1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

CPU Errata Turn Security Vulnerabilities

Discussion in 'News' started by btarunr, Jul 15, 2008.

  1. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    28,749 (11.14/day)
    Thanks Received:
    13,676
    Location:
    Hyderabad, India
    Security vulnerabilities have plagued the computing world ever since computing became a significant advance of mankind. As of today, the plethora of security software we use that gobble money, system resources and network bandwidth to keep our computers and networks safe, have done a good job and it's relatively 'peaceful' these days. And just when we thought so, enter Kris Kaspersky, eminent security researcher, comes up with the hypothesis that microcode errors, known errors and flaws in the design of CPUs could be exploited by malicious code to attack and compromise systems irrespective of which operating system (OS) and other software are running. Kaspersky claims that different errata of the CPU could be exploited differently.

    Kaspersky plans to validate his claims by a demonstration during the Hack-in-the-box (HITB) event this October, where he will demonstrate different attacks specific to the errata of different processors. He told PC World, “I'm going to show real working code...and make it publicly available. Some bugs just crash the system; some allow a hacker to gain full control on the kernel level. Some just help to attack Vista, disabling security protections.”

    For the know, even the most recent "Silverthrone" Atom processors have a list of errata, we all remember the Translation Look-aside Buffer erratum that AMD shipped its initial K10 processors with, which plagued sales of the Quad-core AMD Barcelona and Agena parts, and of how Intel delayed launch of Penryn to fix design flaws. That brings us to the burning question: why on earth would Kaspersky want to release the code to create such malware, and discover this vulnerability in the first place? Oh, it means business for Kapersky, a vendor of security software himself, and other security providers. Interestingly, such security patches come in the form of patches to the BIOS a-là the immediate fix for TLB-affected AMD processors. Fresh headache for BIOS coders of Motherboards, or maybe there's a business to that too? Perhaps 'Best security features' could be the next mantra for motherboard vendors, like 'best energy-saving features' is now.

    Source: DailyTech
     
    Last edited by a moderator: Jul 15, 2008
  2. wolf2009 Guest

    lol, this is going to provide real publicity to his soft "Kaspersky" .
     
  3. Darkrealms

    Joined:
    Feb 26, 2007
    Messages:
    852 (0.30/day)
    Thanks Received:
    23
    Location:
    USA
    LoL, go figure. Now we have to pick our primary hardware based on virus problems. Wonder when he's going to find something for video cards. . .
     
  4. candle_86 New Member

    Joined:
    Dec 28, 2006
    Messages:
    3,916 (1.37/day)
    Thanks Received:
    233
    meh most attacks can be stopped with a good hardware firewall and safe browsing, unless they put a virus on my paid porn sites or into wow im good
     
  5. bubba_000

    bubba_000 New Member

    Joined:
    Jul 3, 2007
    Messages:
    76 (0.03/day)
    Thanks Received:
    5
    Did you know..................

    that a virus can copy itself to your DVD burner's buffer:eek: And evade any antivirus and then copy istelf back to the HDD, while overcharging the drive's motor causing CDs to explode and posibly shred any living thing within 10 metres?

    The solution?

    GET A CERTIFIED SECURE DVD DRIVE WITH A SELF-DESTRUCT MECHANISM.NOW
     
  6. panchoman

    panchoman Sold my stars!

    Joined:
    Jul 16, 2007
    Messages:
    9,595 (3.60/day)
    Thanks Received:
    1,200
    brute force hacks run over 50x faster on a gpu(tested with an x1950 i think) then a cpu.. making a password that could take months to brute force(hence the weekly, bi or tri weekly password changes that a lot of companies make you do etc), cracked in 2-3 days using an x1950(not sure)... now imagine it on the 800 stream processors on the R770.

    i must say though :nutkick:Kaspersky. you guys just introduced a whole new breed of viruses and trojans (unforutnantly, its not the rubber kind), and you fucking released the code? i hope your damn software can block the attacks that you've introduced!

    also, this will definently become a factor in hardware choices. wonder when gigabyte starts saying.. "hey guys! quad protection against erotic exploits that the kaspersky idiots introduced."

    time to buy a new revision errata-free phenom lol.
     
  7. chron New Member

    Joined:
    May 21, 2006
    Messages:
    569 (0.18/day)
    Thanks Received:
    33
    taking the free tour doesn't count as your "paid porn sites" ;)
     
  8. Katanai

    Katanai

    Joined:
    Mar 15, 2008
    Messages:
    966 (0.40/day)
    Thanks Received:
    125
    So yeah this kinda answers the question: who makes those damn viruses? We have the leading expert right here...
     
  9. Darkrealms

    Joined:
    Feb 26, 2007
    Messages:
    852 (0.30/day)
    Thanks Received:
    23
    Location:
    USA
    Sadly he kinda makes it hard for me NOT to agree with you : (
     
  10. yogurt_21

    yogurt_21

    Joined:
    Feb 18, 2006
    Messages:
    4,422 (1.39/day)
    Thanks Received:
    576
    Location:
    AZ
    old news, this happened with all the old cpu's then the athlon 64's hit the picture and it became harder to do, I imagine if it starts to become a problem again, intel and amd will just release a product that blocks it. no biggie
     
    1c3d0g says thanks.
  11. eidairaman1

    eidairaman1

    Joined:
    Jul 2, 2007
    Messages:
    13,075 (4.88/day)
    Thanks Received:
    1,652
    this guy is just trying to exploit another region to make more money is all, it takes malicious code for these companies to be around, so i wouldnt be surprised if they release malicious code themselves every so often.
     
  12. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,399 (11.53/day)
    Thanks Received:
    9,697
    i thought the xD bit (or whatever it was) was meant to counter this?
     
  13. candle_86 New Member

    Joined:
    Dec 28, 2006
    Messages:
    3,916 (1.37/day)
    Thanks Received:
    233
    hey who said free tour, i spend about 60 a month on my porn tyvm
     
  14. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    28,749 (11.14/day)
    Thanks Received:
    13,676
    Location:
    Hyderabad, India
    Processors still have errata which Intel/AMD found insignificant and did not patch. Such flaws are now turning to vulnerabilities. Kaspersky wants to prove that.
     
  15. Black Hades

    Black Hades

    Joined:
    Sep 11, 2007
    Messages:
    300 (0.12/day)
    Thanks Received:
    31
    Location:
    Ambugaton
    Too much info...


    Back on topic:
    It's better he releases such info, if this kind of thing is kept in the shadows for too long it actually causes more damage.
    A good example of this happening is the firewire design flaw:
    Endgadget Article
    Technical info
     
  16. tkpenalty New Member

    Joined:
    Sep 26, 2006
    Messages:
    6,958 (2.35/day)
    Thanks Received:
    345
    Location:
    Australia, Sydney
    E Terrorist much?
     
  17. spud107

    spud107

    Joined:
    Feb 12, 2007
    Messages:
    1,194 (0.42/day)
    Thanks Received:
    131
    Location:
    scotland
    so he's going to make virus code/program/whatever, show it off and make it availiable to people who really shoudn't see it?
    am i missing something or is he an arsehole?
     
  18. Assimilator

    Assimilator

    Joined:
    Feb 18, 2005
    Messages:
    621 (0.18/day)
    Thanks Received:
    105
    Location:
    South Africa
    This is hardly new news. The original Pentium suffered from the so-called "f00f" bug way back in 1997, and considering that processors have become so much more complex since then, it's very likely that there are a number of undiscovered, but potentially serious vulnerabilities in todays CPUs.

    Unfortunately, drawing attention to these issues is the only way they'll get fixed, so I have to say I think Kaspersky is in the right.
     
    1c3d0g says thanks.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page