Intel CPU code exploit to be released

[ToyotaNSaturn]

http://www.networkworld.com/community/node/39825?t51hb&netht=mr_032309&nladname=032309dailynewsamal

The heart-stopping thing about this particular exploit is that it hides itself in the SMM space. To put that into perspective, SMM is more privileged than a hypervisor is and it's not controllable by any Operating System. By design, the operating system cannot override or disable System Management Interupt (SMI) calls. In practice, the only way for you to know what is running in SMM space is to physically disassemble the firmware of your computer


Is this true or an early April fool's joke? I sure hope it's a joke.

 

[ToyotaNSaturn]

More fun...
Persistent BIOS attack hacks
http://threatpost.com/blogs/researchers-unveil-persistent-bios-attack-methods

 

[StevieC]

Glad I have all AMD machines...

 

[firemachine69]

AMD can also be affected.


Lots of scary stuff out there. Just found a link to the "Blue Pill", I remember in programming class spending hours upon hours on finding a way for a computer to detect it, and was completely unsuccessful...

 

[uc50ic4more]

I know when to take a hint: SPARCStation, here I come!

There's guy in the local Unix Users Group giving some old Sun hardware away. I may grab one to see how it runs Ubuntu.

 

[mstrjon32]

Originally Posted By: uc50ic4more
There's guy in the local Unix Users Group giving some old Sun hardware away. I may grab one to see how it runs Ubuntu.


If my experience with Sun computers is any indicator, I'm going to guess, annoyingly. It can't be as bad as Solaris, though. I hate Solaris so much.

 

[StevieC]

Originally Posted By: firemachine69
AMD can also be affected.


Lots of scary stuff out there. Just found a link to the "Blue Pill", I remember in programming class spending hours upon hours on finding a way for a computer to detect it, and was completely unsuccessful...

Was just kidding... I know...

 

[uc50ic4more]

Originally Posted By: mstrjon32
Originally Posted By: uc50ic4more
There's guy in the local Unix Users Group giving some old Sun hardware away. I may grab one to see how it runs Ubuntu.


If my experience with Sun computers is any indicator, I'm going to guess, annoyingly. It can't be as bad as Solaris, though. I hate Solaris so much.


Now you've piqued my curiosity. I'm going to see if any systems are still available; and take a kick at the can if there is. I'll report back: I don't want to seem fatalistic, but if either this exploit or the inevitable next one is the real deal, alternatives to x86 may need to be considered.

I'll be storing away some canned foods and bottled water in the shelter if anyone needs me.

 

[mstrjon32]

All systems have security vulnerabilities. They're not exclusive to x86, they're just brought to light on the x86 platform since its the predominant player in the marketplace.

 

[OVERKILL]

Why is this tagged as an Intel CPU code exploit when it is a BIOS exploit?

 

[uc50ic4more]

Originally Posted By: mstrjon32
All systems have security vulnerabilities. They're not exclusive to x86, they're just brought to light on the x86 platform since its the predominant player in the marketplace.


Precisely.

 

[ToyotaNSaturn]

overkill, the 1st link is for the Intel CPU's, the 2nd is focused on the BIOS issue.

 

[OVERKILL]

Originally Posted By: ToyotaNSaturn
overkill, the 1st link is for the Intel CPU's, the 2nd is focused on the BIOS issue.


COMPLETELY missed it

Now, since AMD's CPU's up until the K6 were pretty much Intel clones, and this flaw goes right back to the 386, does that not imply that the bug is far from Intel-specific, but rather basically any x86 CPU?

 

[firemachine69]

Correct. SMM is about as old-school as it gets for chip architecture (for a reason - it works, VERY well).