5 Comments

Summary:

Hey why just blame Microsoft for security problems, when you have Intel being exposed for its own short comings. On the very day Wall Street Journal reported that Apple was considering using Intel chips, here comes a warning, almost like god was at work. Colin Pervcial, […]

Hey why just blame Microsoft for security problems, when you have Intel being exposed for its own short comings. On the very day Wall Street Journal reported that Apple was considering using Intel chips, here comes a warning, almost like god was at work. Colin Pervcial, a researcher and BSD guru of sorts, in his case study has proved that “Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw. This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately; single-user systems (i.e., desktop computers) are not affected.”

In plain speak, folks over at Netcraft say that this means an attack could expose SSL certificates on shared servers, which can prove to be a massive nightmare for webhosting companies. Intel is apparently trying to fix the problem, and Linus Trovalds is sanguine about the whole thing.

I’d be really surprised if somebody is actually able to get a real-world attack on a real-world pgp key usage or similar out of it,” wrote Linux creator Linus Torvalds. “It’s a fairly interesting approach, but it’s certainly neither new nor HT-specific, or necessarily seem all that worrying in real life.”via netcraft

By Om Malik

You're subscribed! If you like, you can update your settings

Related stories

  1. Intel Hyper-Threading Possible Security Hole

    The title says it all, but don’t throw out your gaming rig quite yet. This security hole affects mostly machines doing multi-user operations (think ‘webservers’ doing secure transactions) and is, according to Linux Torvolds, not “all that worrying …

    Share
  2. O. Hardison Monday, May 23, 2005

    Not to be semantic zealot, but the comment “an attack could expose SSL certificates on shared servers…” is a bit odd considering that certificates are intended to convey the public part of the public/private keys. Exposing that part of SSL is hardly a concern. No doubt that the author meant instead that the private key could be exposed in the raw – a critical flaw.

    Share
  3. [...] ding immediately; single-user systems (i.e., desktop computers) are not affected.� [via Gigaom.com] This entry was posted on T [...]

    Share
  4. [...] ding immediately; single-user systems (i.e., desktop computers) are not affected.� [via Gigaom.com] This entry was posted on T [...]

    Share
  5. [...] ding immediately; single-user systems (i.e., desktop computers) are not affected.� [via Gigaom.com] This entry was posted on T [...]

    Share

Comments have been disabled for this post