Another PIII ID Exploit Found 93
Peter
Hernberg writes "We, it looks like someone has found another exploit
to get your PIII ID. The new story is here.. "
Cyrix and AMD are looking shinier each day.
It is impossible to enjoy idling thoroughly unless one has plenty of work to do. -- Jerome Klapka Jerome
Re:Trojan (Score:1)
This action by Symantec appears to be politically motivated due to partnerships(?) with Intel.
Virus eh? (Score:2)
Why acknowledge that there are gaping security holes when you can just convince everyone that its a virus? There's already a precedent...can you say Word Macro-Virus? Can you say ActiveX? Prople seem to think they're helpless in the face of a "virus" when they should be howling to get the security holes fixed.
Phew! *lights smoke* that rant felt good.
Installation tip (Score:1)
I find this rather funny. I guess those guys have never lost hours worth of new code or gameplay time when their windows machine locks mysteriously.
It's intended for systems without the BIOS option (Score:1)
--
Timur Tabi
Remove "nospam_" from email address
Indeed! (Score:1)
I've recently Been looking for Components for a new SMP box I'm putting together. It seems that Intel is really pushing the PIII. A quick search on pricewatch shows that prices for the lower MHZ PIII's are in line with the Faster PII's.
I Chose the PII 450. I didn't want to bother with re-wiring and overclocking a Celeron300a.
I'm waiting to see what the K7 will be like....
Re:Trojan: Hardware virus built in! (Score:1)
Software virus not needed, Hardware virus built in!
What next?
Re:Uhh, sorry. Not worried. (Score:1)
Oh? I can see some bios flashing virus leave that claim to shame. Beware of sploits.
Dull, very dull (Score:1)
I never bought Intel's line that this has anything to do with security.
Personally, I think it has more to do with tracking stolen or overclocked chips. I'm pretty indifferent too all of it. Intel's only mistake seems to be to try to sell the public on this sort of thing. Especially for security purposes.
I wonder what it would take to 'emulate' a Pentium on a Pentium, and forge the ID?
Nefarious Porpoises (Score:1)
Reeeeowrl!
Re:Stating the obvious (Score:1)
But that's not what they claim (Score:1)
The issue that everyone is uncomfortable with is the default settings for default users, people like your mom and dad who just want to run windows and forget about it, maybe buy a book off of amazon every so often.
If people can take advantage of these, the script kiddies and hAXors and the rest will take what they can. Yes, I can feel safe inside of my secure linux box, but I cannot bless or condone the threat that intel would like to pose to others who are not as fortunate as I...
It is not a fair compromise to disable the chips if you can't disable them in the first place. (I don't much think it's a good solution anyway, but if you do, they should still fulfill that obligation)
Re:My youthful idealism (Score:1)
Uh, because they were unwise enough to buy the processor?
VMware? (Score:1)
Re:Stating the obvious (Score:1)
Re:Stating the obvious (Score:1)
Of course, life would be much better for all involved if ActiveX were to die a quick death. Unfortunately, I don't see that happening anytime soon.
Re:laughing... (Score:1)
Dual 350s or so would be better, as far as cost/performance I'd imagine (the slower FSB on the 333s would probably make the 350s a better deal). But then you have to run an SMP-aware OS, which is no biggie for most of us, but might be for all those people who want to run Win98 so they can play those games they can't get running well under NT or WINE)
Anti-virus may be correct. (Score:2)
a) crashes the user's machine b) installs code to bypass the PIII feature c) uses that to set a cookie and display it to other websites.
Intel may have been correct - this has all the earmarkings of a trojan.. and regardless of who publishes it, it still remains one. But it's still incredibly petty of them to have symantec put a patch out for *just* the zero knowledge program. A real solution would be to have symantec develop an algorithm to warn the user of *any* attempt to bypass the PIII control panel, not just zero knowledge's ones.
Sorry intel, close - but no cigar.
--
Re:Have they posted the source code? (Score:1)
Sign the email with the PIII serial number, the Windows serial number, and any software Id codes you can find. Collect as many of these as you can.
Then look for duplicate software id codes from different PIII/windows serial numbers. Use the ethernet number in the windows serial number to look up the IP number. Resolve the IP number back to a service provider. Fill out a warrent for information from the service provider. Retrive home addresses and send out the boys in blue to collect the hard evidince in the form of the computer PIII, ethernet card and hard drive.
It would be easy enough for M$ to hide a macro viris like VB code in the latest patch/OS that would send the email. The rest of the process could be automated right up to emailing the local police a request for a search warrent with all the relevant information attached.
