iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > Intel And Hyperthread Hacking
Search:
[ news_security_news ]

Intel And Hyperthread Hacking



John Stith
Staff Writer
2005-05-16

SecurityProNews: Insider Reports Insider Reports RSS Feed


Talk about reading between the lines. Security guru, Colin Percival, said he's found a heavy-duty flaw in a number of Intel's current line of processors. Percival said also that once hackers got in, they could tap a whole network and wreak havoc.

Percival said on his website:

Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw. This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately; single-user systems (i.e., desktop computers) are not affected.

Intel responded saying that this isn't such a critical flaw as the hacker would already need some kind of way in and also that future operating systems should correct the flaw.

Percival first picked up on the problem back in Oct. of 2004. He promptly began testing and worked with FreeBSD and he's been working on up until Friday, when he released his findings.

In EWeek, he said:

"How the attack is used would depend entirely upon the environment. In the case of a multi-user server where users login via SSH, a legitimate user could log in, provoke the SSH daemon into performing a private key operation using the host key, and then steal that key and use it to impersonate the server in order to steal other users' login credentials," he wrote in the e-mail. "Another attack could occur on shared servers which run HTTPS; this attack would allow one user of the server to steal the SSL certificates belonging to other users' Web sites."

He states on his website that most home computer users shouldn't have a problem as this would primarily affect servers. The biggest real issue he says would be internally at a corporation perhaps. Someone who wants a whole into a company server might have a way in with this. The chances are remote but enough to where he felt it needed to be addressed.






About the Author:
John is a staff writer for SecurityProNews covering cyber security.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds