Intel Hyper-Threading A Security Hole


Hey why just blame Microsoft for security problems, when you have Intel being exposed for its own short comings. On the very day Wall Street Journal reported that Apple was considering using Intel chips, here comes a warning, almost like god was at work. Colin Pervcial, a researcher and BSD guru of sorts, in his case study has proved that “Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw. This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately; single-user systems (i.e., desktop computers) are not affected.”

In plain speak, folks over at Netcraft say that this means an attack could expose SSL certificates on shared servers, which can prove to be a massive nightmare for webhosting companies. Intel is apparently trying to fix the problem, and Linus Trovalds is sanguine about the whole thing.

I’d be really surprised if somebody is actually able to get a real-world attack on a real-world pgp key usage or similar out of it,” wrote Linux creator Linus Torvalds. “It’s a fairly interesting approach, but it’s certainly neither new nor HT-specific, or necessarily seem all that worrying in real life.”via netcraft


O. Hardison

Not to be semantic zealot, but the comment “an attack could expose SSL certificates on shared servers…” is a bit odd considering that certificates are intended to convey the public part of the public/private keys. Exposing that part of SSL is hardly a concern. No doubt that the author meant instead that the private key could be exposed in the raw – a critical flaw.

Comments are closed.