Researcher claims to have discovered universal attack code for Intel chips: no one is safe
By Paul Miller 
posted July 16th 2008 3:06PM
posted July 16th 2008 3:06PM
posted July 16th 2008 3:06PM
A look back on popular stories from today in a specific year.
Now that we've thrown 'em off the trail, use the form below to get in touch with the people at Engadget. Please fill in all of the required fields because they're required.
Some dude who just learned binary code for the same purpose is really pissed right now.
I bet if he used some of his time to "hack" womens panties he'd have a better life..... just sayin..
reminds me of the cartoon http://en.wikipedia.org/wiki/Wagon_Heels
"I know something I won't tell, I won't tell, I won't tell!"
HACK THE PLANET!!!!!
TOOL!
MEH! It's another case of someone wanting 15 minutes of fame. I hate these people with RIDICULOUSLY stupid claims. Whatever.
Yes! Gibson!
In before cyber doomsday!
Wow, my ten year old, G3 laptop that refuses to die will still be useful.
Bow, bow to your sensei!
MEH! Whatever. Another asshole trying to get his 15 minutes of fame. Fucking fake!
Seriously... isn't this guy being a little bit of a jerk? So instead of telling the ppl who need to know (read: Intel HP Apple Sony etc.) so that they can patch this gaping hole, he would rather grab attention for himself and tell the WHOLE WORLD how to gain access to ANY computer that just *happens* to run on THE most popular processor next to AMD.... doesn't that sound childish? I mean, there is obviously a huge risk here. Does Kaspersky not see his obligation to the computing world, or is he just an egomaniacal jerk? If he knows what's right he will (hopefully) tell the right people. Does anyone agree with me?
I disagree. If it turns out that this large flaw in chip design is real, then he should be paid quite a bit of money for his findings. Asking that he just turn over the details of the bug to Intel for free is just wrong. People need to be properly paid for their work, nothing is free.
No, I do not. You can use a government analogy for this one. Tell the people first and the man will respond very quickly to cover its own ass. Tell the man first and the people will never know how badly they were or are being screwed.
Intel already knows about it.
i sort of glad i have kaspersky AV then, so i should get the update as its releastd
Yea, this fool is starving for attention and must be certifiably nuts cuz this guy either doesn't even understand what kind of attention he will receive, criminal AND gov't wise or just has lost it, period.
It's in the Garbage file. Intel is responsible, they're just trying to blame it on hackers in order to collect on the insurance.
eh, he's probably hoping that he gets enough hype up that intel buys his silence for $1mil
Looks like the ps3/cell has won this time. Suck it 360!!!! ...................................................J/K
Yes...because the three core Xenon in the 360 is a special PowerPC based chip that is actually an Intel processor.
I thought it was funny. D=
Maybe he can fix my processor so I can run Crysis.
Kris Kaspersky IS Zero Cool!
I totally understand this guy's need to address that this is a big issue, but by keeping it to himself, he will draw criticism from many people; by releasing code to compromise systems, he can practically be charged with conspiring to commit terrorism the way this country is heading. Sure it's computer exploitation, but if will affect many businesses and people's lives in the US, then it's can be considered said offense.
And if you people think he doing this to get paid, I think he's just doing to punish Intel for not finding this bug.
Hey I completely agree. I wish to restate here that he does have an obligation to report this bug, as it were, to the proper parties. On a side note, he did not do any "work", in the state of on-the-books labor: by the wording in the article it would appear as if he discovered this on his own time, by no-one's request, by his own volition. That being said, if Intel/Apple/HP/MS wishes to pay him, more power to him. Nonetheless, if he wishes to "punish" Intel then I seriously think he should not take it out on the millions of businesses and individuals that use Intel's chips. And I do think that if computer forensics can prove (later) that a given act of computer sabotage/terrorism comes from this guy's publicly available code, then he should be persecuted for that.
I think you meant "prosecuted".
; )
Wow... with comments like these, no wonder you elected Bush twice.
Yes I voted for Bush.
Uh... To be honest I *woulda* voted for Bush too were I of age at the time... In fact it appears most people did.
And I did mean persecuted ( :) ) but prosecuted would be okay too I guess. But I have been hearing a lot of people say that Intel *already knows* about this bug. I hope that this is the case, because other comments on the original site state that it doesn't affect all operating systems, contrary to the article. Again, I hope this is the case.
Nonetheless, if it is a serious problem, then this guy is pretty much yelling out the instructions to the computing equivalent of an atomic bomb free of charge to anyone who will listen. Doesn't that seem a little... unethical?
@CubeGuy
stfu no you didn't...
OLD MACS FTW!!!
Hackers screenshot ftw
eh, he's not some anonymous dude looking for his 15-minutes of fame. It's Kaspersky.
And [although I agree with the sentitment] for those of you who are yammering that he should "forwarn" the manufacturers -- what good would it do if he's got a hack that circumvents everything down to the hardware level? It isn't like Intel can just send out a patch for our chips :) Hopefully I'm wrong, and whatever he's cooked up in his lair-^d^d-ab can be prevented through a software update. /shrug.
tomorrow in the news we hear that this man has mysteriously disappeared...and that also intel's chief engineers have gone to their other office in guantanamo.
I'm safe...my computer chip uses thousands of really tiny gerbils on tiny little wheels. Besides, I have GEICO.
I'm not saying I believe a word of this, but if he really did find something, then why do guys like this want to post it publically? What on earth is that supposed to accomplish by placing everyone at potential risk? Maybe he's talkin' bunk, but until we know for sure, "Thanks a lot ya boob for deciding to advertise your findings to every idiot out there. Way to contribute to society."
How about letting Intel know so they can fix it (if this truly is a real flaw), without creating a stir. If you find something that places people at risk, you don't go yelling it at the top of your lungs. You keep your big mouth shut and quietly provide the info to those who can do something about it without harming the rest of us.
(ominous music in the background).........and who said it was a flaw?.....(menacing)you guys dont know the half of it......(ominous music ends)
Don't you joke about this. Once he controls your CPU he'll use a quatum entanglement errata he found in the human genom to take over your brain by blinken lights. So better be good now, or he will be very, very angry ...
There is something wrong with this whole premise:
1) TCP/IP, in and of itself, does not pass executable code and have it directly executable by the CPU. If it does, it's a bug in the TCP/IP stack, not the CPU.
2) Javascript doesn't run native machine code. If it allowed native machine code through, it would be a bug/fault of the Javascript execution engine, not the CPU.
In either case, I call attention-whoring BS on this.
I bet the CIA/NSA is pissed about their backdoor being discovered.
Love the picture... GREAT MOVIE!!!
all talk no action...
i can hack up a super computer in 1 day!
why 1 day?
coz that damn computer is huge dude!!!
even with a big axe i still need lots of time.
Intel: "Mr. Smith, kill Neo know!".
Neo: "Ok ok, i won't tell..."
JavaScript is not the same as Java. JavaScript is not run on the virtual machine provided by Sun, but is interpreted by the browser itself (eg Firefox, Opera, IE).
I'm just waiting for the stream of "Hai, I'm in ur Java, sploitin' your errata" lolcats pictures. -_-
On the plus side, anyone falsely accused of copyright theft or child porn can point to this vulnerability and say EVERYONE can be hacked / framed.
Eventually we will be back to doing basic "computing" with a pencil, paper, calculator, compasses, rulers etc... and a little bit of brain power.