By Tony Smith 16 May 2005 10:43
SMT vulnerability 'not critical' - Intel
Intel has pledged to work with operating system vendors to prevent
its HyperThreading system being used by malware to snoop for
sensitive data.
However, it claimed the problem, revealed in a paper published last
week, is a minor one: it can only be exploited once the security of
the targeted desktop or server has already been compromised.
The chip giant was also quick to point out that HT-enabled CPUs are
not the only ones vulnerable to the newly exposed attack. It can be
brought to bear against any processor with that can do simultaneous
multi-threading. Dual-cores too, it seems, are vulnerable.
The vulnerability arises because code running on one thread can
access cache and memory being used by another thread. If the former's
a crypto-key sniffer and the other's caching said key, the first
thread can copy the information then relay it to another machine. You
can read researcher Colin Percival's paper on the subject here (PDF).
Intel said it had already been notified of the problem before
Percival's paper was posted on the web last week. The chip maker said
it was working with a number of OS vendors to "fix the issues".
"The flaw is not considered critical, but it will be fixed in
subsequent updates to the Microsoft and Linux operating systems,"
Intel said.
---
* Origin: [adminz] tech, security, support (192:168/0.2)
generated by msg2page 0.06 on Jul 21, 2006 at 19:03:50
search: