Bugtraq mailing list archives
Re: Intel Pentium Bug
From: eric () SENDMAIL ORG (Eric Allman)
Date: Fri, 7 Nov 1997 18:21:03 -0800
This scenario does assume that the instruction sequence that updates the microcode is accessible when the processor is in user mode. Of course, it does make an attack that lets you run in kernel mode rather more interesting.... eric ============= In Reply To: =========================================== : From: Aleph One <aleph1 () DFW NET> : Subject: Re: Intel Pentium Bug : Date: Fri, 7 Nov 1997 19:49:28 -0600 : On Fri, 7 Nov 1997, George Imburgia wrote: : : > Intel recently acknowledged that they enabled the ability to update : > microcode on Pentium chips several years ago. That's right folks, they put : > a backdoor in your hardware. The good news is, it could be used to fix : > this bug, should Intel be so inclined. : > : > AMD's microcode is updateable too. No clue about cyrix. : : This is something I discussed with a friend about two years ago. : Imagine if you will someone with information on how to download new : microcode to the CPU. This person has the availity to write a : virus/trojan/activex/program that can now compleatly disable your CPU : in such a way that it would need to be taken out to reinitialize. : If they fully disable the CPU the end user would program replace every : single component of the computer before the CPU. This would cost thousands : of hours of lost work and man power. : : Far worse, it could introduse subtle random flaws in for example the login : or artihmetic processing. How may industries would be affected if hit? : Or what about microcode backdoors that add your own instructions to : bypass memory protection? You could write your own program to modify : your process structure to become owned by root. The possibilities are : endless. : : If Intel where to provide a program to update the microcode on the CPU : it would most probably be disassembled and reverse engineered quickly. : Whats a multi-billion company to do?C : : > George Imburgia, Network Specialist Phone: (302)739-4068 : > Delaware Technical & Community College Fax: (302 739-3345 : > Office of the President e-mail: gti () hopi dtcc edu : : Aleph One / aleph1 () dfw net : http://underground.org/ : KeyID 1024/948FD6B5 : Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- WARNING: Linux Intel Pentium Bug ZombieMan (Nov 06)
- Re: WARNING: Linux Intel Pentium Bug Stefan Hudson (Nov 07)
- Re: WARNING: Linux Intel Pentium Bug whiz (Nov 07)
- Re: Intel Pentium Bug George Imburgia (Nov 07)
- Re: Intel Pentium Bug Kragen \ (Nov 07)
- Re: Intel Pentium Bug Chris Pascoe (Nov 07)
- Re: Intel Pentium Bug Stefan Hudson (Nov 07)
- Re: Intel Pentium Bug Aleph One (Nov 07)
- Re: Intel Pentium Bug Eric Allman (Nov 07)
- Re: Intel Pentium Bug Dean Gaudet (Nov 07)
- Re: Intel Pentium Bug Dean Gaudet (Nov 07)
- Re: Intel Pentium Bug Colin Jenkins (Nov 07)
- Re: Intel Pentium Bug George Imburgia (Nov 07)
- Re: Intel Pentium Bug Travis Hassloch (Nov 11)
- Re: WARNING: Linux Intel Pentium Bug Stefan Hudson (Nov 07)
- Re: WARNING: Linux Intel Pentium Bug Roger Espel Llima (Nov 09)
- Re: solaris (fwd) Corey Lindsly (Nov 09)
- Re: solaris (fwd) James Lockwood (Nov 09)