[news-en] CPU Bug Attacks: Are they really necessary?

xcdegasp · 18-07-2008, 16:30

CPU Bug Attacks: Are they really necessary?

Recently, some articles have been published after Hack in the Box Security Conference 2008 presentations have been revealed. One of the most interesting topics that will be shown at the conference will be the presentation given by Kris Kaspersky.

Kaspersky (who has nothing to do with Kaspersky Labs) will be presenting his research and proof of concepts on how to exploit Intel CPU bugs to make an attack regardless of the operating system or if applications installed are all updated or not.

As Kris Kaspersky has written on his abstract, Intel CPUs have exploitable bugs. When CPUs came out from the development cycle, some bugs can exist of course, someones have been fixed, someones have not.

Now, Kaspersky has stated that he could subvert the Operating System regardless of all security countermeasures installed by driving applications to execute specific sequences of Intel CPU instructions.

Reading on some international boards, I've seen a lot of users quite worried about this presentation and what the consequences will be after that.

I wouldn't want to minimize the problem, but at least just write down some thoughts of mine.

Everyone is worried about what Kris will release to the public and I can understand this. But every year, at every security conference, there are really interesting presentations and lot of experienced people talking about theorically serious threats. But this doesn't necessarily mean that an exposed PoC will become a serious threat in the wild. Many of these PoCs require high levels of skill (which most malware authors do not have) to actually make them work in other contexts.

And, I feel sorry to say this, but being in the security industry my thoughts are: do malware writers really need to develop highly complex stuff to get milions of pcs infected? The answer is most likely not.

There are a massive amount of PCs infected by very simple malware and a number of these infections are caused because of users being social engineered to download a file or click on a link - hardly the "highly complex" spreading or infecting mechanisms some of these PoCs use.

Has anyone heard about Shadow Walker rootkit? It was really an interesting presentation attended by Sherri Sparks and Jamie Butler at Black Hat Conference 2005 in Japan. It was really a cool rootkit in theory.

Who hasn't heard about BluePill project developed by Joanna Rutkowska and Alexander Tereshkin? A new concept of rootkit basically undetectable (let's not talk about "how to detect bluepill" dispute). A cool project in theory, even with available sources online.

Why we haven't seen any of these PoC applied to ITW threats? Because they need a lot of efforts and highly skilled people to be developed and at this moment malware writers have understood that's far easier to infect milions of pc. It's user's fault, it's maybe our fault too. The truth is that there's still a lot to work for malware writers on user's layer (no, not user mode layer, human's layer) and on the OS layer, I think they wouldn't move far from here.

All this basically to say: yes, Kris Kaspersky's presentation will be interesting and everyone - from both security industry and darkside - will listen to it carefully. But don't make the error to be worried about something that could potentially become a threat and don't realize instead that there are at the present other serious threats that are left free to do their dirty job.

Fonte: www.prevx.com

FulValBot · 18-07-2008, 17:11

per favore

18-07-2008, 18:39

su pc al sicuro l'articolo è in italiano (per chi non ha dimestichezza con l'inglese)

http://www.pcalsicuro.com/main/2008/...ono-necessari/

W.S. · 19-07-2008, 12:17

Certo non è detto che siano realmente sfruttabili e se lo sono non è detto che verranno sfruttati data la complessità. Quanto riportato son dati di fatto più che opinioni

Quello che mi rende un pochino più preoccupato rispetto ad altri PoC molto pesanti è che i bug non stanno più nel software, facilmente modificabile una volta individuato il problema, ma nell'hardware.

Poi certo, inutile entrare in panico, le nostre macchine hanno già diversi bug a cui non possiamo porre rimedio.

