Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky To Demo Attack Code For Intel Chips

Posted by ScuttleMonkey on from the also-releasing-a-paint-by-number dept.

snydeq writes "Kris Kaspersky will demonstrate how attackers can target flaws in Intel microprocessors to remotely attack a computer using JavaScript or TCP/IP packets, regardless of OS. The demo will be presented at the Hack In The Box Security Conference in Kuala Lumpur in October and will show how processor bugs can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler. The demonstrated attack will be made against fully patched computers running a range of OSes, including Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux, and BSD. An attack against a Mac is also a possibility."

18 of 303 comments (clear)

  1. Heh... by pushing-robot · · Score: 5, Funny

    At least I know I'm safe because I run... Oh, crap.

    --
    How can I believe you when you tell me what I don't want to hear?
    1. Re:Heh... by hostyle · · Score: 5, Interesting

      I wonder if running inside a VM could at all mitigate the attack.

      --
      Caesar si viveret, ad remum dareris.
    2. Re:Heh... by phorm · · Score: 5, Funny

      At least I know I'm safe because I run...

      AMD?

    3. Re:Heh... by mweather · · Score: 5, Funny

      Sure, if you run the host computer with an AMD chip. But that would be silly.

    4. Re:Heh... by jimbolauski · · Score: 5, Funny

      My Chinese knockoff fentium processor will be safe.

      --
      Knowledge = Power
      P= W/t
      t=Money
      Money = Work/Knowledge so the less you know the more you make
  2. That's Nothing, This November I'm Going To... by ergo98 · · Score: 5, Funny

    ...demonstrate how you can make a 1GW fusion reactor out of nothing but a sweaty gym sock and the corpse of a field mouse.

    No, seriously. 100%. Cross my heart.

    1. Re:That's Nothing, This November I'm Going To... by Thelasko · · Score: 5, Funny

      I'd be more impressed if you demonstrated a working 86 Ford Escort.

      --
      One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
    2. Re:That's Nothing, This November I'm Going To... by ergo98 · · Score: 5, Interesting

      Okay, seriously -- based upon nothing but an overly bold claim featuring some massive technical faults, people are actually believing this? My post should be +5 insightful, not funny, because it really isn't intended to be funny.

      Are people perhaps thinking this is Eugene Kaspersky or something? This guy is no relation to him.

      Maybe, just maybe, someone really is going to sit on an epic, world shaking fault until an October security conference, but every bullshit detector is ringing as loudly as it can ring right now.

      October will roll around and some guy will demonstrate some edge condition non-issue and say "Oh, did they misinterpret and overstate? Those bastards!"

    3. Re:That's Nothing, This November I'm Going To... by Anonymous Coward · · Score: 5, Informative

      Err, Kris Kaspersky has a good reputation and does write pretty good books.

    4. Re:That's Nothing, This November I'm Going To... by Ant+P. · · Score: 5, Interesting

      Sounds like they might have found a practical exploit for one of the many bugs in the Core/2 that OpenBSD were throwing a fit about when it was released. Maybe they were right.

  3. They may by Sycraft-fu · · Score: 5, Informative

    Their new processors can have their microcode updated, and indeed they do update it with BIOS updates. Dunno if people would bother to update their BIOS to patch it, but yes Intel processors can be patched in the field.

  4. Which ones? by Taibhsear · · Score: 5, Interesting

    Do we have a list of the processors affected by this? Or is this issue in ALL Intel processors?

  5. It must depend some on the OS by jd · · Score: 5, Informative
    For starters, OS' running on either virtual or simulated processors rather than physical ones won't necessarily use the physical instructions that have the vulnerabilities, no matter what the physical processor that the OS is technically using. (If I run Linux under ArcEm, and run ArcEm on an Intel processor, unless ArcEm itself uses the broken instructions, I cannot see how an attacker can reach the Intel processor from the Linux environment for the attack to take place. This is important because the composite environment is nothing more than a really heavy, multi-layer OS as far as the applications are concerned, and this attack is supposedly independent of OS.)

    If it's via Java, then it must also depend some on the implementation. I doubt that IBM's java engine uses the same calls to the processor as Sun's, which means that there is further abstraction that the claim has to somehow deal with.

    Now, on the opposite side of the argument, there's the issue of what happens if the claim is justified. If this is a remote exploit that is truly OS-independent, then it is a remote exploit that can hit OpenBSD, Trusted Solaris, and other secure OS'. These are OS' used for commercially-sensitive work and classified work. If they are potentially vulnerable to attack, that could seriously impact a lot of organizations that, well, really aren't going to like it. In the event of a conflict flaring up between Intel and the US Marines, we may see them moving the bombing practice areas for their aircraft into the North American mainland after all.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    1. Re:It must depend some on the OS by the_brobdingnagian · · Score: 5, Informative
      Now that you mention OpenBSD, I recall an email from Theo de Raadt (2007-06-27 17:08:16 - source):

      Note that some errata like AI65, AI79, AI43, AI39, AI90, AI99 scare the hell out of us. Some of these are things that cannot be fixed in running code, and some are things that every operating system will do until about mid-2008, because that is how the MMU has always been managed on all generations of Intel/AMD/whoeverelse hardware. Now Intel is telling people to manage the MMU's TLB flushes in a new and different way. Yet even if we do so, some of the errata listed are unaffected by doing so.
      As I said before, hiding in this list are 20-30 bugs that cannot be worked around by operating systems, and will be potentially exploitable. I would bet a lot of money that at least 2-3 of them are.

      And from TFA:

      "It's possible to fix most of the bugs, and Intel provides workarounds to the major BIOS vendors," Kaspersky said, referring to the code that controls the most basic functions of a PC. "However, not every vendor uses it and some bugs have no workarounds."

      Sounds like the the same issues to me.

  6. Discovery channel by Mathness · · Score: 5, Funny

    As seen on today's TV schedule for Discovery

    Now showing: Intel, when code attacks.
    Next show: Lasers.
    Next week: Shark week.

    --
    Carbon based humanoid in training.
  7. Re:Reality check by Paradise+Pete · · Score: 5, Insightful
    Do you really think UPS couldn't eat the postal service's lunch on 1st Class postage if they were allowed to compete?

    .

    I don't know. To me it's pretty darn amazing that for 42 cents I can drop an envelop in a slot and a few days later it is hand-delivered to someone on the other side of the country. If that service didn't exist and you asked me to guess what it would cost, 42 cents would not be the answer.

  8. Comment removed by account_deleted · · Score: 5, Interesting

    Comment removed based on user account deletion

  9. Re:Reality check by mOdQuArK! · · Score: 5, Insightful

    Actually, the main "valid" reason for the government providing letter service is to provide services to those geographic areas where the "free market" would flat out decide that it wasn't worth servicing those areas. If this wasn't a requirement of the USPS, they could easily drop all their rural routes & compete with any of the normal package carriers.

    Of course, whether or not we should be inefficiently supporting those remote rural areas is a whole 'nother area of debate. I'm sure there's a lot of small town supporters that would scream bloody murder if you argue that those small towns should be allowed to disappear by cutting off any form of government infrastructure subsidy for those locations.