funsec mailing list archives
"Attacking Multicore CPUs" (slashdot, TheRegister)
From: Paul Vixie <paul () vix com>
Date: Tue, 18 Sep 2007 19:45:22 +0000
"The Register reports that the world of current multi-core central processing units (CPUs) just entered is facing a serious threat. A security researcher at Cambridge disclosed a new class of vulnerabilities that takes advantage of concurrency to bypass security protections such as anti-virus software The attack is based on the assumption that the software that interacts with the kernel can be used without interference. The researcher, Robert Watson, showed that a carefully written exploit can attack in the window when this happens, and literally change the "words" that they are exchanging. Even if some of these dark aspects of concurrency were already known, Watson proved that real attacks can be developed, and showed that developers have to fix their code. Fast..." http://hardware.slashdot.org/article.pl?sid=07/09/16/131251 http://www.theregister.co.uk/2007/09/14/system_call_sploits/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- "Attacking Multicore CPUs" (slashdot, TheRegister) Paul Vixie (Sep 18)