18-07-2008, 16:30	#1
xcdegasp Senior Member Iscritto dal: Nov 2001 Città: Fidenza(pr) da Trento Messaggi: 27479	[news-en] CPU Bug Attacks: Are they really necessary? CPU Bug Attacks: Are they really necessary? Recently, some articles have been published after Hack in the Box Security Conference 2008 presentations have been revealed. One of the most interesting topics that will be shown at the conference will be the presentation given by Kris Kaspersky. Kaspersky (who has nothing to do with Kaspersky Labs) will be presenting his research and proof of concepts on how to exploit Intel CPU bugs to make an attack regardless of the operating system or if applications installed are all updated or not. As Kris Kaspersky has written on his abstract, Intel CPUs have exploitable bugs. When CPUs came out from the development cycle, some bugs can exist of course, someones have been fixed, someones have not. Now, Kaspersky has stated that he could subvert the Operating System regardless of all security countermeasures installed by driving applications to execute specific sequences of Intel CPU instructions. Reading on some international boards, I've seen a lot of users quite worried about this presentation and what the consequences will be after that. I wouldn't want to minimize the problem, but at least just write down some thoughts of mine. Everyone is worried about what Kris will release to the public and I can understand this. But every year, at every security conference, there are really interesting presentations and lot of experienced people talking about theorically serious threats. But this doesn't necessarily mean that an exposed PoC will become a serious threat in the wild. Many of these PoCs require high levels of skill (which most malware authors do not have) to actually make them work in other contexts. And, I feel sorry to say this, but being in the security industry my thoughts are: do malware writers really need to develop highly complex stuff to get milions of pcs infected? The answer is most likely not. There are a massive amount of PCs infected by very simple malware and a number of these infections are caused because of users being social engineered to download a file or click on a link - hardly the "highly complex" spreading or infecting mechanisms some of these PoCs use. Has anyone heard about Shadow Walker rootkit? It was really an interesting presentation attended by Sherri Sparks and Jamie Butler at Black Hat Conference 2005 in Japan. It was really a cool rootkit in theory. Who hasn't heard about BluePill project developed by Joanna Rutkowska and Alexander Tereshkin? A new concept of rootkit basically undetectable (let's not talk about "how to detect bluepill" dispute). A cool project in theory, even with available sources online. Why we haven't seen any of these PoC applied to ITW threats? Because they need a lot of efforts and highly skilled people to be developed and at this moment malware writers have understood that's far easier to infect milions of pc. It's user's fault, it's maybe our fault too. The truth is that there's still a lot to work for malware writers on user's layer (no, not user mode layer, human's layer) and on the OS layer, I think they wouldn't move far from here. All this basically to say: yes, Kris Kaspersky's presentation will be interesting and everyone - from both security industry and darkside - will listen to it carefully. But don't make the error to be worried about something that could potentially become a threat and don't realize instead that there are at the present other serious threats that are left free to do their dirty job. Fonte: www.prevx.com __________________ "Visti da vicino siamo tutti strani..." ~\|~ What Defines a Community? ~\|~ Thread eMule Ufficiale ~\|~ Online Armor in Italiano ~\|~ Regole di Sezione ~\|► Guida a PrivateFirewall quinto potere ~\|~ Le illusioni della TV

18-07-2008, 18:39	#3
ShoShen Messaggi: n/a	su pc al sicuro l'articolo è in italiano (per chi non ha dimestichezza con l'inglese) http://www.pcalsicuro.com/main/2008/...ono-necessari/ Ultima modifica di ShoShen : 19-07-2008 alle 16:35.

19-07-2008, 12:17	#4
W.S. Senior Member Iscritto dal: Nov 2005 Messaggi: 1868	Certo non è detto che siano realmente sfruttabili e se lo sono non è detto che verranno sfruttati data la complessità. Quanto riportato son dati di fatto più che opinioni Quello che mi rende un pochino più preoccupato rispetto ad altri PoC molto pesanti è che i bug non stanno più nel software, facilmente modificabile una volta individuato il problema, ma nell'hardware. Poi certo, inutile entrare in panico, le nostre macchine hanno già diversi bug a cui non possiamo porre rimedio. __________________ [ W.S. ]

18-07-2008, 17:11	#2
FulValBot Senior Member Iscritto dal: Oct 2007 Città: Roma Messaggi: 9806	per favore

Strumenti
Mostra una versione stampabile Invia questa pagina per email