※ [本文转录自 hardware 看板] 作者: coolcliff01 (神阿..好你个死人头) 看板: hardware 标题: [News] 无差别攻击 intel CPU Bug将导致远程代码攻击 时间: Wed Jul 16 15:44:58 2008 转载自 http://tinyurl.com/5n9v95 这是一个intel CPU的漏洞所导致的一个弱点！ 可能会被用来进行远端攻击，受影响的作业系统为"任何" 这是一种很有趣的攻击方式 是针对特定硬体的而来的弱点攻击！而且没有限定作业系统 不管是Windows,Linux,BSD等都有可能经由这个弱点被攻击！ 而Kris Kaspersky(Kaspersky安全研究员)表示他计划将在今年10月所举行的HITB 展示这个弱点攻击，并说明如何利用CPU Bug来达攻击的目的！ ***************************************************************** Presentation Title: Remote Code Execution Through Intel CPU Bugs Presentation Abstract: According to the Intel Specification Updates, Intel Core 2 has 128 confirmed bugs. Intel Itanium (designed for critical systems) looks more 「promising」, carrying over 230 bugs. They have all been confirmed by Intel and described in errata section of their specification updates. Some bugs 「just」 crash the system (under quite rare conditions) while the others give the attackers full control over the machine. In other words, Intel CPUs have exploitable bugs which are vulnerable to both local and remote attacks which works against any OS regardless of the patches applied or the applications which are running. Although CPU bugs are not something new in the security industry, nobody has come out with any proof-of-concept exploits and as it stands, there are no known malware that take advantage of these bugs, although some malware writers have actually used CPU bugs for targeted attacks. It is just a matter of time before we start seeing these sort of attacks used in more devastating ways over the Internet. Intel has provided workarounds to major BIOS vendors for some of these bugs, but who knows which vendor actually uses them? End-users are in the dark as to how to check if they are secure or not. Intel doesn't provide any test program for this and the worst thing is - some bugs are still not fixed. In other words, Intel has no workaround for it. In this presentation, I will share with the participants the finding of my CPU malware detection research which was funded by Endeavor Security. I will also present to the participants my improved POC code and will show participants how it's possible to make an attack via JavaScript code or just TCP/IP packets storms against Intel based machine. Some of the bugs that will be shown are exploitable via common instruction sequences and by knowing the mechanics behind certain JIT Java-compilers, attackers can force the compiler to do what they want (for example: short nested loops lead to system crashes on many CPUs). I will also share with the participants my experience in data recovery and how CPU bugs have actually contributed in damaging our hard drives without our knowledge. About Kris Kris Kaspersky has over 15 years of software engineering and reverse engineering experience in CD/DVD protections, PE/ELF packers/protectors, CD/DVD copiers, audio/video codecs (MPEG 1/MPEG 2/MPEG 4), data flow optimization, CPU-specific optimization, compiler specific optimization, debugging code and much more. As an independent consultant and technical writer, Kris has been an active researcher in the field of reverse engineering and pretty much dedicated his daily life in mastering the art. He possesses a deep knowledge in OS internals and low level ASM. He is also the author for Xakep magazine and has published more than 20 books about system programming. The titles of his English publications are below: * Hacker Disassembling Uncovered: Powerful Techniques To Safeguard Your Programming (ISBN: 1931769222); * Hacker Disassembling Uncovered: Second Edition, totally rewritten (ISBN-10: 1931769648); * CD Cracking Uncovered: Protection Against Unsanctioned CD Copying (ISBN-10: 1931769338); * Data Recovery: Tips and Solutions: Windows, Linux, and BSD (ISBN-10: 1931769567); * Code Optimization: Effective Memory Usage (ISBN-10: 1931769249); * Shellcoder's Programming Uncovered (ISBN-10: 193176946X); * Hacker Debugging Uncovered (ISBN-10: 1931769400) --

※ 发信站: 批踢踢实业坊(ptt.cc) ◆ From: 218.169.80.248 ※ 编辑: coolcliff01 来自: 218.169.94.126 (07/16 18:16) --

※ 发信站: 批踢踢实业坊(ptt.cc) ◆ From: 122.117.170.99