Slashdot Mirror
Kaspersky To Demo Attack Code For Intel Chips
snydeq writes "Kris Kaspersky will demonstrate how attackers can target flaws in Intel microprocessors to remotely attack a computer using JavaScript or TCP/IP packets, regardless of OS. The demo will be presented at the Hack In The Box Security Conference in Kuala Lumpur in October and will show how processor bugs can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler. The demonstrated attack will be made against fully patched computers running a range of OSes, including Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux, and BSD. An attack against a Mac is also a possibility."
At least I know I'm safe because I run... Oh, crap.
How can I believe you when you tell me what I don't want to hear?
...demonstrate how you can make a 1GW fusion reactor out of nothing but a sweaty gym sock and the corpse of a field mouse.
No, seriously. 100%. Cross my heart.
It's OK I run hurd.
...hack everywhere
I'm sure Intel will release a patch. ;)
If fate makes you a motorcycle, you become a motorcycle.
So is it Java or Javascript? Either the summary is wrong or this guy doesn't even know the difference between the two.
will show how processor bugs can be exploited using certain instruction sequences and a knowledge of how Java compilers work
Huh? Javascript != Java!!!!
Monstar L
a knowledge of how Java compilers work
Hrm, seems like he's counting on things happening in a certain sequence. So, perhaps a JVM could do more stuff in an unpredictable order? Perhaps using an SSA representation and context switching threads? Yeah, slightly more expensive, but let Firefox turn it on for me when I'm running untrusted code.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Their new processors can have their microcode updated, and indeed they do update it with BIOS updates. Dunno if people would bother to update their BIOS to patch it, but yes Intel processors can be patched in the field.
no amount of tinfoil can protect me from this exploit. Only one thing left to do...
*unplugs ethernet adapter*
[NO CARRIER]
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
Indeed. And are you going to make patches publicly available for all the hardware and operating systems in the world, too?
1 in 4 Maine children in struggle with hunger.
I run Hurd through an emulator on a Plan 9 box. hack that!
... Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux, and BSD. An attack against a Mac is also a possibility.
Why don't they just say... "any computer that has an Intel chip?".. shock value I guess.
Do we have a list of the processors affected by this? Or is this issue in ALL Intel processors?
And slow windows to a crawl.
If it's via Java, then it must also depend some on the implementation. I doubt that IBM's java engine uses the same calls to the processor as Sun's, which means that there is further abstraction that the claim has to somehow deal with.
Now, on the opposite side of the argument, there's the issue of what happens if the claim is justified. If this is a remote exploit that is truly OS-independent, then it is a remote exploit that can hit OpenBSD, Trusted Solaris, and other secure OS'. These are OS' used for commercially-sensitive work and classified work. If they are potentially vulnerable to attack, that could seriously impact a lot of organizations that, well, really aren't going to like it. In the event of a conflict flaring up between Intel and the US Marines, we may see them moving the bombing practice areas for their aircraft into the North American mainland after all.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
An attack against a Mac is also a possibility
That's a bit of a conjecture isn't it? Can we at least have a demonstration?
OMFG! From the summary:
Attack Code For Intel Chips ... regardless of OS
They call it a flaw, while I call it a backdoor.
They're using their grammar skills there.
...unless there is CPU errata that Intel hasn't fixed for years. We've got the chicken-little "the sky is falling" reaction going on here but (unless I'm seriously misguided) Intel fixes their errata.
My personal view is that such malware may only be able to take over a very small percentage of systems out there. The scope may be limited to something as (relatively) rare as an Intel Core 2 CPU within a specific FSB range and specific stepping. Throwing all those factors together, I doubt any such errata would encompass more than 10% of the PCs out there. Considering how many different variations of CPUs are out there--Intel/AMD/Via, Pentium-D/Core 2/Xeon/Pentium-M/Pentium 4, FSB differences, stepping, etc.; such malware might be extremely dangerous for a very small subset of Internet-connected PCs.
Now, if a malware author knows of a CPU bug that Intel/AMD does not know about, then this could be extremely serious, encompassing multiple generations of CPUs...
Windows 3.1x calc: 3.11 - 3.10 = 0.00
Nope. But I'm saying every OS use the chip differently. For example, Windows apps share the same memory space (well, far pointers do anyhow). So this does affect what a CPU-level attack could do. That and other issues I'm sure.
Win 3.1 called and wants it memory model(s) back. Win32 has a 32-bit flat memory space (or 64-bit on x64), all pointers are the same size, segments do not matter and each process has a local space. Some pages might be shared, of course, but that's done through memory mapping, like in (mostly) any other OS. WinCE has/had some interesting slots, though.
and this one ranks among the hallowed few best described as "excuse me, i just crapped my pants"
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
As seen on today's TV schedule for Discovery
Now showing: Intel, when code attacks.
