Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Wednesday August 12 2015, @12:56AM   Printer-friendly
from the say-it-isn't-so dept.

El Reg published an article about a security flaw introduced by Intel starting with its Pentium Pro line of processors--and left in place for fifteen years, fixing it only in 2011--and also comes with instructions on how to exploit it. So, if you have any pre-2011 processor running some important machine, perhaps you should be thinking of an upgrade after you finish reading the article.

From the article:

It allows smart hackers to run rootkit code at the very lowest level on the computer, out of reach of the operating system, its applications, and even the hypervisor. This means the rootkit can, among other things, silently monitor and record the user's every keypress, mouse click, and download.

Efforts to detect the rootkit and eradicate it from a computer can be blocked, or hampered, by the malware itself. A nightmare, in other words.

The good news is that Intel spotted the howler in its processor blueprints, and corrected the issue: chips built from January 2011 and onwards (Sandy Bridge Core CPUs and later) are not affected. Also, operating systems can mitigate against the security hole at the hypervisor level, thus protecting themselves from miscreants exploiting the design flaw...

This kind of thing makes me want to go back to using a pocket calculator.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by gman003 on Wednesday August 12 2015, @01:15AM

    by gman003 (4155) on Wednesday August 12 2015, @01:15AM (#221524)

    To access this, an attacker doesn't just need to be able to run arbitrary executable code on your machine. They need to be able to do so at kernel-level permissions.

    Quite frankly, if someone has that level of access to my machine, they've already won. I'd already have assumed the box was pwned beyond repair - useless for anything where security is even possibly a concern. All this means is that, if they already own the machine hard enough that *I* can't remove it, they can conceivably own the machine hard enough that *nobody* can remove it.

    I'm mentally filing this flaw under "someone else's problem". Maybe the NSA can worry about this one; it would be nice for them to be the ones with something to fear for a change.

    Starting Score:    1  point
    Moderation   +4  
       Insightful=2, Interesting=1, Informative=1, Total=4
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 1) by jmoschner on Wednesday August 12 2015, @02:19AM

    by jmoschner (3296) on Wednesday August 12 2015, @02:19AM (#221540)

    Actually it is worse, they just have to enter:
    @[=g3,8d/&fbb=-q]/hk%fg
    followed by pressing the delete key

    • (Score: 1) by Francis on Wednesday August 12 2015, @02:48AM

      by Francis (5544) on Wednesday August 12 2015, @02:48AM (#221544)

      Tried that. Didn't work. What comes after the g?

  • (Score: 3, Touché) by mhajicek on Wednesday August 12 2015, @03:05AM

    by mhajicek (51) on Wednesday August 12 2015, @03:05AM (#221547)

    A good reason to run AMD.

    --
    The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
    • (Score: 3, Funny) by gman003 on Wednesday August 12 2015, @03:28AM

      by gman003 (4155) on Wednesday August 12 2015, @03:28AM (#221553)

      I doubt AMD is any better regarding security. Possibly worse, since they have much fewer engineers and would probably devote more resources towards trying to catch up on performance, not something as unmarketable as security.

      • (Score: 1, Touché) by Anonymous Coward on Wednesday August 12 2015, @05:33AM

        by Anonymous Coward on Wednesday August 12 2015, @05:33AM (#221581)

        Implying it didn't cost more to add the backdoor, and that it was finally removed because they don't need this one anymore since they root the newer chips wirelessly now via an on-chip cellular "anti-theft" feature.

        "Oh, and we'll even name the company 'INTEL', haha... and the suckers will still buy it!"

        At least now we know why China has been working on their own chip fabs, mostly with MIPS instead of ARM or x86[-64].

    • (Score: 2) by Hairyfeet on Wednesday August 12 2015, @01:07PM

      by Hairyfeet (75) <{bassbeast1968} {at} {gmail.com}> on Wednesday August 12 2015, @01:07PM (#221667) Journal

      Well since AMD has decided to be FOSS friendly and open up all their specs (they just switched their math libraries from proprietary ACML to BSD flame [amd.com] Aug 7th) hopefully if a problem like this popped up the community could patch it.

      BTW if anybody is thinking about an AMD chip? Check out the FX8320E [amazon.com], I've been running mine hard for the past 2 months and I'm VERY impressed at the performance. Since its a black edition its trivial to OC to the FX8350 if you'd like (although frankly you really won't need to, since it by default will turbo up to 4GHz) and it stays VERY cool, at idle with a Zalman Performa cooler I'm getting 80f in a 72f apt at idle and it maxes out at 108F max turbo and 118F with all 8 cores slammed for 8 hours straight! And this thing is a fricking beast, blows through 1080P H.264 transcodes like they were nothing, adding complex effects to my recordings in Audacity is as fast as I can hit the button,gaming 1080P in games like War Thunder with hundreds of rounds flying is NO problem, and at just a hair over $500 for the chip AND an Asus quad CF board AND 16Gb of memory AND an R9 280? No way in hell you gonna beat that bang for the buck with Intel, just no way.

      As for TFA? They are gonna have to get kernel level permissions to pull this off and if they have that? You are fucked anyway, so I'll just hang onto the old C2Q I have as my netbox at the shop. If you are running HIPS and have the browser sandboxed I really don't see anybody being able to pull this off, its just too difficult.

      --
      ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
  • (Score: 4, Interesting) by Anonymous Coward on Wednesday August 12 2015, @03:38AM

    by Anonymous Coward on Wednesday August 12 2015, @03:38AM (#221555)

    Yeah if you're worried about that kind of thing you should be far more worried about Intel's built in stuff: https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Known_vulnerabilities_and_exploits [wikipedia.org]

    The article's exploit is small stuff, AMT is a huge fancy infrastructure/system for pwning I mean managing your PC ;).

    Look at the features:
    https://en.wikipedia.org/wiki/Intel_AMT_versions#Comparison_of_AMT_versions [wikipedia.org]

    Compare with:
    https://en.wikipedia.org/wiki/System_Management_Mode [wikipedia.org]

    AMT even has a built-in webserver. Think of how many exploitable bugs and backdoors (NSA or other) there must be in all that.