Theoretical Chip Flaw could Theoretically Poison Most Intel CPUs. Theoretically Speaking

10

Comments

+ Add a Comment
avatar

jwalch.hawk

Paul, your title theoretically made me lolz.  Just saying. :D

avatar

murixbob

If they said the hack is virtually undetectable how would they know if there are any exploits running in the wild?

 

avatar

gatorXXX

Because it's only theoretical and I guess they caught a glimpse of it through some binoculars or maybe some villager in the outback took a photo.

avatar

gatorXXX

Theoretically....HAHAHAHAHAHAHA...

avatar

Keith E. Whisman

Exactly how many attacks have been made using this meathod and why tell the world about the threat? If the terrible people that attacks others computers didn't already know now they do and will probably attempt to use this newly discovered attack. 

Again thanks alot assholes.  Rutkowska and Wojtczuk are a pair of Aholes for telling the world about this. Now people that wouldn't have doing anything will attempt this just so they can brag about doing it on some forum. This pisses me off when people reveal security holes to the world. Kinda like giving away holes in the US Contenental Air and space Defenses. There is always going to be holes but it's the ability to hide and minimize these holes and keep them secret and not let the enemy discover them. Aholes like these guys are the reasons why the russians got the Abomb and Iran and China knows everything about our Nuclear missle and power programs.

If you find a security hole don't run to the freaking media run to the manufacturer or entity that controls the system that has the hole and tell them about it.

Loose lips sink ships and destroy companies. 

avatar

jwalch.hawk

Keith, usually your comments are pretty insightful, but this comment indicates you don't really understand how this scene works.

To illustrate, I'll go with the Dan Kaminsky exploit lots of people have heard of.  Basically, the guy figured how to confuse DNS servers and do all sorts of theoretically nasty stuff.  I believe the (alleged) quote I've seen was that when he discovered the flaw he said to himself, "Oh shit.  I broke the Internet." He was being somewhat self-promoting of course, but it was a big deal.  So, he approached the necessary people about it.  And promptly told them that he would be going public about it in X amount of time (it was something in the few months range).  Thus, they were given some advance notice to fix it before it became common knowledge.  Presumably this pair of guys gave notice to Intel before they published the paper, as that is what's typically done in these situations.  You're basically saying that he/they shouldn't ever go public.  I totally understand your "loose lips" deal, but that doesn't work so well in tech.

First of all, just by saying he was going public in a few months meant he put those guys on a deadline.  They needed to get working on a fix NOW.  The other thing is what makes this issue a little different than war.  Malicious hackers had access to all the same tools Kaminsky did.  If Kaminsky was smart enough to find it, who says someone else (who isn't nice) wasn't going to find it eventually?  It was only a matter of time before someone besides him found the flaw.  And eventually someone with bad intentions is going to find the flaw.  By going public, EVERYONE knows the problem...  At least then people know to be careful and hopefully how to protect themselves.  A third reason, though it's somewhat less significant, is that once Kaminsky told people they had to fix it there were that many more people who knew the flaw.  What happens if one of the people that's tasked to fix the flaw goes rogue?  If they leak the secret to some underground hackers (bribed, perhaps), then the underground finds out before everyone else does and before a fix exists.  Disaster.  

I know it seems really counter-intuitive, but the whole going public thing is actually *for* the sake of security, not against it.  It's true that loose lips sink ships...  But ignorance of weaknesses is just as bad, and in some ways worse. 

avatar

Keith E. Whisman

I got upset. It bothers me that our national laboratories are extremely unsecure and how cavalier our political leaders are about it. All of them Clinton, Bush and now Obama.I refer to missing hard drives and chinese diplomats being seen with US files with TopSecret jackets. I understand what you talking about puting the people responsible on the spot to fix it by a specific time. We are targets. Especially our government, our defense department and the companies that influence our economy the most.

It's important that security be taken seriously.

Thanks for going into detail and I have heard of how this works from the last time a security flaw of great importance was posted here besides the Adobe threat. 

What I would like to see though is the release to the public after the problem has been fixed. This means being reasonable about how much time you give for a fix to be developed and deployed. Not just you have two weeks then we tell the world.

Your right I don't understand how this works. I expect people to do the right thing too much. 

 

avatar

nekollx

scary...in theory...

avatar

AntiHero

Yeah, in theory, it could have me buying an AMD, in theory mind you, if they don't get it fixed, in theory.

avatar

mlee19

Hope the $250 I forked over for a Q6700 last summer wont have this vulnerablity...Never built an AMD PC for use as my main rig. Lets hope I don't have to...

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.