Kaspersky To Demo Attack Code For Intel Chips 303
snydeq writes "Kris Kaspersky will demonstrate how attackers can target flaws in Intel microprocessors to remotely attack a computer using JavaScript or TCP/IP packets, regardless of OS. The demo will be presented at the Hack In The Box Security Conference in Kuala Lumpur in October and will show how processor bugs can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler. The demonstrated attack will be made against fully patched computers running a range of OSes, including Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux, and BSD. An attack against a Mac is also a possibility."
Re:Heh... (Score:5, Interesting)
I wonder if running inside a VM could at all mitigate the attack.
Re:Heh... (Score:5, Interesting)
At least I know I'm safe because I run... Oh, crap.
I'm sure AMD fans will make a point that they are protected in this case.
Which ones? (Score:5, Interesting)
Do we have a list of the processors affected by this? Or is this issue in ALL Intel processors?
Re:They may (Score:3, Interesting)
They also do volatile microcode loading IIRC, so you could deliver an OS "driver" that runs early at boot and closes the window... provided the flaw is within the realm of microcode patching anyway.
Re:Don't worry. . . (Score:1, Interesting)
Go ahead, laugh. But you *can* make changes to the bios which can mediate some of the bugs, and you *can* make software changes to the writable control store [wikipedia.org] that either intercepts or works around the various eratta.
Re:They may (Score:3, Interesting)
Re:That's Nothing, This November I'm Going To... (Score:5, Interesting)
Okay, seriously -- based upon nothing but an overly bold claim featuring some massive technical faults, people are actually believing this? My post should be +5 insightful, not funny, because it really isn't intended to be funny.
Are people perhaps thinking this is Eugene Kaspersky or something? This guy is no relation to him.
Maybe, just maybe, someone really is going to sit on an epic, world shaking fault until an October security conference, but every bullshit detector is ringing as loudly as it can ring right now.
October will roll around and some guy will demonstrate some edge condition non-issue and say "Oh, did they misinterpret and overstate? Those bastards!"
Re:That's Nothing, This November I'm Going To... (Score:5, Interesting)
Sounds like they might have found a practical exploit for one of the many bugs in the Core/2 that OpenBSD were throwing a fit about when it was released. Maybe they were right.
Disable scripting/plug-ins by default/use NoScript (Score:5, Interesting)
If malware based on this "attack code" got into the wild, it sounds like one of the attack vectors would be malicious Web sites (which is nothing new). As many security researchers have been recommending for years, turning off JavaScript and other active content by default will greatly reduce the potential for infection, even from many kinds of as-yet undiscovered exploits. A good way to do this with Firefox (without ruining compatibility with trustworthy sites) is to install NoScript [noscript.net], which allows you to whitelist trusted sites while allowing you to block scripts, Java, Flash, Silverlight, other plug-ins, etc. on every other site by default.
Of course, if the flaw lies in the microprocessor, then there are certainly other potential attack vectors than just malicious Web sites.
Someone pointed out that Intel processors are BIOS-upgradeable. What about computers based on EFI [wikipedia.org] instead of BIOS, such as all the Intel-based Macs?
Also, as someone else pointed out, the headline is extremely misleading. The security researcher Kris Kaspersky is not affiliated with Kaspersky Lab [kaspersky.com] or Eugene Kaspersky [wikipedia.org], but he's apparently the author of a number of books [amazon.com] on programming and other computer subjects.
Comment removed (Score:5, Interesting)
Re:Interesting (Score:3, Interesting)
One more snarky comment. I don't like JITs. I like my interpreted code interpreted, and I like my binary code native. I prefer something like a PHP model where you put glue in PHP and hard code in a C extension or a service.
Remember that interpreting turns 1 instruction into hundreds of real machine instructions. I bare-minimum'd a basic add at around 112 or so once, based on a O(1) jump table and data decoding. That doesn't begin to touch on the data cache becoming, effectively, instruction cache for the interpreted instructions; or the massive overuse of instruction cache in an interpreter.
"Virtual Machine" are more a toy than a real tool. Mono and Java and .NET require real, native system support (i.e. gtk+ for gtk# etc) and often even require special consideration for the underlying system in the actual load module (executable program). Wine functions as a compatibility loader for Windows; why a native compatibility layer couldn't have functioned as a virtual machine does, with its own library support and own load module loader (i.e. wine loads PEs into memory on Linux) is beyond me, aside from cross-CPU compatibility. Hell, even in that case, LLVM is supposed to recompile one processor's code to another (this is hard though).
Are you really sure about that? (Score:3, Interesting)
Do you really think UPS couldn't eat the postal service's lunch on 1st Class postage if they were allowed to compete? Of course they could, which is why the Postal Workers unions make damned sure Congress never even brings the subject up.
Can you actually point to the section of the US code that prohibits a third party from delivering first class style mail? I mean, if a private company wanted to sell a service moving an ounce across 3000 miles for 50 cents, they could. IT's just, you'd have to be able to go to Wall Street and say, "well, once you invest in 100,000 delivery vans and thousands of local offices, then, I can go and compete with the USPS in a market segment that's slowly dying." It just doesn't look a business that has any upside to it.
The other thing, too, is, that, being a quasi government entity, the USPS has to actually deliver to everyone. UPS doesn't. So, yeah, theoretically, if you privatized the mail, you might find out that actually wouldn't get -any- mail at all unless you lived in the more densely populated areas of the country.
In any case, now's exactly the time to be touting the miracles of capitalism, when, the we the taxpayers of the United States might be about to double the debt of the Federal Government winds up having to do an Amtrak on what's left of our mortgage and finance industry. Yeah, talk to me about the miracles of the private sector right when you go look at the price of Bear Sterns, Countrywide, National City Bank, Lehman Bros, and other stocks. Fine bunch of capitalists, they are, all getting bailed out in one way or the other by, wow, of all things, that grossly incompetent government.