Network Security News

Researchers reveal Intel processor exploit

Monday, March 23, 2009

Two researchers presented a paper at the CanSecWest conference in Vancouver last week about a network security exploit that has the ability to compromise PCs that run on Intel processors.

According to the security experts, the attack involves cache poisoning in a CPU operation mode called System Management Mode (SMM), SCMagazineus.com reports.

"In this paper we have described practical exploitation of the CPU cache poisoning," the researchers wrote. "This is the third attack on SMM memory our team has found within the last 10 months, affecting Intel-based systems. It seems that the current state of firmware security, even in case of such reputable vendors as Intel, is quite unsatisfying."

A cyberattack based on the Intel exploit could potentially poison a chip's cache memory, allowing access to the SMM, according to the article. The researcher said the attack could also mean the dumping of contents of RAM used for SSM or enabling arbitrary code execution in that memory.

Intel has reportedly been working on a solution to safeguard against the exploit on SMM memory. A spokesperson told SCMagazineus.com that many of the new systems are protected against the exploit. However, the researchers pointed out some of Intel's motherboards, such as the DQ35, are still vulnerable.ADNFCR-1765-ID-19088008-ADNFCR

Related News:

Zeus botnet performs MySpace spam campaign to spread itself further - 11.20.2009
A sophisticated Trojan dubbed "Zeus" has sent a flood of email messages to MySpace users in an attempt to propagate itself onto more computers, according to researchers at the University of Alabama at Birmingham.

Experts dissect Chrome OS security features - 11.20.2009
Yesterday's release of Google's groundbreaking new cloud-based operating system, Chrome OS, has caused a stir in techie circles, with experts of all stripes rushing to examine the product and issue their judgments.

Microsoft counts Chrome coup with discovery of security flaw - 11.20.2009
Security researchers at Microsoft recently discovered a security vulnerability in Google's controversial Chrome Frame for Internet Explorer, a browser plug-in that simulates Chrome functionality within an Internet Explorer session.

iPhone user sues games maker, claiming to have found hidden spyware - 11.18.2009
An iPhone gamer filed a federal lawsuit against mobile game programmer Storm8 today, alleging that the company violated his privacy by including hidden code in its games that gathered his personal information without permission.

Government watchdog warns of possible IT leaks at Los Alamos - 11.16.2009
The Government Accountability Office has issued a report on data security at the Los Alamos National Laboratory which says that sensitive and highly classified information is vulnerable to outside access.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now