El Reg published an article about a security flaw introduced by Intel starting with its Pentium Pro line of processors--and left in place for fifteen years, fixing it only in 2011--and also comes with instructions on how to exploit it. So, if you have any pre-2011 processor running some important machine, perhaps you should be thinking of an upgrade after you finish reading the article.
From the article:
It allows smart hackers to run rootkit code at the very lowest level on the computer, out of reach of the operating system, its applications, and even the hypervisor. This means the rootkit can, among other things, silently monitor and record the user's every keypress, mouse click, and download.
Efforts to detect the rootkit and eradicate it from a computer can be blocked, or hampered, by the malware itself. A nightmare, in other words.
The good news is that Intel spotted the howler in its processor blueprints, and corrected the issue: chips built from January 2011 and onwards (Sandy Bridge Core CPUs and later) are not affected. Also, operating systems can mitigate against the security hole at the hypervisor level, thus protecting themselves from miscreants exploiting the design flaw...
This kind of thing makes me want to go back to using a pocket calculator.
(Score: 3, Touché) by mhajicek on Wednesday August 12 2015, @03:05AM
A good reason to run AMD.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 3, Funny) by gman003 on Wednesday August 12 2015, @03:28AM
I doubt AMD is any better regarding security. Possibly worse, since they have much fewer engineers and would probably devote more resources towards trying to catch up on performance, not something as unmarketable as security.
(Score: 1, Touché) by Anonymous Coward on Wednesday August 12 2015, @05:33AM
Implying it didn't cost more to add the backdoor, and that it was finally removed because they don't need this one anymore since they root the newer chips wirelessly now via an on-chip cellular "anti-theft" feature.
"Oh, and we'll even name the company 'INTEL', haha... and the suckers will still buy it!"
At least now we know why China has been working on their own chip fabs, mostly with MIPS instead of ARM or x86[-64].
(Score: 2) by Hairyfeet on Wednesday August 12 2015, @01:07PM
Well since AMD has decided to be FOSS friendly and open up all their specs (they just switched their math libraries from proprietary ACML to BSD flame [amd.com] Aug 7th) hopefully if a problem like this popped up the community could patch it.
BTW if anybody is thinking about an AMD chip? Check out the FX8320E [amazon.com], I've been running mine hard for the past 2 months and I'm VERY impressed at the performance. Since its a black edition its trivial to OC to the FX8350 if you'd like (although frankly you really won't need to, since it by default will turbo up to 4GHz) and it stays VERY cool, at idle with a Zalman Performa cooler I'm getting 80f in a 72f apt at idle and it maxes out at 108F max turbo and 118F with all 8 cores slammed for 8 hours straight! And this thing is a fricking beast, blows through 1080P H.264 transcodes like they were nothing, adding complex effects to my recordings in Audacity is as fast as I can hit the button,gaming 1080P in games like War Thunder with hundreds of rounds flying is NO problem, and at just a hair over $500 for the chip AND an Asus quad CF board AND 16Gb of memory AND an R9 280? No way in hell you gonna beat that bang for the buck with Intel, just no way.
As for TFA? They are gonna have to get kernel level permissions to pull this off and if they have that? You are fucked anyway, so I'll just hang onto the old C2Q I have as my netbox at the shop. If you are running HIPS and have the browser sandboxed I really don't see anybody being able to pull this off, its just too difficult.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.