Hyper-Threading technology, built into some Intel Pentium 4 central processing unit (CPU) microprocessors can be exploited by crackers and allow access to security keys. A description of the timing attack was presented Friday by a Colin Percival, a computer science researcher, at the BSDCan 2005 conference. Intel’s Hyper-Threading (HT) algorithm enables Pentium CPUs to maximize the efficiency of the processing system. According to Intel’s website, with HT technology “desktop users can experience greater system responsiveness and performance when multitasking. At home, users can encode audio and video at the same time, or run a virus scan in the background while continuing to play their favorite game. In the office, HT Technology enables IT managers to deploy PC services such as encryption, compression or backup technologies while minimizing the impact on PC user productivity. In addition, multitasking business workers can experience greater system responsiveness, enabling increased productivity. In summary, the Pentium 4 processor supporting HT Technology delivers a new level of performance and PC responsiveness for consumers and business professionals.”

The HT technology allows two separate processes, software threads, to concurrently execute, using a single CPU, and it’s this capability that can be exploited. he multiple processes share access to the CPU’s cache, and through this shared access the security keys for the computer can be gleaned.

Dave’s Opinion
Cache is a portion of memory, usually built into the microprocessor, that enables ultrafast access to frequently-used, and recently-used data. By storing the data in fast-access memory, overall system performance is improved. Generally, the system’s L1 cache is cleared between system processes; however, with HT technology, the cache may remain filled, pending a request from another thread, this allows one processing thread to have access to the data intended for use by the other. The problem is akin to a shared desk: one user has access to another’s papers unless the desk is cleared between work shifts.

Percival reported that the co-access security risk only affects servers, and that desktop users are not at risk; however,
Hyper-Threading processors also ship on desktop PCs, but this particular flaw is only a problem for servers, Percival said on his Web site.

According to Percival, “Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw,” Colin explains. “This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately.”

Call for Comments
What do you think? Leave your comments below.

References
BSDCan 2005 Hyper-Threading Vulnerability

It was only a month ago that Microsoft Corp. announced its free antispyware application; however, malware has already been detected by an antivirus company, Sophos PLC, that will disable Microsoft’s program and delete all files in the program’s installation directory.

The malware, known as BankAsh-A, not only deletes all of the Microsoft antispyware files, it then goes on to install a keylogger (keystroke logging) program to record all data entered into online banking websites.

Dave’s Opinion
The current version, BankAsh-A, targets U.K. bank customers; however, future versions of the malware application could target other countries’ banking customers. While this type of keylogger isn’t new, BankAsh-A proves the concept that Microsoft’s antispyware software is vulnerable to attack.

It’s disconcerting, although not at all unexpected, that Microsoft’s antispyware would be targeted; many digital security experts just didn’t expect the first attack to come so quickly.

Call for Comments
What do you think? Leave your comments below.

Symantec Corp., manufacturer of the popular Norton series of antivirus products, yesterday warned customers of a multiple critical holes in Microsoft Corp.’s Windows operating system. The security holes make the Windows systems vulnerable to remote attack.

Following postings to the Bugtraq mailing list, a respected source of timely security information, Symantec security managers also detailed the heap overflow vulnerabilities of Microsoft’s popular operating system. Until Microsoft releases patches, users are vulnerable to attack through the winhlp32.exe file, which manages Windows help files. An attacker can trigger a memory overflow by tricking a user into opening a Trojan help file.

In related news, Symantec also warned of a second Windows vulnerability, called LoadImage, that guides the operating system in displaying desktop icons, cursors, and bitmap images. Trojan images can be used to trigger a memory overflew and install rogue computer code on computers running Windows. The Trojan images can easily be received via e-mail or through websites.

As with the Help file vulnerability, most supported versions of Windows are affected by the LoadImage flaw, including versions of Windows NT, Windows XP, Windows 2000 and Windows Server 2003, Symantec said.

Dave’s Opinion
Users should be especially careful to not open unexpected e-mail attachments and to visit only known, reputable websites until Microsoft issues security updates for these serious security vulnerabilities.

Call for Comments
What do you think? Leave your comments below.

References
Microsoft
Symantec

Three academic computer scientists have uncovered a serious security hole in the Google Desktop Search Toolbar that was released on October 14th. Dan Wallach, assistant professor of computer science at Rice University and two graduate students, Seth Fogarty and Seth Nielson, have known of the security problem for a month; however, this is the first confirmed report of a serious problem with Google’s popular search tool.

The security hold allows a cracker to gain access to the contents of a toolbar user’s computer without the user’s being aware of the the attack. Google says that it has repaired the security hole and has begun distributing an updated version of the search toolbar installation program.

Dave’s Opinion
It seems that users of the Google Desktop Search Toolbar are safe from this security problem, if they are using version 121.004 or newer.

Call for Comments
What do you think? Leave your comments below.

References
Rice University
Google

A flaw in the Windows Internet Name Service (WINS) in Windows NT Server 4.0, Server 2000, and Server 2003 creates a security hole that would allow a cracker to gain full control over the network server, thereby putting corporate data at risk.

WINS is a network component that manages a distributed database of network stations by mapping computer names and IP addresses across a routed network. While other versions of Microsoft Windows include support for WINS, only the server versions are currently known to be infected, according to Microsoft.

Microsoft will patch this security flaw as part of it’s scheduled monthly update.

Dave’s Comment
This is a serious security issue. Until an update is released, network administrators can secure their systems by blocking their firewall’s TCP and UDP ports 42 and either removing WINS or using IPsec to secure the network traffic.

Call for Comments
What do you think? Leave your comments below.

References
Microsoft Security