Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel Cache Poisoning Is Dangerously Easy On Linux

Posted by timothy on from the anything-you-set-your-mind-to dept.

Julie188 writes "A researcher recently released proof-of-concept code for an exploit that allows a hacker to overrun an Intel CPU cache and plant a rootkit. A second, independent researcher has examined the exploit and noted that it is so simple and so stealthy that it is likely out in the wild now, unbeknownst to its victims. The attack works best on a Linux system with an Intel DQ35 motherboard with 2GB of memory. It turns out that Linux allows the root user to access MTR registers incredibly easily. With Windows this exploit can be used, but requires much more work and skill and so while the Linux exploit code is readily available now, no Windows exploit code has, so far, been released or seen. This attack is hardware specific, but unfortunately, it is specific to Intel's popular DQ35 motherboards."

17 of 393 comments (clear)

  1. Linux by the_one(2) · · Score: 5, Funny

    They make it sound like a bad thing that it's easier to use your hardware on Linux =)

    1. Re:Linux by CRCulver · · Score: 2, Funny

      Exploits that escape virtualization are the next wave of nasty.

      No kidding. Remember when they took over the Enterprise?

    2. Re:Linux by Tuoqui · · Score: 4, Funny

      Oh dont worry we know your password is hunter2.

      --
      09F911029D74E35BD84156C5635688C0
      +2 Troll is Slashdot's way of saying groupthink is confused
  2. Queue Microsoft Trolls in by Cryolithic · · Score: 1, Funny

    3 2 1

    1. Re:Queue Microsoft Trolls in by Anonymous Coward · · Score: 5, Funny

      Actually hackers have much more experience with Win 32 systems than Linux. So while it is easier to program this exploit with Linux, we're still ok because we have security through obscurity.

    2. Re:Queue Microsoft Trolls in by grub · · Score: 5, Funny


      "With Windows this exploit can be used, but requires much more work and skill"

      That eliminates the VBS crowd, or about 99.8% of Windows 'programmers'.

      --
      Trolling is a art,
    3. Re:Queue Microsoft Trolls in by mr_mischief · · Score: 2, Funny

      I think you missed the pun. To "queue" a group means to have them form a line so they can each have their turn at something.

  3. Re:First you need root on the box by Lord+Ender · · Score: 4, Funny

    It's a whole new class of vulnerabilities. In addition to remote code execution and privilege escalation vulnerabilities, we now have privilege equalization vulnerabilities. Scary stuff.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  4. Finally! by Cornwallis · · Score: 5, Funny

    2009 will be the Year of the Windows Desktop!

  5. Re:First you need root on the box by Lord+Ender · · Score: 5, Funny

    Your post indicates that you are suffering from the wooosh vulnerability.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  6. Re:First you need root on the box by JCSoRocks · · Score: 3, Funny

    You're 2/2. Where are my bloody mod points when I need them...

    --
    You are using English. Please learn the difference between loose and lose; they're, there, and their; your and you're.
  7. Re:At the risk of causing a war... by ITJC68 · · Score: 4, Funny

    Better to just use AMD CPU and Nvidia Chipsets? Unless those are also exploited. The truth be told is if a hacker wants in and is smart enough given enough time they will find a way in. Up to this point Linux was not popular enough to truly target. Not so anymore. This is a wake up call. Linux is becoming more popular and there will be people who will write these exploits for it. 2009 is the year of Linux on the server and the desktop.

  8. Re:First you need root on the box by should_be_linear · · Score: 4, Funny

    It tried to attack my Ubuntu box. I entered admin password on request, but then it complained about missing c libs and opened Synaptic. Lame!

    --
    839*929
  9. Yes, but does it... by dave562 · · Score: 3, Funny

    ..run on...

    Oh, nevermind.

  10. Re:Tides have changed by Locke2005 · · Score: 1, Funny

    The only good rapper is a dead rapper.
    I prefer to think of Tiger Woods as a great Thai golfer.
    If somebody has physical access to a Windows box, then they can reboot it off a Knoppix Live CD, and they have the same exact problem. If somebody has the Admin password, they can do anything they want too. This only really effects cases where hostile users are running in another Virtual Machine on the box. If you need security, don't share your hardware with other people!

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  11. Re:First you need root on the box by tisepti · · Score: 2, Funny

    The wooosh vulnerability? I cant find info about this one anywhere - how do i secure against it?

  12. Re:First you need root on the box by blueg3 · · Score: 2, Funny

    If only there was a Wikipedia page that explained what a rootkit is and why malware would use one!