Intel CPU rootkit

[Guest]

[burebista]

Today is the day.

Next week's Thursday, March 19th, 1600 UTC, we will publish a paper (+ exploits) on exploiting Intel® CPU cache mechanisms.
The attack allows for privilege escalation from Ring 0 to the SMM on many recent motherboards with Intel CPUs.

I'm somehow anxious after I read something from her conclusion

When was the last time you scanned your system for SMM rootkits?

Especially when a guy tell us

No software you can run on your operating system would be able to detect this type of exploit once you are powned.

So can a more knowledgeable person explain in plain words what's happens now and how CIS can(?) protect us unlucky Intel owners ?

Thanks.

[.FaZio93.]

Similar thread here.

[Bracca]

Intel Processors have some vulnerabilites in themselves? Does that count Quad core? 

[andyman35]

I'd take anything Joanna Rutkowska says with a pinch of salt since she hasn't yet accepted the challenge to prove the workability of her Blue Pill concept getting on for 2 years later.

http://blogs.zdnet.com/security/?p=334

[GakunGak]

Cpu rootkit... Is that even possible?

[RejZoR]

How can anything be effective in volatile memory like L1 and L2 cache? One thing is theory but actually building a malware using such concept is completely another thing.
Joanna has all the theory stuff but she just can't seem to deliver anything useful that is actually working in real world scenarios.

[Pfipps]

This possible security problem is worth noting. But anyway, there are way to many hackers  (or security researchers) who love to make people feel vulnerable, because the average hacker knows the average user will "click on the dancing pigs."

For example, I can run no security programs on a patched windows system with the windows firewall turned on and (almost) never get infected as long as I surf carefully, and don't download everything, for example. Some hacker may say, "I can break you out in 2 minutes!" Yes, if I allow it on my end! I still have to leave a small possibility of something automatic happening on a particular site.

[Ragwing]

I'm glad I'm using AMD!

[.FaZio93.]

I still have to leave a small possibility of something automatic happening on a particular site.

IMO, that is no "small possibility". Malicious sites with harmful content (e.g. Buffer overflow as just one example) are one of the most common attacks of today and are becoming more popular everyday.

See here:
http://forums.comodo.com/empty-t34529.0.html
http://secunia.com/secunia_research/

I just think that common sense is not enough for any user nowadays (but it sure can help). 

[Creasy]

I'm glad I'm using AMD!

Don't worry.
There are vulnerabilities with AMD too.
But fewer than Intel.

[Ragwing]

Don't worry.
There are vulnerabilities with AMD too.
But fewer than Intel.

I need a software like nLite for CPUs to protect myself... 

[OmeletGuy]

Holy Mother of All rootkits!!!    

Can someone explane to me what SMM is?
Because if SMM is (ram like) memory: and it is deleted everytime the power is truned off we should be ok right?

If the answer is NO, if i pull my CPU out and put i in a diffent PC will the rootkit still be there?

ALSO i have a Dell XPS 700 mobo IT comes with a boot diganostic disk that can Scan for problems In every part of the CPU Could something like this do the trick in removing the root kit if instructed to?

  If this don't work nothing will.
Pass the CPU trough A VERY STRONG magnetic Field  that should take care of the rootkit If not the CPU also. LOL

[Tags:]