Bugtraq mailing list archives
Re: Intel Pentium Bug
From: aleph1 () DFW NET (Aleph One)
Date: Sat, 8 Nov 1997 19:16:24 -0600
I'll summarise most of the post on the queue. There are quite a few of them and the mostly containt the same information. This should save some time in light of the high volume generated by this thread. Jeff Odom, Tyson B., Alan Cox, David Bristow, and John Dowdal point out that on most modern motherboards you have to physically set or remove a jumper on the motherboard in order to upgrade the flash BIOS. Unfortunately, most people don't bother to go back and re-set the jumper to write-protect. It was also pointed out that it would be a feature if modern operating systems refuses to boot with the write-protect jumper turned off or at least print a warning message. Marc Newman, Thom Henderson, Edward S. Marshall, Trevor Schroeder inform us that of the the 6502, 6802, 68c02 or Z80 had an undocumented test instruction intended to test the data bus that would cause it to start incrementing the address bus at full speed. The result was a lockup. The opcode was dubbed HCF (Halt and Catch Fire).. Jonathan A. Davis also recalls that it was also possible, on Commodore "Pet" and "SP" machines, to drive the system's CIA (Complex Interface Adapter) chips into a hardware race, burning each other out. It cost him around $150/US to test it. Sylvan W. Clebsch provides some more information on the Commodore 1542 disk drive. It seems he 1542 simply had no head stop. You could tell it to go seek track 0xFF, for example, and watch the head slide right off and ka-boom. This was a common attack on early C-64 based BBS's. Quite a few of them responded to a ctrl-D, CR-LF, ctrl-C combo by dropping out of the BBS into that goofy C-64 command interpreter.
From there, the attacker would tell each 1542 on the machine (often
quite a few on those BBS's) to seek off the edge. He also corrects us on the proper meaning of the "Singing Disk Drive". The amiga's 3.5" floppy could be made to produce an amazing variety of tones, and the result was a number of concertos and fun songs that were distributed in the form of programs that would screw with your floppy drive. The result was that the motor would burn out before too long, but a friend of his whose hardware was provided by the company he worked for wasted a lot of time "composing" for the floppy drive around 1986. Joe Ilacqua notes that he belives the flawed SPARC chips where from the 1992 era, and could be halted in user/non-supervisor mode. As I he recalls it, for speed they often didn't do op-code verification or test for "impossible" combinations. The assumption was that since all code would be generated by compilers you could guaranty the code would be "good". Casper Dik points out that "crashme" is designed to detect operating system bugs, not processor bugs. It just happens that it may find some. Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- Re: Intel Pentium Bug, (continued)
- Re: Intel Pentium Bug John Pettitt (Nov 07)
- Sidenote of Pentium Bugs Dave (Nov 07)
- Security bug in iCat Suite version 3.0 Mikael Johansson (Nov 08)
- Re: Intel Pentium Bug JoelKatz (Nov 07)
- Re: Intel Pentium Bug Joe Ilacqua (Nov 07)
- Re: Intel Pentium Bug Rubens Kuhl Jr. (Nov 07)
- Re: Intel Pentium Bug Ralf Baechle (Nov 10)
- Re: Intel Pentium Bug Barry Irwin (Nov 08)
- Re: Intel Pentium Bug Bjorn Wesen (Nov 08)
- Re: Intel Pentium Bug Peter Bierman (Nov 08)
- Re: Intel Pentium Bug Aleph One (Nov 08)
- Microsoft Office security bug Aleph One (Nov 07)
- Re: Microsoft Office security bug Inigo Gonzalez (Nov 11)
- What were the opcodes to hang a Pentium again? (fwd) Darren Reed (Nov 11)
- Re: Microsoft Office security bug Aleph One (Nov 11)
- Vunerability in Lizards game SUID (Nov 11)
- Re: Vunerability in Lizards game Alex Murray (Nov 12)
- Re: Vunerability in Lizards game Olaf Titz (Nov 13)
- Re: Vunerability in Lizards game Kragen \ (Nov 13)
- Re: Vunerability in Lizards game Neil Levine (Nov 17)
- Re: Vunerability in Lizards game Joe Zbiciak (Nov 18)
- Microsoft Office security bug Aleph One (Nov 07)
- Re: Intel Pentium Bug John Pettitt (Nov 07)