Now if this happens to anyone do you think they could sue M$ for theft of services in running the email marco viris on their personal computer? Whoever has most $ for the lawyers wins.
Re:Dull, very dull (Score:2)
Not much, probably. Ultimately, it's the communications software that's trusted, not the hardware. If a web site wants to know what your CPU ID is, it can either: 1) Ask the browser, or 2) have the client download a piece of trusted code (a signed ActiveX, perhaps) which queries the CPU ID and sends it back, possibly encrypted.
Either case is easy to spoof. In the first case, you just patch the browser, and have it send a spoofed ID. In the second case, you modify the browser to trap the ActiveX download, and then have it patch the ActiveX in memory to spoof the ID. The patched ActiveX then happily encrypts your spoofed ID, and sends it back. There's no way the web site can know what happened.
Granted, the second exploit is harder to pull off, but no harder than taking advantage of a buffer overrun, or disabling software copy protection, and both are provably doable.
Re:Anti-virus may be correct. (Score:1)
i have to agree with the "it's a trojan" side of things, too; this program just demonstrates that whenever you run untrusted binary code on your system, it can fuck you up. big news... NOT.
the real problem is not with having a serial number on p3's, it's with idiotic Intel trying to sell the idea that browsers should retrieve this number and pass it around.
I look forward to the day mozilla has the ability to do this, so I can hack it (or get patches, I'm sure many people will be making those) to send random numbers.
Re:Nefarious Porpoises (Score:1)
Uhh, sorry. Not worried. (Score:1)
have to beg me to give permission to run
(ignoring the fact that if I were to give some
other ActiveX control the same permission it
could just read my registry, hard drive directory,
and install a keyboard monitor to catch my credit card numbers) which installs a program (I am assuming here) that will turn on my PIII serial number when I reboot..
Of course, if I had a PIII I would have the program that turns the serial number off in my bootup so that it was always turned off as my computer boots...
Sorry, just not very worried. The PIII serial number is pure, liquid evil, but this "exploit" is a joke.
Missing the point (Score:1)
I'm willing to bet that this could just as happily been done in assembler or C. (Admittedly, this would make it a pain to use over the Web, but Java may work just as well.)
-S"Q"K
Re:Other uses... (Score:1)
I believe that "Windows Update" does exactly what you suggest.
--
Late news (Score:2)
Re:Intel really SUCKS (Score:1)
Re:Uhh, sorry. Not worried. (Score:1)
----------
Re:BSOD is a FEATURE (Score:1)
Re:Installation tip (Score:1)
I would guess that it happens all the time, but that they just think it's normal.
INTEL A Monopoly? Why whatever gave you such idea? (Score:1)
Re:It makes the author a criminal subject to jail. (Score:1)
-sonic
Re:Trojan (Score:1)
For a company as powerful as they are, I was really impressed with Intel's behavior up until fairly recently (the last couple years.) It seems like they are really pushing the limits in the same way MS does (not that they are explicitly unethical but they dance close enough to the line that it makes you question it)
I can understand some things, they are being attacked by a lot of different companies on a lot of different levels but it's getting pretty bad. Semantic has no reason at all to list this program as a virus or a trojan, Intel needs to come up with a better scheme.
old news with a new twist (Score:1)
I think the zeroknowledge example code has
been around for a while now. The real news today centers around the discovery of Intel
getting the antivirus people to declare the
zeroknowledge stuff malicious.
-chris
Re:In Defense of Intel (Score:1)
If Intel really wanted to use the PIII for nefarious purposes, why would they go to all this trouble to stop someone using it for nefarious purposes?? I mean, I enjoy conspirary theories as much as the next person, but they are just a *game*.
Mike
Re:In Defense of Intel (Score:1)
Yes; and if I copied the ActiveX control and put it on a webpage saying click here to see my comments on slashdot, then that would also crash your computer. There is a difference between the HTML and the ActiveX control. I'm assuming the Symantic/Intel and co aren't saying that visiting that webpage is bad, just that running that ActiveX control is bad. Good for them. It is bad. And if you want to ignore the warnings of an anti-virus program, go for it. But don't complain when something that you didn't want to happen happens.
jovoc wrote "Heh, under that definition, Windows itself is quite a virus. "
In case it wasn't clear, I meant intentionally crashes your computer. If a bug in the program causes the computer to crash, it's clearly not a virus.
