Intel is acting to calm fears that technology in its Pentium 4 processors will enable hackers to steal passwords by reading "footprints" in the cache.
Hyperthreading, introduced in Intel's Pentium 4, could allow hackers to access secure information, according to Colin Percival, a 23-year-old Ph.D. student from Vancouver, British Columbia. The technology makes software run faster by letting two threads run on the same processor at the same time.
The attack, revealed Friday in a paper delivered at the BSDCan conference in Ottawa, relies on a spy process installed on the server and sharing the L2 cache with an OpenSSL cryptographic process. The spy process observes the time taken for certain cache operations and deduces what the other process is doing (which Percival refers to as "footprints in the cache"), gathering information that could help crack the desired password.
Intel, which was informed of the problem in March, said the risk is very low. It only works on a server that has already been compromised to allow a malicious hacker to install a spy process. If the hacker has already achieved this, there are many easier and quicker ways to steal data, Intel spokesman Howard High said.
The attack could also affect any other processor that shares resources and not just Intel chips or hyperthreading chips, Intel has pointed out. Nevertheless, the Santa Clara, Calif.-based chip giant expects future versions of the Microsoft Windows and Linux operating systems to fix the problem.
Since discovering the flaw in October 2004, Percival has been working with FreeBSD and other operating systems developers to assess the risks, and various responses are posted on his site. Operating systems that do not exploit hyperthreading and keep it disabled, such as SCO's UnixWare, are said to be immune.
This article illustrates a little knowledge is a dangerous thing! To call this a flaw is to say that every computer using a volatile memory has an inherint flaw. Was someone looking for funding?
In order to exploit this flaw, the hacker must already have full control of a system. If someone has full control of a computer, then why bother reading the CPU cache, if you can just read the keyboard directly?
Oh wait that would not get published, but sadly this did.
You might see an interesting aspect the article does not mention, this guy is developing a cryptography suite. Is this the motivation for coming out with a problem statement that affects all modern computers?
Apple says it's got a third-party group looking for issues at manufacturing partners it uses. Read CNET's FAQ to find out how we got here and what the next steps are.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Oh wait that would not get published, but sadly this did.