Security researcher and author Kris Kaspersky plans to demonstrate how an attacker can target flaws in Intel's microprocessors to remotely attack a computer using javascript or TCP/IP packets, regardless of what operating system the computer is running.Kaspersky will demonstrate how such an attack can be made in a presentation at the upcoming Hack In The Box (HITB) Security Conference in Kuala Lumpur, Malaysia, during October. The proof-of-concept attacks will show how processor bugs, called errata, can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler.
"I'm going to show real working code...and make it publicly available," Kaspersky said, adding that CPU bugs are a growing threat and malware is being written that targets these vulnerabilities.
View: The full story @ PCWorld
If these CPUs are indeed exploitable, I wonder what Intel's plan of action is? From the limited information in the article, it seems to rely on code compiled through Java. I wonder what role Sun will play in this, and if Sun will end up putting in special handling safeguards that check compiled code for things that affect Intel CPUs. If I were Sun, and Intel asked me to clean up their garbage for them (AMD and others are unaffected?), I would charge a butt-load of money.
Also I'm not sure, but I think these bugs would be possible to exploit using different programming languages other than java. (again, not sure if he's talking about a specific bug)
If these CPUs are indeed exploitable, I wonder what Intel's plan of action is? From the limited information in the article, it seems to rely on code compiled through Java. I wonder what role Sun will play in this, and if Sun will end up putting in special handling safeguards that check compiled code for things that affect Intel CPUs. If I were Sun, and Intel asked me to clean up their garbage for them (AMD and others are unaffected?), I would charge a butt-load of money.
If you look at the article, the author of it doesn't know what the hell he is talking about:
" allowing an attacker to take control of the compiler."
There is a compiler and a virtual machine. Java is compiled into Bytecode then run in a virtual machine - shouldn't the author of the article know the difference of the two? I mean, its well know that if the JVM has a vulnerability, a Java application running inside of that virtual machine could take advantage of it. That is nothing new or original.
However, from a Google on "Kris Kaspersky disclosure", it seems he is big on "full disclosure", meaning he is a show-boater out for publicity and money. It doesn't appear that he has people's security in mind at all.
THANKS A LOT, A**HOLE!
How many of these Intel CPUs are installed in various PCs? And broadcasting a flaw that allows boxes to be essentially rooted is good, how, exactly?
It's not like a CPU gets updates online. A replacement must be built and shipped.
Any guesses at the turnaround on that? Or how many people will NOT update a chip?
Again, I assert that public disclosure of such items as a CPU flaw without providing the CPU maker sufficient information and time to ensure risks can be mitigated is utterly irresponsible. I hope that full disclosure isn't what Mr. Kaspersky is intending.
Any guesses at the turnaround on that? Or how many people will NOT update a chip?
Again, I assert that public disclosure of such items as a CPU flaw without providing the CPU maker sufficient information and time to ensure risks can be mitigated is utterly irresponsible. I hope that full disclosure isn't what Mr. Kaspersky is intending.
It seems that microcode can be patched, these days. I know that Intel did it recently on Mac systems, and I believe AMD also had one for its Phenom processors that had a nasty errata issue. (The AMD update didn't fix the errata, but handicapped the processors such that the errata wouldn't be triggered, if I remember right.) It's possible that the fix for this would require a physical replacement, but it's also possible that it wouldn't.
Regarding disclosure, I have mixed feelings about it. On one hand, none of us like the idea of someone revealing an exploit that could put us all at risk. However, we all know that companies are liable to sit on bugs and glitches unless they become big issues. Quite frankly, I'd rather have this guy expose a bug and let us all have some form of fixes shortly thereafter.
The alternative is that this bug (and who knows how many others?) would sit and be exploited once it was discovered by "the bad guys." There's a lot of money to be made in those exploits, and unlike this guy, those who are actively using these exploits are not going to reveal that they're there. If we're vulnerable, let us know. I'd rather have that than to be vulnerable and potentially compromised without knowing it for years. Security through obscurity has its limits, even though it instinctively feels safer to us.
Regarding disclosure, I have mixed feelings about it. On one hand, none of us like the idea of someone revealing an exploit that could put us all at risk. However, we all know that companies are liable to sit on bugs and glitches unless they become big issues. Quite frankly, I'd rather have this guy expose a bug and let us all have some form of fixes shortly thereafter.
The alternative is that this bug (and who knows how many others?) would sit and be exploited once it was discovered by "the bad guys." There's a lot of money to be made in those exploits, and unlike this guy, those who are actively using these exploits are not going to reveal that they're there. If we're vulnerable, let us know. I'd rather have that than to be vulnerable and potentially compromised without knowing it for years. Security through obscurity has its limits, even though it instinctively feels safer to us.
This Kaspersky guy can disclose privately and responsibly, and have a 3 month time of respected privacy for Intel to devise a solution. Maybe a patch *can* somehow fix it. Maybe it will take new hardware to all the customers. But 0-day is never, ever the answer.
well i say "you are welcome to seize control of my pc, its like a mini internet with nothing but pwrn sites on it"
Of course, Intel could send an army of Lawyers to litigate the hell out of Kaspersky, but in the end they'd probably loose that fight and then be forced to pay his legal bills: All in all, Intel is better off thanking Kaspersky for discovering whatever it is he's discovered and then work to address the issue in a constructive manner.
Now, if you'll excuse me, I need some more jello.
Of course, Intel could send an army of Lawyers to litigate the hell out of Kaspersky, but in the end they'd probably loose that fight and then be forced to pay his legal bills: All in all, Intel is better off thanking Kaspersky for discovering whatever it is he's discovered and then work to address the issue in a constructive manner.
Now, if you'll excuse me, I need some more jello.
you didn't read the article or what ? he went to expose the attack mathod to the whole public
imagine the damage to be done with that , when black hats hacker get there dirty hands on those
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.