Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another PIII ID Exploit Found

Posted by ryuzaki0 on from the this-is-gonna-get-wacky dept.

Peter Hernberg writes "We, it looks like someone has found another exploit to get your PIII ID. The new story is here.. " Cyrix and AMD are looking shinier each day.

7 of 93 comments (clear)

  1. Virus eh? by Special+J · · Score: 2

    I guess Intel figures what's good for M$ is good for them.

    Why acknowledge that there are gaping security holes when you can just convince everyone that its a virus? There's already a precedent...can you say Word Macro-Virus? Can you say ActiveX? Prople seem to think they're helpless in the face of a "virus" when they should be howling to get the security holes fixed.

    Phew! *lights smoke* that rant felt good.

    --
    VENI! VIDI! VICI!
  2. Anti-virus may be correct. by Signal+11 · · Score: 2

    Dig a little digging on their page. Turns out this exploit:

    a) crashes the user's machine b) installs code to bypass the PIII feature c) uses that to set a cookie and display it to other websites.

    Intel may have been correct - this has all the earmarkings of a trojan.. and regardless of who publishes it, it still remains one. But it's still incredibly petty of them to have symantec put a patch out for *just* the zero knowledge program. A real solution would be to have symantec develop an algorithm to warn the user of *any* attempt to bypass the PIII control panel, not just zero knowledge's ones.

    Sorry intel, close - but no cigar.

    --

  3. Re:Dull, very dull by Wumpus · · Score: 2

    I wonder what it would take to 'emulate' a Pentium on a Pentium, and forge the ID?

    Not much, probably. Ultimately, it's the communications software that's trusted, not the hardware. If a web site wants to know what your CPU ID is, it can either: 1) Ask the browser, or 2) have the client download a piece of trusted code (a signed ActiveX, perhaps) which queries the CPU ID and sends it back, possibly encrypted.

    Either case is easy to spoof. In the first case, you just patch the browser, and have it send a spoofed ID. In the second case, you modify the browser to trap the ActiveX download, and then have it patch the ActiveX in memory to spoof the ID. The patched ActiveX then happily encrypts your spoofed ID, and sends it back. There's no way the web site can know what happened.

    Granted, the second exploit is harder to pull off, but no harder than taking advantage of a buffer overrun, or disabling software copy protection, and both are provably doable.

  4. Late news by yonderboy · · Score: 2

    This has been out for almost 2 months now. It was on HNN back in March. Funny how the mainstream just got a hold of this...

  5. In Defense of Intel by MSackton · · Score: 4

    I have to say, I fine all the disgust over Intel's PIII id somehow overstated in the linux community and these recent comments seem to be the worse.

    Intel has asked that anti-virsus people list as a virus a program that *crashes the users computer without their consent*! What definition of virus are people using such that this doesn't qualify? Not only does it crash the user's computer, it reveals information that the user doesn't want revealed. If instead of revealing the PIII, this
    program searched for Quicken documents and mailed them to a hotmail account, would be be saying that
    whoever makes Quicken shouldn't call it a virus?

    I agree that on general principle the PIII id isn't a wonderful idea, but I can understand why Intel did it. Most high-end computers (Sun, SGI, Alpha?, etc) ship with some sort of unique id, for licensing purposes. The only reason people don't get upset about that is that they are not person computers, but servers, so they cannot be linked to an identity. Intel wants to enter that market,
    and CPU ids are needed. But they then anger the consumer market. What should they do? The road they took (disable to PIII id, unless you need it for a server) seems like a air compromise. Why is everyone so upset at them?

    Finally, under an real operating system, this sort of exploit would be useless unless it was run as root. And if you go web browsing as root, you deserve what you get :-)

    Mike Sackton

  6. Stating the obvious by DonkPunch · · Score: 5

    It is disturbing how some companies react to people who find flaws in their product.

    Remember the Internet Exploder control? It was an ActiveX component which, when loaded with a web page, would count down ten seconds and shut down a Windows computer. The creator did it for the sole purpose of demonstrating potential security dangers with ActiveX.

    Microsoft and Verisign threatened the guy with court action for obtaining a Verisign certificate under false pretenses. Never mind that part of his demonstration was just how easy it is to obtain such a certificate.

    Now Intel has declared Zero-Knowledge's little demo to be a virus or trojan. Apparently, the goal is to discredit them. The worst part is that I think just about everyone saw it coming before they even got to "Intel's response" part of the article.

    Here's the obvious part of my comment -- this tactic is pretty foreign to the Free Software community. It seems that most security problems with Free operating systems are received with, "thank you," and then they are FIXED. If you actually write a program which demonstrates the problem, you're a hero. No one attacks your credibility or motives. In fact, you are likely to GAIN credibility.

    Of course, by posting this here I'm pretty much preaching to the choir. :)

    --

    Save the whales. Feed the hungry. Free the mallocs.
  7. Re: Free Software Security Issues by dmv · · Score: 2

    Just to add/refute abit on the 'obvious part' of your comment. The tactic of hauling in a legal team is different than that taken in free software. However, there is a very split set in the security sector on the appropriate way to find and discuss bugs.

    Almost monthly, you'll get flames start up Bugtraq about this. Bugtraq is a full disclosure unix security list - often, raw exploits are posted to it, or tools that someone used to replicate a problem they may have found in software (free or not). Very often, you'll have the author - a vendor, a coder, or a maintainer - or another person bitch about this, because they weren't given prior notice or warnings, etc. Example: The lsof bug of February ( thread starts here).

    These threads sometimes, in fact, revolve around people posting for credit or ego/status. While Intel is acting very different, our free movement is not always the clean "thank you" we'd like. However, that's often justified - especially with free software, its better to come bearing patches rather than problems.

    Of course, regardless, our bugs get fixed faster.