Pentium 4 vulnarability could let in hackers
May 17, 2005
Intel Corp. is trying to calm fears that the technology in its Pentium 4 chips could enable hackers to gain access to passwords by reading certain footprints in the processor's cache.
Hyperthreading, introduced in Intel's Pentium 4, could allow hackers to access secure information, according to Colin Percival, a 23-year-old Ph.D. student from Vancouver, British Columbia. The technology makes software run faster by letting two threads run on the same processor at the same time.
The attack, revealed Friday in a paper delivered at the BDSCan conference in Ottawa, relies on a spy process installed on the server and sharing the L2 cache with an OpenSSL cryptographic process.
The spy process observes the time taken for certain cache operations and deduces what the other process is doing (which Percival refers to as "footprints in the cache"), gathering information that could help crack the desired password.
Intel, which was informed of the problem in March, said the risk is very low. It only works on a server that has already been compromised to allow a malicious hacker to install a spy process. If the hacker has already achieved this, there are many easier and quicker ways to steal data, Intel spokesman Howard High said.
The attack could also affect any other processor that shares resources and not just Intel chips or hyperthreading chips, Intel has pointed out. Nevertheless, the Santa Clara, Calif.-based chip giant expects future versions of the Microsoft Windows and Linux operating systems to fix the problem.
Since discovering the flaw in October 2004, Percival has been working with FreeBSD and other operating systems developers to assess the risks, and various responses are posted on his site.
Operating systems that do not exploit hyperthreading and keep it disabled, such as SCO's UnixWare, are said to be immune.
Source: C-Net News
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing