Researchers: Intel CPUs are inherently flawed and open to a specific attack

[Batu69]

 

Most of us use our computers to manage some of the most important aspects of our lives, from our personal and business finances to recording our private lives to conducting most of our communications. If someone can break into our computers, they can steal our information, our identities, and generally make our lives miserable.

 

A recent paper published by researchers at the State University of New York at Binghamton alleges that certain processors are inherently flawed and open to attack, according to Ars Technica. The flaw works against a specific method used by modern operating systems, including both Windows and MacOS, to keep systems secure called “address space layout randomization,” or ASLR.

 

Basically, ASLR jumbles up the memory locations where applications store their code, making it more difficult for exploits to take over a system. Instead, attacks are more likely to cause the computer to simply crash — an inconvenience to users and a potential source of data loss, but far preferable to allowing a hacker to assume control.

 

The flaw in Intel’s processors, which was demonstrated in Linux running on a system utilizing a Haswell chip, allows attackers to bypass ASLR. On a more technical level, a vulnerability exists in the processor’s branch predictor that allowed the researchers to identify where chunks of code would be stored. This basically represents a “side channel” in the branch predictor that attackers can use to get around ASLR, making predictable something that should be unpredictable.

 

As the researchers put it, “ASLR is an important defense deployed by all commercial operating systems. It is often the only line of defense that prevents an attacker from exploiting any of a wide range of attacks (those that rely on knowing the memory layout of the victim). A weakness in the hardware that allows ASLR to be bypassed can open the door to many attacks that are stopped by ASLR. It also highlights the need for CPU designers to be aware of security as part of the design of new processors.”

 

Intel is checking into the research, and the researchers go beyond merely alerting the industry to the potential vulnerability by offering a number of ways to reduce the likelihood of attack via hardware and software. The details of the exploit are contained in the paper titled “Jump Over ASLR: Attacking the Branch Predictor to Bypass ASLR” that was presented on October 18 at the IEEE/ACM International Symposium on Microarchitecture held in Taiwan.

 

Article source

[steven36]

Many Linux users complain about the fact there are no opensource  chips  they dont trust any proprietary vendor anymore ..I use too think Windows 7 users were paranoid  about Windows 10 but here lately many  Linux users think everything is backdoored  thorough  the chips so they are just as bad. be it Intel  or AMD . There so paranoid they may as well logoff . Lol  now Haswell is a security risk those chips  have been out since 2013 1st I ever heard of it  there 3 years to late . Most vendors will tell you buy new hardware is all .

 

Millions of people still use XP  without a update in over 2years the only reason they will leave XP is lack of software updates there not concerned about  security even 

 

Then you have over a billion on Android and it's full of flaws   .So you think anyone other than people who dont use Intel (AMD users) so they can bash it even cares?. It's just another Tinfoil hat theory that  the end user could care less about ..Money dont grow on trees  and no one has bought  computers much in years.. So I don't  see  them rushing to the store to buy the latest and greatest ..

 

[steven36]

Back in 2013  something slimmer  was said about Intel on Linux

http://www.theregister.co.uk/2013/09/10/torvalds_on_rrrand_nsa_gchq/

Quote

 

Torvalds shoots down call to yank 'backdoored' Intel RdRand in Linux crypto

 

We actually know what we are doing. You don't' says kernel boss

 

Torvalds argued in his mild outburst that the values from RdRand are combined with other sources of randomness, which would thwart any attempts to game the processor's output - but it's claimed that mix is trivial (involving just an exclusive OR) and can be circumvented by g-men.

 

Posted on 9 September, the petition drew just five signatures and now features a message reading "petition closed". Condon ignited Torvalds’ ire by demanding the following: “Please remove RdRand from /dev/random, to improve the overall security of the Linux kernel.”

The catalyst for the petition seems to be the belief that the RdRand instruction in Intel processors was compromised by the NSA and GCHQ, following the latest disclosures from whistleblower Edward Snowden.

 

Its bad when Torvalds calls it a Tinfoil hat  and now its 2016  and there still on about  it lol  hahaha they been saying this about Intel  for years .

[straycat19]

Another hack that requires a 'perfect storm' to occur before it can be successful.  Enabling NAT in your router, running a good firewall, and using GPO to stop unauthorized software from running will guard against these kinds of attacks.  The only real 'flaw' with a computer, one that exists on every computer, is a stupid user.  Even the most secure systems can be breached because of one stupid user who does something they have been told not to do a million and one times.  One big misconception is that windows updates makes your computer secure.  If that was true there wouldn't be so many of them month after month, year after  year.  For every fix they create another flaw and it is a never ending cycle.  I haven't installed one update since May 2015 and my systems are stable, not hacked, not riddled with malware, and they don't freeze or grind away for hours trying to install an update.  And my systems are secure. 

 

[steven36]

Torvalds favorite  laptop is  the Dell XPS 13  that has a modern Intel Skylake so anyone on Linux that bashes Intel  is a nutjob  Intel has the less trouble free processers there is for Linux  I have 2 computers  . My AMD  gave me nothing but trouble with Linux  so I stuck Linux Mint 17.3  on it  and going leave it there tell 2019  . On my Dell Mini Tower Intel any Linux Distro runs great on it.