Hyper-Threading technology, built into some Intel Pentium 4 central processing unit (CPU) microprocessors can be exploited by crackers and allow access to security keys. A description of the timing attack was presented Friday by a Colin Percival, a computer science researcher, at the BSDCan 2005 conference. Intel’s Hyper-Threading (HT) algorithm enables Pentium CPUs to maximize the efficiency of the processing system. According to Intel’s website, with HT technology “desktop users can experience greater system responsiveness and performance when multitasking. At home, users can encode audio and video at the same time, or run a virus scan in the background while continuing to play their favorite game. In the office, HT Technology enables IT managers to deploy PC services such as encryption, compression or backup technologies while minimizing the impact on PC user productivity. In addition, multitasking business workers can experience greater system responsiveness, enabling increased productivity. In summary, the Pentium 4 processor supporting HT Technology delivers a new level of performance and PC responsiveness for consumers and business professionals.”

The HT technology allows two separate processes, software threads, to concurrently execute, using a single CPU, and it’s this capability that can be exploited. he multiple processes share access to the CPU’s cache, and through this shared access the security keys for the computer can be gleaned.

Dave’s Opinion
Cache is a portion of memory, usually built into the microprocessor, that enables ultrafast access to frequently-used, and recently-used data. By storing the data in fast-access memory, overall system performance is improved. Generally, the system’s L1 cache is cleared between system processes; however, with HT technology, the cache may remain filled, pending a request from another thread, this allows one processing thread to have access to the data intended for use by the other. The problem is akin to a shared desk: one user has access to another’s papers unless the desk is cleared between work shifts.

Percival reported that the co-access security risk only affects servers, and that desktop users are not at risk; however,
Hyper-Threading processors also ship on desktop PCs, but this particular flaw is only a problem for servers, Percival said on his Web site.

According to Percival, “Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw,” Colin explains. “This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately.”

Call for Comments
What do you think? Leave your comments below.

References
BSDCan 2005 Hyper-Threading Vulnerability

Symantec Corp., manufacturer of the popular Norton series of antivirus products, yesterday warned customers of a multiple critical holes in Microsoft Corp.’s Windows operating system. The security holes make the Windows systems vulnerable to remote attack.

Following postings to the Bugtraq mailing list, a respected source of timely security information, Symantec security managers also detailed the heap overflow vulnerabilities of Microsoft’s popular operating system. Until Microsoft releases patches, users are vulnerable to attack through the winhlp32.exe file, which manages Windows help files. An attacker can trigger a memory overflow by tricking a user into opening a Trojan help file.

In related news, Symantec also warned of a second Windows vulnerability, called LoadImage, that guides the operating system in displaying desktop icons, cursors, and bitmap images. Trojan images can be used to trigger a memory overflew and install rogue computer code on computers running Windows. The Trojan images can easily be received via e-mail or through websites.

As with the Help file vulnerability, most supported versions of Windows are affected by the LoadImage flaw, including versions of Windows NT, Windows XP, Windows 2000 and Windows Server 2003, Symantec said.

Dave’s Opinion
Users should be especially careful to not open unexpected e-mail attachments and to visit only known, reputable websites until Microsoft issues security updates for these serious security vulnerabilities.

Call for Comments
What do you think? Leave your comments below.

References
Microsoft
Symantec

Three academic computer scientists have uncovered a serious security hole in the Google Desktop Search Toolbar that was released on October 14th. Dan Wallach, assistant professor of computer science at Rice University and two graduate students, Seth Fogarty and Seth Nielson, have known of the security problem for a month; however, this is the first confirmed report of a serious problem with Google’s popular search tool.

The security hold allows a cracker to gain access to the contents of a toolbar user’s computer without the user’s being aware of the the attack. Google says that it has repaired the security hole and has begun distributing an updated version of the search toolbar installation program.

Dave’s Opinion
It seems that users of the Google Desktop Search Toolbar are safe from this security problem, if they are using version 121.004 or newer.

Call for Comments
What do you think? Leave your comments below.

References
Rice University
Google

A flaw in the Windows Internet Name Service (WINS) in Windows NT Server 4.0, Server 2000, and Server 2003 creates a security hole that would allow a cracker to gain full control over the network server, thereby putting corporate data at risk.

WINS is a network component that manages a distributed database of network stations by mapping computer names and IP addresses across a routed network. While other versions of Microsoft Windows include support for WINS, only the server versions are currently known to be infected, according to Microsoft.

Microsoft will patch this security flaw as part of it’s scheduled monthly update.

Dave’s Comment
This is a serious security issue. Until an update is released, network administrators can secure their systems by blocking their firewall’s TCP and UDP ports 42 and either removing WINS or using IPsec to secure the network traffic.

Call for Comments
What do you think? Leave your comments below.

References
Microsoft Security

Microsoft is readying the Windows XP Service Pack 2 (SP2) upgrade for release in mid-2004. The upgrade will address many of the security problems that currently plague the company’s flagship operating system.

For example, the current Internet Connection Firewall is disabled by default and most users find it difficult to configure. In WinXP SP2 the feature is renamed Windows Firewall, enabled by default, and is prominently displayed. The new Windows Firewall will offer many of the features of third-party firewalls, such as ZoneLabs’ ZoneAlarm, a product that I currently recommend to all clients.

WinXP SP2 modifies the operating system’s wireless networking (Wi-Fi) service, allowing users to select primary Wi-Fi networks to which the system should always connect when within range. This will make laptop systems much easier to manage.

All users will be glad that Internet Explorer now blocks pop-up ads, negating the need to purchase a third-party web browser or ad-blocking application. Next to spam, I find pop-ups the most annoying downside to life online.

Outlook Express and Windows Messenger will block many dangerous file types by isolating file attachments so that they aren’t automatically executed upon receipt. By default HTML-formatted e-mail messages won’t display images, this will prevent web bugs embedded in e-mail messages from confirming your e-mail address to spammers.

Dave’s Opinion
I’m not a Pollyanna, believing that Windows is now a secure operating system, but Microsoft’s efforts will make it more difficult for crackers and spammers to ruin our online experience. But as my students constantly remind me, there’s no better line of security than an educated user. Learn all that you can about how to secure your system, keep your antivirus definitions updated daily, and don’t ever open a file attachment that you didn’t expect.

Call for Comments
What do you think? Leave your comments below.