hyperthreading issue

lurkswithin

Fully Optimized
Messages
1,690
people with computers at home dont have to worry about this. It is mostly for servers like xeons that use HT.
 
Scarey...

It did state in the paper and the e-week.com articule that it was a multiuser concern. Still if you set up for hyperthreading in a network at home you could be vunerable.
Makes you wonder...
 
AMD 64 doesn't have hyperthreading though since its a Intel design. It has Hyper Transport technology, but thats a totally different thing (HT and HT lol)

Bit weird that though. Its only using a virtual CPU when thats running isn't it? How could it cause vunerabilities in that case? Does the CPU have more control over that than i thought?

I do think this is a bit extreme though from the first link:

"Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately; single-user systems (i.e., desktop computers) are not affected."

Wouldn't stealing an RSA private key only be useful if the guy hacking or something got hold of your computer itself?

I would advise that if you do have a multi computer like that and your not a big business, and you of course had standard protection like a firewall, you'd be fine :)
 
Well...

I think it would be better to read the second link first as it's the e-week articule and references back to the first link which is the paper the guy wrote. As for hyper thread and hyper transport, a virtual cpu is a virtual cpu no matter what brand name or what they call it. Dual cpu, where one is a virtual cpu, is according to the paper vunerable to having the encryption keys lifted. This would allow an intruder access to encrypted files on the system. And that was the whole point of the paper.
And guess who is one of the biggest users of encrypted files.
If you guessed credit card companies you're right. This would make your credit card information vunerable to being stolen and used.
And the paper being released in to the public domain is a double edged sword. Not only has he informed the world of a problem he has also told hacker, crackers, jackers, what ever is the politicly correct term now a days, how to do it.
My comment on a multiuser home system using a virtual dual cpu system was just a personal observation.
 
Yeah, it does seem pretty dangerous if its only just been discovered. I wonder how it was though? Do people randomly go through the code and notice mistakes or vunerabilities?

I don't think its exactlya big problem though, like earth shattering. I just think its a slight set back that can be put right. These types of things always crop up in computers.

I don't like the fact about them being told how to do it though.
People with single based systems aren't to worry...businesses?... well worry!!! hehe

Wouldn't fitting a firewall as standard minimize these risks though, or even make them go away completly?
I mean most businesses use hardware firewalls in routers and such which are even better than software based ones. Would they still be vunerable?
 
How they get found...

Some problems like this one get found by those looking for it. Some get found by the bad guys and get reverse engineered to the source. And some get found by pros getting paid to look for them.
Kinda like a job I used to do. I got paid to see if I could get in a secure building past the alarm past the guards and see how far I got before they either got me or I called the ceo of the company at home from his office. I had some big time clients. It was 24 I made it to the top and 1 time got caught by a renter in a building.
But it works basicly the same.
As for the router question, I'm not really sure But one would think a hardware and software team up would reduce the threat.
 
There is another aspect to this story that some of you missed. This is not a recent thing, but was discovered back in Dec,2004. In Feb, 2005, the venders were told about it. To this date they have yet to impliment fixes for it(some have...but not the bigger vendors) Nor have they released any warnings about it to their buyers. This to me is the worst of the problem. It is our information that is being held with those incrypted files. Information about us and our families and friends...yet the vendors apparently just didn't have a concern about it. That is why Mr Percival came out publicly about it. He also felt this to be an outrageous act by the vendors.
 
Back
Top Bottom