Newsletter Archives

  • Hyper-Threading Security Hole

    Posted on May 16, 2005 at 22:16 CDT by Comment in the Forums

    On May 13, a guy named Colin Percival delivered a talk at an operating system conference in Ottawa that described a gaping security hole in Intel’s Hyper-Threading technology.

    Apparently Hyper-Threading, which intricately intermixes calculations among multiple running programs, also mixes up access to a computer’s memory. Because of the way Hyper-Threading works in, for example, Intel Pentium processors running Windows, it’s possible for a tricky program with very limited security clearance to spy on another program. The example Colin gives is one of a Spy program that reads information – perhaps a highly secure password – while it’s Hyper-Threaded with another program.

    You don’t need to be worried about it. The exposure, at this point, only raises its ugly head if you are in charge of a secure server site. But it is an exposure, and it appears to be a genetic defect in the way Hyper-Threading (and Windows running on Hyper-Threaded machines) work. It’s being called CAN-2005-0109.

    Okay, Microsoft. Here’s another chance for you to issue a Security Advisory – or at least post something on your Security Blog. The major BSD operating system software companies have all issued advisories, as has SCO. If Colin is to be believed, Intel’s known about the problem for a couple of months, and presumably Intel informed its closest allies. Why haven’t we heard from The World’s Largest (and Richest) Software Company?

    Windows Patches/Security ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.