Re: Kaspersky claims remote DoS against all Intel chips


I agree completely. I'm looking forward to hearing the details, because the release doesn't seem to quite add up. I was just throwing out an example of how a remote exploit doesn't necessarily have to include custom code on the victim machine being executed.

Re: Kaspersky claims remote DoS against all Intel chips

Not sure if you're joking or not, but for the edification of others:
You can load microcode changes to the processor during it's initialization. Fixes are distributed in BIOS updates and are volatile.

That wasn't always the case, mind you. I'm pretty sure it started in the x86 architecture after the Pentium chips with the floating point bug were released.

Re: Kaspersky claims remote DoS against all Intel chips

I hate to throw a semantic flag on the FUD play here but, let's see some *specific* citations. With _all_due_respect_ to Kaspersky, I'm not going to go look this up, I'd just like to hear more detail on whatever y'all are going on about.

The CPU doesn't execute instructions directly off the TCP stack. You need to sit with a diagram of the OSI layers and a cup of cocoa and calm down.

There's a major difference between a chipset and a CPU and then you start pulling thermal failures as if that is going to suddenly make a CPU execute a TCP instruction directly off the stack. It won't.

What we need here, my brothas, is some direct citations from the authorities and another round of motivation from the good bartender to keep us on the path of righteousness, for we are fighting the good fight.

*cough*

Can I get an AMEN!

Oh, wait, I thought it was Sunday.... Is it still 6 days to con? It's the thought that counts....

Re: Kaspersky claims remote DoS against all Intel chips

The best metaphor I can think of is the out of band attack on port 139 but targeting the processor itself vs a Windows service. I'd have to see the presentation for more details but that's the first that came to mind at least.

Re: Kaspersky claims remote DoS against all Intel chips

You need to make the CPU execute instruction sequences that trigger the errata.

Kaspersky seems to be talking about doing this with things like a carefully crafted storm of TCP packets.

Re: Kaspersky claims remote DoS against all Intel chips

I wouldn't quite say that. The fact of the matter is that in order to trigger these errata (unless this is something new that I've never heard of, in which case my brain just melted), you need to execute code on the machine. Hardly a remote code execution exploit if you're already executing code to do it, isn't it? I can think of much easier ways to lock up a machine, too (that aren't CPU-dependent).

Now where the closest thing to danger comes in is on the couple of odd errata that I've seen that break the CPUs own internal protections - usually the thermal protection. Could make for some interesting targeted attacks against certain servers. Break the CPU thermal protection, shut down the cooling fans in the "management suite" and wait for the smoke.


Oh, and AMD has similar errata lists.

Re: Kaspersky claims remote DoS against all Intel chips

Color me completely unsurprised.

To bugfix patch a chip, do you have to drive to the user's house and replace it for them?