Intel chip flaw--but what of it?

From CNET News.com: Intel chip bug? Or simply much more than you need to know? Researchers claim Intel has a serious chip bug. But that all depends.

Security experts who are into the arcana of chip security may find "CPU cache poisoning" riveting and serious stuff. Others, however, may simply scratch their heads and move on.

But let's not move on too quickly. First, a quote from an abstract of the paper that has all, uh, let me rephrase that, some of the chip world abuzz. "In this paper we have described practical exploitation of the CPU cache poisoning...This is the third attack on SMM (system management mode) memory our team has found within the last 10 months, affecting Intel-based systems. It seems that the current state of firmware security, even in case of such reputable vendors as Intel, is quite unsatisfying."

Joanna Rutkowska, who exposed the potential of the so-called Blue Pill flaw back in August of 2006 and founded Invisible Things Lab, wrote that excerpt (along with colleague Rafal Wojtczuk) and obviously takes this very seriously. As do others. Not worried yet? "This is the scariest, stealthiest, and most dangerous exploit I've seen come around since the legendary Blue Pill!," writes Jamey Heary, a Consulting Systems Engineer for Cisco Systems in a Network World blog.

Heary went on to say: "If a hacker can use this new exploit to embed a SMM rootkit (malware) they would have ultimate control over the box (computer). Additionally, it would be virtually undetectable," he said. But added: "In a nutshell. This exploit is very serious and needs to fixed. But...I don't see a mass virus or worm using this. The attacks will be targeted. A rootkit must be perfectly matched to the of hardware. This makes mass infection more difficult."

View: Article @ Source Site