Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel Patches Flaws In Trusted Execution Tech

Posted by kdawson on from the trusting-trust dept.

An anonymous reader writes "Joanna Rutkowska's company Invisible Things Lab has issued the results of their research into flaws in Intel's Trusted Execution Technology (TXT), whose function is to provide a mechanism for safe loading of system software and to protect sensitive files. ITL describes how flaws in TXT can be used to compromise the integrity of a software loaded via an Intel TXT-based loader in a generic way, fully circumventing any protection TXT is supposed to provide. The attack exploits an implementation error in the so-called SINIT Authenticated Code modules and that could potentially allow a malicious attacker to elevate their privileges. Intel has released a patch for the affected chipsets, which include the Q35, GM45, PM45 Express, Q45, and Q43 Express." Here are ITL's press release (PDF) and Intel's advisory.

5 of 84 comments (clear)

  1. First Word macro viruses, then PDF, and now... by Anonymous Coward · · Score: 1, Funny

    oh my gawd! Now I can't even use plain TXT documents!! oh wait... nevermind...

  2. Chipset patch? by Christopher_Wood · · Score: 2, Funny

    Do I have to weld it on or something?

    1. Re:Chipset patch? by DigiShaman · · Score: 3, Funny

      Yes. Below is a video tutorial on how to do it.

      http://www.youtube.com/watch?v=wJpukz5sn_U

      --
      Life is not for the lazy.
  3. Re:WTF are you doing? by Darkness404 · · Score: 4, Funny

    And once again... an XKCD reference comes in handy. http://xkcd.com/322/

    --
    Taxation is legalized theft, no more, no less.
  4. Re:TPMs and related tech by Anonymous Coward · · Score: 1, Funny

    NT was designed from the ground up to be secure

    Just Microsoft botched the implemementation of that