Computer and Technoloy News

CPU Errata Turn Security Vulnerabilities

Security vulnerabilities have plagued the computing world ever since computing became a significant advance of mankind. As of today, the plethora of security software we use that gobble money, system resources and network bandwidth to keep our computers and networks safe, have done a good job and it’s relatively ‘peaceful’ these days. And just when we thought so, enter Kris Kaspersky, eminent security researcher, comes up with the hypothesis that microcode errors, known errors and flaws in the design of CPUs could be exploited by malicious code to attack and compromise systems irrespective of which operating system (OS) and other software are running. Kaspersky claims that different errata of the CPU could be exploited differently.

Kaspersky plans to validate his claims by a demonstration during the Hack-in-the-box (HITB) event this October, where he will demonstrate different attacks specific to the errata of different processors. He told PC World, “I’m going to show real working code…and make it publicly available. Some bugs just crash the system; some allow a hacker to gain full control on the kernel level. Some just help to attack Vista, disabling security protections.”

For the know, even the most recent “Silverthrone” Atom processors have a list of errata, we all remember the Translation Look-aside Buffer erratum that AMD shipped its initial K10 processors with, which plagued sales of the Quad-core AMD Barcelona and Agena parts, and of how Intel delayed launch of Penryn to fix design flaws. That brings us to the burning question: why on earth would Kaspersky want to release the code to create such malware, and discover this vulnerability in the first place? Oh, it means business for Kapersky, a vendor of security software himself, and other security providers. Interestingly, such security patches come in the form of patches to the BIOS a-là the immediate fix for TLB-affected AMD processors. Fresh headache for BIOS coders of Motherboards, or maybe there’s a business to that too? Perhaps ‘Best security features’ could be the next mantra for motherboard vendors, like ‘best energy-saving features’ is now.

Related posts

• Zotac Announces New NVIDIA Hybrid SLI Motherboard for AMD (0)
• Will AMD Rain on NVIDIA’s 9800GTX+ Party? (0)
• Vigor Gaming Announces First AMD GAME!-Branded Force Recon SP Desktop Gaming Rig (0)
• VIA Quits Motherboard Chipset Business (0)
• US Dept. of Justice Spares ATI of Antitrust Charges (0)
• Theory of DDR3 Voltage Limitations for Bloomfield Gains Ground (0)
• Thecus Reveals the AMD Processor-Based N4100PRO NAS (0)
• Shader-deficient Radeon HD 4830 Could be in the Channels (0)
• Sapphire Intros Toxic Radeon HD4850 and Radeon HD4850 1GB (0)
• Radeon HD4870 X2 Readies for Release (0)