Next show: Lasers.
Next week: Shark week.
Carbon based humanoid in training.
If the fundamental flaw is BOTH the way intel chips execute code and a primitive in Java, that could be dangerous.
I could get all snarky and tell everyone I buy AMD, but I wouldn't be too confident that a similar exploit couldn't exist there either.
This is all possible if...
You need to reliably produce a series of instructions on a typical jvm. This doesn't present a problem as primitive expressions probably get predictable JIT sequences,
The next question is what kind of exploit? Are you running native x86 code? If so, you are still limited by the OS level protection. If you can then create an exploit that elevates your permissions that doubly bad.
One more snarky comment. I don't like JITs. I like my interpreted code interpreted, and I like my binary code native. I prefer something like a PHP model where you put glue in PHP and hard code in a C extension or a service.
> The government just supplies a cheap alternative that people elect to use.
No my statist friend, we don't 'elect' to use the USPS if we can avoid it. But we don't have a choice in some cases because the US Government grants a monopoly on letter delivery. UPS and Fedex can deliver freight and because nobody thought it possible and thus Congress didn't forbid it in time, overnight letters. Notice how totally the private competitors dominate the postal service in those catagories? How many YEARS it took for the postal service to even attempt an overnight delivery service... that still only promises (as in refund you money for being late) 2-3 day delivery between most endpoints.
Do you really think UPS couldn't eat the postal service's lunch on 1st Class postage if they were allowed to compete? Of course they could, which is why the Postal Workers unions make damned sure Congress never even brings the subject up. They would probably have to adopt the same subsidy tactics as the USPS, i.e. use bulk mailers to subsidize 1st Class postage. But not being a government agency, once they demolished the USPS would restore actual market forces. So you would end up paying a bit more to send a letter AND get a bit more paper spam. But mail would flow quicker and with greater reliability.
Democrat delenda est
The only thing I got from that was "slave drone troll" So I'll assume you are speaking in trollish, and a dialect I'm not familar with. At any rate, I was wondering if you would be so kind as to give me your bank account number, as I have a large sum of money that I need to secure for this prince friend of mine...
If malware based on this "attack code" got into the wild, it sounds like one of the attack vectors would be malicious Web sites (which is nothing new). As many security researchers have been recommending for years, turning off JavaScript and other active content by default will greatly reduce the potential for infection, even from many kinds of as-yet undiscovered exploits. A good way to do this with Firefox (without ruining compatibility with trustworthy sites) is to install NoScript, which allows you to whitelist trusted sites while allowing you to block scripts, Java, Flash, Silverlight, other plug-ins, etc. on every other site by default.
Of course, if the flaw lies in the microprocessor, then there are certainly other potential attack vectors than just malicious Web sites.
Someone pointed out that Intel processors are BIOS-upgradeable. What about computers based on EFI instead of BIOS, such as all the Intel-based Macs?
Also, as someone else pointed out, the headline is extremely misleading. The security researcher Kris Kaspersky is not affiliated with Kaspersky Lab or Eugene Kaspersky, but he's apparently the author of a number of books on programming and other computer subjects.
the JoshMeister on Security
Comment removed based on user account deletion
Do you really think UPS couldn't eat the postal service's lunch on 1st Class postage if they were allowed to compete? Of course they could, which is why the Postal Workers unions make damned sure Congress never even brings the subject up.
Can you actually point to the section of the US code that prohibits a third party from delivering first class style mail? I mean, if a private company wanted to sell a service moving an ounce across 3000 miles for 50 cents, they could. IT's just, you'd have to be able to go to Wall Street and say, "well, once you invest in 100,000 delivery vans and thousands of local offices, then, I can go and compete with the USPS in a market segment that's slowly dying." It just doesn't look a business that has any upside to it.
The other thing, too, is, that, being a quasi government entity, the USPS has to actually deliver to everyone. UPS doesn't. So, yeah, theoretically, if you privatized the mail, you might find out that actually wouldn't get -any- mail at all unless you lived in the more densely populated areas of the country.
In any case, now's exactly the time to be touting the miracles of capitalism, when, the we the taxpayers of the United States might be about to double the debt of the Federal Government winds up having to do an Amtrak on what's left of our mortgage and finance industry. Yeah, talk to me about the miracles of the private sector right when you go look at the price of Bear Sterns, Countrywide, National City Bank, Lehman Bros, and other stocks. Fine bunch of capitalists, they are, all getting bailed out in one way or the other by, wow, of all things, that grossly incompetent government.
This is my sig.