Welcome to p2pnet.net - The original daily p2p and digital news site. Always First!
REGISTER | LOGIN
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
Reviews
Open Source
Mobiles
Advertising
Products
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Scroogle Search: 
Search
 
Web p2pnet   
   Search: 
Search
Torrent Site Tracker
    Sponsored by
Frostwire
 
p2pnet
 


mp3rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

Critical Pentium 4 security flaw

p2pnet.net News:- Technology in Intel`s Pentium 4 processors is wide open to hackers, says a Canadian mathematician.

The security hole, permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine, says Colin Percival, 23, who`s just completed his PhD studies at Oxford University in England

Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately; single-user systems (i.e., desktop computers) are not affected.

How serious is this? we asked.

People who run servers to which multiple people have access should be very concerned. This includes most web hosting companies, for example.

Basically, FreeBSD has disabled hyperthreading; NetBSD and OpenBSD are recommending that affected users disable hyperthreading via their BIOS (which isn’t a very useful option for remote servers); and SCO has sent out an advisory with instructions to tell people how to disable hyperthreading, Percival stated, continuing:

Meanwhile Microsoft has been completely silent (due, I’m guessing, to pressure from Intel), and there has been extensive discussion on the linux-kernel mailing list but no patches yet and the one post from Linus indicates that he clearly doesn’t understand the problem.

Has Intel said anything specific or even helpful?

Not really, Percival, who’s from Vancouver, BC, told us.

They’re trying to point to this as being just one of a large class of `timing attacks`, without admitting that the design of hyper-threading makes this attack far worse than any other similar attacks.

Percival presented details of how to exploit the flaw at BSDCan 2005 in Ottawa on May 13th and has also written a 12-page paper, Cache Missing for Fun and Profit, discussing th breach and related problems, both realized and theoretical.

(Thanks, Marcie)

Something you think we should know? tips[at]p2pnet.net

See:-
Colin PercivalHyper-Threading Considered Harmful, May 13, 2005


This entry was posted on Monday, May 16th, 2005 at 9:19 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2556 times

« previous DaBlade meets phpBB
Cease and Desist 101 next »

2 Responses to “Critical Pentium 4 security flaw”

  1. Reader's Write Says:
    May 17th, 2005 at 12:06 am

    well thats half the world screwed then ;-)

  2. Reader's Write Says:
    May 17th, 2005 at 4:42 pm

    What is the issue? Where are the facts? The article does not say what the problem is. I think it is a spoof. Why would 2 logical processors be more of a security risk than a dual processor system?

Leave a Reply

ONLY items referencing the post at hand, please. No links to personal sites, no personal attacks, trolling, freebie advertising, or off-topic posts. Thanks. And Cheers!

    Sponsored by
tek savvy