Intel Woes..

SMM, or System Management Mode is the most powerful thing running your Intel-based computer right now. It is everything to everything. What would happen if that could be compromised? Disaster! Even worse, this mode is built into ALL Intel CPU cache controllors.

Joanna Rutkowska founder and CEO of Invisible Things Lab alongside Rafal Wojtczuk released documentation on attacking SMM memory via Intel CPU cache Poisoning.

They did not release an SMM rootkit. Some thought they would. What was released includes totally harmless shell code according to Ms Rutkowska's blog.

Here is a link to the paper.

System Management Mode (SMM) is the most privileged CPU operation
mode on x86/x86_64 architectures.

It is essentially "Ring -2". The code executing in SMM has more privileges than hypervisors (VT), which are colloquially referred to as if operating in "Ring -1".

The protection of SMM can be trivially circumvented. This means that if you have an Intel CPU in your computer it is very important to update everything you can, and do it now! When the real rootkit comes out, which is probably hours from now based upon hacker persistance levels of late, you are doomed! Doomed I say!

A talk was given today at CanSecWest on this defcon level (yes you'd better turn that thing up too) paper by Loic Duflot also of Invisible Things Lab.

For those of us running "less powerful" AMD processors... you've been spared this round. We're down to the finalists now Simon... Who goes home next?? Better yet... Who are you going to save??

Posted on 20 Mar 2009, 15:44 - Category: Al's Top News
Edit - Delete

No comments posted yet.

Add Comment

Show Smilies
Security Code j334a45x
Password (So people cannot steal your identity)

The YourDataCenter™ Family Includes: - - - - - - - -

©2018- Your Data Center Incorporated, All Rights Reserved.