Researcher claims to have discovered universal attack code for Intel chips: no one is safe
By Paul Miller 
posted July 16th 2008 3:06PM
posted July 16th 2008 3:06PM
posted July 16th 2008 3:06PM
A look back on popular stories from today in a specific year.
Now that we've thrown 'em off the trail, use the form below to get in touch with the people at Engadget. Please fill in all of the required fields because they're required.
Looks like AMD has won this time.
^ I sure hope so! Or is it Kaspersky hasn't got to AMD yet? LOL
Is that true? Doesn't AMD use the Intel instruction set? That would mean it could be affected by this code. Looks like ARM/PPC/SPARC/etc. has won this time!
amd uses the same instruction sets yes, but they are implemented different. it is possible this just effects intel, which would be really cool (I have machines running on either). I'm not a fanboy of either even though I used to work for AMD, but each company has benefits to me (intel in mobile of course and amd for afforable desktops
AFAIK -only x86 and MMX and SSE and SSE2 and more SSE#
The attack is used on the errata found in the INTEL CPUs.. Unless AMD's errata are identical to Intel's, it likely will be rendered useless (unless modified). I'm sure it won't be long before more and more hardware-attacks are found as more and more people move toward alternative OS's .. This is a reason why I dislike CISC CPUs, and why RISC is a better alternative - less Points of Failure.
If Intel only didn't have so much money to plow through the issues it faced with CISC at the beginning ...
Intels present CPUs aren't CISC. Except for the Atom.
Also, PowerPC G4 and G5 weren't RISC.
They're Post-RISC/Post-CISC. They implement ideas from both ideologies.
Saying that RISC is better is sooooo 1980's
That's why I use my own home made chip.
and i make my own salsa!
Oh how I miss the PPC Mac...
mmmmhmmmm AMD tri-core !
im down =]
Hey, is that a Gibson?
If so, the password is definitely "god"
Love the pic. Hack the Planet!!
why not sex love or secret?
Hrmm. This seems pretty weak. Javascript or TCP/IP? So there is a Javascript command that he can run in any browser that can take over my computer?
Or some TCP/IP special signal?
I look forward to the follow-up story on this one.
Yeah I agree with Brian! - weak
JavaScript/ TCP/IP + Java ?
"The proof-of-concept attacks will show how processor bugs, called errata, can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler. "
So what: a hacker can take control of the Java Virtual Machine compiler on my computer - NOW WHAT? Even if you could upload some code, compile it, and run it on my computer, it'd still be in the VM. What's Kris Kaspersky gonna do- break openoffice on everyone's computer?
Javascript still executes code on the CPU. Knowing how a set of javascript commands will be interpreted, and the processor errata, he can design a script to fall in to some of the holes.
That said, I'm not sure how he goes from errata -> stealing CC numbers or whatever.
From the looks of things, this article incorrectly ties javascript into the method that will be used. I get the feeling that this is more java based than anything, and it sounds like he uses a CPU exploit to gain control of the java compiler, then uses JAVA EXPLOITS to gain further control of the system. Either that or the other way around.
Frankly though, he says that these would be undetectable and unpatchable at the system level, but I have a hard time believing that OS makers can't figure out the specific problems presented by these bugs, and simple workaround to prevent them at the lower levels of the system.
Does it also provide free energy?
Seriously though, he must be a smart guy but you would think these people could find something useful to do with there time.
No but it blends and plays Quake.
-aedile-
My same thought. Cracking processors is the new perpetual motion / free energy announcement.
so is this bios level? does that mean efi is safe?
The password is UP UP DOWN DOWN LEFT RIGHT LEFT RIGHT A B START.
They can't do anything to my computer, though. I'm invincible. I'm also not connected to the internet.
I see what you did there...
FAIL.
B A start.
What did he do? I'm confused.
Isn't it ^ ^ v v < > < > X O? And where did the START come from? Are we talking about the same thing?
@ vileta2
The code for the original Contra is ^ ^ v v< >< >BA Start. Must be talking about two different things.
have i told you i've found the key to free energy, beer and sex but i won't tell anybody lol
So glad to be an AMD fanboy today.
Neo, you are the one!
thank you
best movie ever.
shat
wow that sounds pretty bad. take control of a computer using JavaScript? i will be interested to see the demo.
That form the movie Hackers?
indeed it is, zero-cool
I laugh so hard everytime I watch that movie :D
"OH NOES THEY IS BREAKING OUR TOWERS"
Do you now see why iPhone doesn't use intel? Steve jobs can see the future!
ya steve jobs sees the future.... and all macs run on intel.
wrong. Some run on powerpc. Fool
Puhleeze. First off, no further Macs at all use PowerPC, which is basically a dead platform for PC's now that the only thing out there using it that people still sell is the Xbox 360. Second off, you think Steve Jobs sees the future because of his reality distortion field when all he is doing is replicating stuff that has been going on for the past few years and making it more friendly. (Multi-touch? Do a search for Jeff Han. Graphical user interface for the first Mac? Do a search for Xerox's GUI. And so on.)
And to defeat your point completely, the iPhone tangentially is an Intel processor because basic architecture of its Xscale processor was developed by Intel. There.
Gotta do it....
Epi...err Legendary Fail.... Erik
dun dun dunnnnn...
Code that could control any computer in the world regardless of OS. Wow, i would say he better be careful, a lot of people will be after this.
I'll believe it when I see it successfully compromise a Linux machine and a Mac OS X system remotely, with no direct access to the hardware. Definitely an intriguing notion, though.
And by "Mac OS X system," I mean a legal, EFI-equipped box, made by Apple... not a "clone".
I wrote a greasemonkey script that finds the names of members of van halen and makes links out of them to google searches of their names. It also inserts a little "VH" logo next to it.
NOONE IS SAFE
yup just go ahead and tell every hacker out there instead of just informing the hardware manufactureres. So all of us with intel chips can get screwed.
no worries, big ass firm like that will go and shut him up lol
If he just informed the manufacturer, do you really think that the problem would be fixed in a timely manner? Seriously doubtful. However, give out the code, and all the sudden Intel has a strong NEED to fix the problem....