Kaspersky will demonstrate how attackers can target flaws in Intel microprocessors to remotely attack a computer using JavaScript or TCP/IP packets, regardless of OS. The demo will be presented at the Hack In The Box Security Conference in Kuala Lumpur in October and will show how processor bugs can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler. The demonstrated attack will be made against fully patched computers running a range of OSes, including Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux, and BSD. An attack against a Mac is also a possibility."

Java or Javascript?

[Yvan256]

... remotely attack a computer using JavaScript or TCP/IP packets ... can be exploited using certain instruction sequences and a knowledge of how Java compilers work

So is it Java or Javascript? Either the summary is wrong or this guy doesn't even know the difference between the two.

Huh?

[antifoidulus]

will show how processor bugs can be exploited using certain instruction sequences and a knowledge of how Java compilers work

Huh? Javascript != Java!!!!

Randomize Something?

[bill_mcgonigle]

a knowledge of how Java compilers work

Hrm, seems like he's counting on things happening in a certain sequence. So, perhaps a JVM could do more stuff in an unpredictable order? Perhaps using an SSA representation and context switching threads? Yeah, slightly more expensive, but let Firefox turn it on for me when I'm running untrusted code.

Quote

[kellyb9]

... Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux, and BSD. An attack against a Mac is also a possibility.

Why don't they just say... "any computer that has an Intel chip?".. shock value I guess.

Re:They may

[slimjim8094]

If this can consistently crash my computer regardless of OS or browser, I'd sure as hell update my BIOS.

This is a big deal.

you say tomato...

[DragonTHC]

They call it a flaw, while I call it a backdoor.

Re:Publicly available?

[AlHunt]

>I see, so your argument is that if it can't be fixed by the discoverer,
> they should keep it obscure.

Yeah, we could have the oft-heard chicken or egg debate. But we both know where it would end up. One side would say "disclose everything right away" and the other side would say "give the vendors a chance to fix it first". See how much time we just saved?

Re:Heh...

[g0bshiTe]

Possibly, but as an AMD user myself I can't help but wonder if what can be done on Intel with this won't also open Pandora's box on AMD using the same or similar methods.

Re:Publicly available?

[Todd+Knarr]

As an end-user, to me it doesn't matter. If patches aren't available, I still need to know the details of the vulnerability so I can judge which of my systems need how much of their external access blocked or removed. To me, keeping it secret doesn't remove the vulnerability. I have to assume that, if it exists, the bad guys know about it and will use it. The only question for me is whether or not I know I need to take protective measures. If you say I don't need to, then I say "OK, let's you sign this contract making you liable for every penny of losses resulting from exploitation of that vulnerability.".

Re:Heh...

[DaedalusHKX]

And then the irony will be that on Windows, the exploit will crash out, in Linux it will require a more up to date version of WINE to be installed so it can run and then crash like in Windows, and in BSD it simply won't run since BSD is that old "eunuchs" stuff that won't run Windows "cross platform" 'sploits.

In the end, everyone is SAFE from attack by the sheer virtues of their software goodness that is inherent in "modern" OS's.

Interesting

[mlwmohawk]

If the fundamental flaw is BOTH the way intel chips execute code and a primitive in Java, that could be dangerous.

I could get all snarky and tell everyone I buy AMD, but I wouldn't be too confident that a similar exploit couldn't exist there either.

This is all possible if...

You need to reliably produce a series of instructions on a typical jvm. This doesn't present a problem as primitive expressions probably get predictable JIT sequences,

The next question is what kind of exploit? Are you running native x86 code? If so, you are still limited by the OS level protection. If you can then create an exploit that elevates your permissions that doubly bad.

One more snarky comment. I don't like JITs. I like my interpreted code interpreted, and I like my binary code native. I prefer something like a PHP model where you put glue in PHP and hard code in a C extension or a service.

Reality check

[jmorris42]

> The government just supplies a cheap alternative that people elect to use.

No my statist friend, we don't 'elect' to use the USPS if we can avoid it. But we don't have a choice in some cases because the US Government grants a monopoly on letter delivery. UPS and Fedex can deliver freight and because nobody thought it possible and thus Congress didn't forbid it in time, overnight letters. Notice how totally the private competitors dominate the postal service in those catagories? How many YEARS it took for the postal service to even attempt an overnight delivery service... that still only promises (as in refund you money for being late) 2-3 day delivery between most endpoints.

Do you really think UPS couldn't eat the postal service's lunch on 1st Class postage if they were allowed to compete? Of course they could, which is why the Postal Workers unions make damned sure Congress never even brings the subject up. They would probably have to adopt the same subsidy tactics as the USPS, i.e. use bulk mailers to subsidize 1st Class postage. But not being a government agency, once they demolished the USPS would restore actual market forces. So you would end up paying a bit more to send a letter AND get a bit more paper spam. But mail would flow quicker and with greater reliability.

Re:Reality check

[jonbryce]

You might think that would happen, but if the British experience of removing the monopoly is anything to go by, your postal service will get worse.

We've always had overnight delivery, but then, Britain is a much smaller country.

The private operators are only interested in business mail. DX will do deliveries for small companies. The rest of them are only interested in bulk mail, such as bank statements and utility bills. For the rest of us, Royal Mail are now charging more, because they get less of the bulk mail to subsidise personal mail, and they are becoming much less reliable at delivering it.

Re:Reality check

[Paradise+Pete]

Do you really think UPS couldn't eat the postal service's lunch on 1st Class postage if they were allowed to compete?

.

I don't know. To me it's pretty darn amazing that for 42 cents I can drop an envelop in a slot and a few days later it is hand-delivered to someone on the other side of the country. If that service didn't exist and you asked me to guess what it would cost, 42 cents would not be the answer.

Re:Reality check

[mOdQuArK!]

Actually, the main "valid" reason for the government providing letter service is to provide services to those geographic areas where the "free market" would flat out decide that it wasn't worth servicing those areas. If this wasn't a requirement of the USPS, they could easily drop all their rural routes & compete with any of the normal package carriers.

Of course, whether or not we should be inefficiently supporting those remote rural areas is a whole 'nother area of debate. I'm sure there's a lot of small town supporters that would scream bloody murder if you argue that those small towns should be allowed to disappear by cutting off any form of government infrastructure subsidy for those locations.

Re:Reality check

[otterpop81]

What's funny is that the Slashdot community thinks it's outrageous to have a government run postal service (as evidenced by the current +5 moderation of parent), but at the same time thinks government run health care would be a great idea.

Re:Reality check

you're missing one important issue.

the USPS is by law required to offer postal services that are guaranteed to be unprofitable.

Under a completely privatized system UPS and other private company's just wouldn't service that area.

You have to realize that a mere 70-80 years ago, the only reliable way to communicate with someone was through mail or telegraph. The government of the time needed to ensure communication through out all populated areas even if it was unprofitable. If just to deliver the draft notices.

Same goes for every other utilitys. If it wasn't for government interference there wouldn't be electricity in areas that weren't profitable, or phone access, or cell towers. Considering the population density of a lot of areas in the 1930-50's when this infrastructure was being put in, a huge part of the US would be without phones or power. Instead, due to an incredibly high percentage of homes in the US have both electricity and phone access.

Oh great

[tietokone-olmi]

It's another case of "security research by press release, you can have the details in X months. in the mean time, I'll pump the PR wires".

Show us the code, or pipe the fuck down you attention whore.