Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43432
  • Total Topics: 16527
  • Online today: 3010
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 3007
Total: 3009









Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: haz
« on: 22. March 2009., 08:57:24 »

who knows ? maybe Intel didn't want to patch this bug because it wants to exploit it someday ! :)
I believe conspiracy theory does have a place here.. >:D
I wasn't so happy about my AMD processor, but now I'm like : LONG LIVE AMD !
Thanks for the news georgecloner.
Posted by: georgecloner
« on: 20. March 2009., 16:36:10 »

Quote
Does this rootkit active regardless of operating system?

Apparently yes. Here's a summary piece:

"The potential consequence of attacks on SMM might include SMM rootkits [9], hypervisor compromises [8], or OS kernel protection bypassing [2]."

The published paper:   http://invisiblethingslab.com/resources/misc09/smm_cache_fun.pdf
Posted by: F3RL
« on: 20. March 2009., 12:17:40 »

What the heck does Intel up to? Yeah, they should cover this vulnerability with some kind of patch or firmware.

Does this rootkit active regardless of operating system? If yes, people with servers, watch out  :o
Posted by: Samker
« on: 20. March 2009., 07:28:22 »

Probably, but important thing is that this bug isn't exploited yet...

Anyway, I think that we all need to "watch this story" very carefully.

Posted by: jake2pointzero
« on: 20. March 2009., 04:07:21 »

Samker,

Does this mean, if you have a Intel Processor like Intel Core 2 Duo. We are vulnerable to the bug?
Posted by: Samker
« on: 19. March 2009., 17:18:49 »


UNBELIEVABLY!  ???

What do you think is it AMD capable to make the most of this "bug"?

Posted by: georgecloner
« on: 19. March 2009., 15:38:21 »

Believe it Sam, they do forget.. hehehe.

The researchers were fairly responsible to report the issue immediately. And they quote:

So, being the good and responsible guys that we are, we immediately reported the new bug to Intel (actually talking to Intel's PSIRT is getting more and more routined for us in the recent months ;). And this is how we learnt that Loic came up with the same attack (back then there was no talk description at the conference website) — apparently he approached Intel about this back in October 2008, so 3-4 months before us — and also that he's planning to present it at the CanSecWest conference in March. So, we contacted Loic and agreed to do coordinated disclosure next Thursday.

Interestingly, however, none of us was even close to being the first discoverer of the underlying problem that our attacks exploit. In fact, the first mention of the possible attack using caching for compromising SMM has been discussed in certain documents authored as early as the end of 2005 (!) by nobody else than... Intel's own employees.


Posted by: Samker
« on: 19. March 2009., 15:26:34 »


I can't believe that they "forget" to close this with some patch.

INTEL - :thumbsdown:

Posted by: georgecloner
« on: 19. March 2009., 15:13:58 »

Yeah RIGHT! This is a nasty one!

Now that Intel CPUs' are vulnerable to exploit!  Finger's crossed for the meantime until Intel gets to fix this issue!!!

P.S.

Just type nice words to Intel guys!  :thumbsup: HEHEHE
Posted by: Samker
« on: 19. March 2009., 15:10:00 »

 
:o

This's real dangerous...

Right now I'm thinking, Did this researchers do a right thing??



 
Posted by: georgecloner
« on: 19. March 2009., 15:03:19 »



Security researchers Joanna Rutkowska and Loic Duflot are planning to release information on what NetworkWorld blogger Jamey Heary calls "the scariest, stealthiest, and most dangerous rootkit" he's seen.

According to Heary, on Thursday (March 19, 2009) the researchers will release a research paper and exploit code for a new SMM (System Management Mode) rootkit that utilizes an Intel CPU caching vulnerability. The attack allows the rootkit to hide in the SMM space and take control of the PC. Heary warns that there is no software that can detect the rootkit once it is installed.

Quote
"Thursday, March 19th, 1600 UTC, we will publish a paper (+ exploits) on exploiting Intel® CPU cache mechanisms. The attack allows for privilege escalation from Ring 0 to the SMM on many recent motherboards with Intel CPUs. Rafal implemented a working exploit with code execution in SMM in a matter of just a few hours."

Why are they releasing the code to the public? Rutkowska and Duflot claim that Intel has known about the vulnerability for years and hasn't done anything to fix it. So, they are simply reporting what someone with less than legal intentions is already exploiting.

Quote
"If there is a bug somewhere and if it stays unpatched for enough time, it is almost guaranteed that various people will (re)discover and exploit it, sooner or later. So, don't blame researchers that they find and publish information about bugs — they actually do a favor to our society."

(ITBE)

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023