Slashdot Mirror
Kaspersky To Demo Attack Code For Intel Chips
snydeq writes "Kris Kaspersky will demonstrate how attackers can target flaws in Intel microprocessors to remotely attack a computer using JavaScript or TCP/IP packets, regardless of OS. The demo will be presented at the Hack In The Box Security Conference in Kuala Lumpur in October and will show how processor bugs can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler. The demonstrated attack will be made against fully patched computers running a range of OSes, including Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux, and BSD. An attack against a Mac is also a possibility."
So is it Java or Javascript? Either the summary is wrong or this guy doesn't even know the difference between the two.
If this can consistently crash my computer regardless of OS or browser, I'd sure as hell update my BIOS.
This is a big deal.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
They call it a flaw, while I call it a backdoor.
They're using their grammar skills there.
>I see, so your argument is that if it can't be fixed by the discoverer,
> they should keep it obscure.
Yeah, we could have the oft-heard chicken or egg debate. But we both know where it would end up. One side would say "disclose everything right away" and the other side would say "give the vendors a chance to fix it first". See how much time we just saved?
1 in 4 Maine children in struggle with hunger.
Possibly, but as an AMD user myself I can't help but wonder if what can be done on Intel with this won't also open Pandora's box on AMD using the same or similar methods.
I am Bennett Haselton! I am Bennett Haselton!
You might think that would happen, but if the British experience of removing the monopoly is anything to go by, your postal service will get worse.
We've always had overnight delivery, but then, Britain is a much smaller country.
The private operators are only interested in business mail. DX will do deliveries for small companies. The rest of them are only interested in bulk mail, such as bank statements and utility bills. For the rest of us, Royal Mail are now charging more, because they get less of the bulk mail to subsidise personal mail, and they are becoming much less reliable at delivering it.
.
I don't know. To me it's pretty darn amazing that for 42 cents I can drop an envelop in a slot and a few days later it is hand-delivered to someone on the other side of the country. If that service didn't exist and you asked me to guess what it would cost, 42 cents would not be the answer.
Actually, the main "valid" reason for the government providing letter service is to provide services to those geographic areas where the "free market" would flat out decide that it wasn't worth servicing those areas. If this wasn't a requirement of the USPS, they could easily drop all their rural routes & compete with any of the normal package carriers.
Of course, whether or not we should be inefficiently supporting those remote rural areas is a whole 'nother area of debate. I'm sure there's a lot of small town supporters that would scream bloody murder if you argue that those small towns should be allowed to disappear by cutting off any form of government infrastructure subsidy for those locations.