[wplug] [Fwd: BSDCan 2005 - Hyper threading considered harmful]

Rob Prowel tempest766 at yahoo.com
Thu May 12 22:42:28 EDT 2005 


don't lose any sleep over it...at least yet...

there are many less esoteric exploits that pose a much
greater risk.


--- Bill Moran <wmoran at potentialtech.com> wrote:

> > From: "Dan Langille" <dan at langille.org>
> To: announce at lists.bsdcan.org
> Date: Thu, 12 May 2005 20:19:20 -0400
> Subject: BSDCan 2005 - Hyper threading considered
> harmful
> 
> 
> Hello folks,
> 
> As promised, details of the security announcement:
> 
> ###
> Colin Percival, a FreeBSD committer and security
> team member, has 
> found a local exploit against the current
> implementation of Intel's 
> Hyper-Threading Technology. "Hyper-Threading, as
> currently 
> implemented on Intel Pentium Extreme Edition,
> Pentium 4, Mobile 
> Pentium 4, and Xeon processors, suffers from a
> serious security 
> flaw," Colin explains. "This flaw permits local
> information 
> disclosure, including allowing an unprivileged user
> to steal an RSA 
> private key being used on the same machine.
> Administrators of multi-
> user systems are strongly advised to take action to
> disable Hyper-
> Threading immediately."
> 
> Colin will present the details behind the attack at
> BSDCan 2005 at 
> 10:00 AM EDT on May 13'th. "At the conclusion of my
> talk I will also 
> be releasing a paper describing the attack and
> possible mitigation 
> strategies," Colin explains. The flaw affects all
> operating systems, 
> and for a secure multi-user environment essentially
> requires that 
> Hyper-Threading be disabled. When available, more
> information will be 
> found on Colin's upcoming web page on the topic.
> ###
> 
>     <http://kerneltrap.org/node/5103>
> 
> See you at BSDCan.
> 
> -- 
> Dan Langille : http://www.langille.org/
> BSDCan - The Technical BSD Conference -
> http://www.bsdcan.org/
>    NEW brochure available at
> http://www.bsdcan.org/2005/advocacy/
> 
> 
> To unsubscribe: send mail to
> <majordomo at lists.bsdcan.org>
> with "unsubscribe announce" in the body of the
> message
> 
> > _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the wplug mailing list