[wplug] [Fwd: BSDCan 2005 - Hyper threading considered harmful]
Rob Prowel
tempest766 at yahoo.com
Thu May 12 22:42:28 EDT 2005
don't lose any sleep over it...at least yet...
there are many less esoteric exploits that pose a much
greater risk.
--- Bill Moran <wmoran at potentialtech.com> wrote:
> > From: "Dan Langille" <dan at langille.org>
> To: announce at lists.bsdcan.org
> Date: Thu, 12 May 2005 20:19:20 -0400
> Subject: BSDCan 2005 - Hyper threading considered
> harmful
>
>
> Hello folks,
>
> As promised, details of the security announcement:
>
> ###
> Colin Percival, a FreeBSD committer and security
> team member, has
> found a local exploit against the current
> implementation of Intel's
> Hyper-Threading Technology. "Hyper-Threading, as
> currently
> implemented on Intel Pentium Extreme Edition,
> Pentium 4, Mobile
> Pentium 4, and Xeon processors, suffers from a
> serious security
> flaw," Colin explains. "This flaw permits local
> information
> disclosure, including allowing an unprivileged user
> to steal an RSA
> private key being used on the same machine.
> Administrators of multi-
> user systems are strongly advised to take action to
> disable Hyper-
> Threading immediately."
>
> Colin will present the details behind the attack at
> BSDCan 2005 at
> 10:00 AM EDT on May 13'th. "At the conclusion of my
> talk I will also
> be releasing a paper describing the attack and
> possible mitigation
> strategies," Colin explains. The flaw affects all
> operating systems,
> and for a secure multi-user environment essentially
> requires that
> Hyper-Threading be disabled. When available, more
> information will be
> found on Colin's upcoming web page on the topic.
> ###
>
> <http://kerneltrap.org/node/5103>
>
> See you at BSDCan.
>
> --
> Dan Langille : http://www.langille.org/
> BSDCan - The Technical BSD Conference -
> http://www.bsdcan.org/
> NEW brochure available at
> http://www.bsdcan.org/2005/advocacy/
>
>
> To unsubscribe: send mail to
> <majordomo at lists.bsdcan.org>
> with "unsubscribe announce" in the body of the
> message
>
> > _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the wplug
mailing list