Mike
In Defense of Intel (Score:4)
Intel has asked that anti-virsus people list as a virus a program that *crashes the users computer without their consent*! What definition of virus are people using such that this doesn't qualify? Not only does it crash the user's computer, it reveals information that the user doesn't want revealed. If instead of revealing the PIII, this
program searched for Quicken documents and mailed them to a hotmail account, would be be saying that
whoever makes Quicken shouldn't call it a virus?
I agree that on general principle the PIII id isn't a wonderful idea, but I can understand why Intel did it. Most high-end computers (Sun, SGI, Alpha?, etc) ship with some sort of unique id, for licensing purposes. The only reason people don't get upset about that is that they are not person computers, but servers, so they cannot be linked to an identity. Intel wants to enter that market,
and CPU ids are needed. But they then anger the consumer market. What should they do? The road they took (disable to PIII id, unless you need it for a server) seems like a air compromise. Why is everyone so upset at them?
Finally, under an real operating system, this sort of exploit would be useless unless it was run as root. And if you go web browsing as root, you deserve what you get
Mike Sackton
Re:Modify Netscape (Score:1)
The "virus" may have to be integrated into the Flash BIOS to fake out the ID. That would mean the "virus" would be BIOS specific, perhaps even machine specific (definately a roll-your-own-virus program
Re:In Defense of Intel (Score:1)
> virus a program that *crashes the users computer
> without their consent*!
Uh.. it crashes the computer, but only with your consent. There are big bold letters warning you that this will happen if you press "ok".
Heh, under that definition, Windows itself is quite a virus.
My youthful idealism (Score:1)
As a side note -- how long until someone comes up with a similar piece of code that IS malicious and is NOT publicly announced?
I see this as an unfortunate example of corporate cost/benefit analysis. It's too expensive to go back and fix the security problem or remove the ID altogether. Just declare the code which exploits it as potentially mailicous, then partner with a software company to develop protection against it. It's a win-win for everyone except the customer, who ends up gouged.
Everyone (including Intel, I'm sure) knows that the Right Thing is to fix the problem and release PIIIv2, but that's expensive and it's bad PR to admit a problem (everyone will want a free replacement).
Maybe my expectations are too high, but stuff like this makes the "Ralph Nader" in me a little angry.
Stating the obvious (Score:5)
Remember the Internet Exploder control? It was an ActiveX component which, when loaded with a web page, would count down ten seconds and shut down a Windows computer. The creator did it for the sole purpose of demonstrating potential security dangers with ActiveX.
Microsoft and Verisign threatened the guy with court action for obtaining a Verisign certificate under false pretenses. Never mind that part of his demonstration was just how easy it is to obtain such a certificate.
Now Intel has declared Zero-Knowledge's little demo to be a virus or trojan. Apparently, the goal is to discredit them. The worst part is that I think just about everyone saw it coming before they even got to "Intel's response" part of the article.
Here's the obvious part of my comment -- this tactic is pretty foreign to the Free Software community. It seems that most security problems with Free operating systems are received with, "thank you," and then they are FIXED. If you actually write a program which demonstrates the problem, you're a hero. No one attacks your credibility or motives. In fact, you are likely to GAIN credibility.
Of course, by posting this here I'm pretty much preaching to the choir.
Re: Free Software Security Issues (Score:2)
Almost monthly, you'll get flames start up Bugtraq about this. Bugtraq is a full disclosure unix security list - often, raw exploits are posted to it, or tools that someone used to replicate a problem they may have found in software (free or not). Very often, you'll have the author - a vendor, a coder, or a maintainer - or another person bitch about this, because they weren't given prior notice or warnings, etc. Example: The lsof bug of February ( thread starts here [geek-girl.com]).
These threads sometimes, in fact, revolve around people posting for credit or ego/status. While Intel is acting very different, our free movement is not always the clean "thank you" we'd like. However, that's often justified - especially with free software, its better to come bearing patches rather than problems.
Of course, regardless, our bugs get fixed faster. [userfriendly.org]
Re:Word is a virus (Score:1)
I have had to tell many many people, sorry, I can't help you recover your document. It was eaten by a word macro virus." At which point they leave the room crying because they spent the last 2 years writing that thesis. . . .
Maybe it is a good thing (Score:1)
RB
weee as if i wasn't easy enough to identify (Score:1)
as if i was not easy enough to identify as some insane /.er you can say hi to my office too. now won't my boss be happy about the security breach?! this will prevent several banks from doing online banking for a good while once the top brass find out about it. so much for e comerce. stuff like that is what keep a lot of companies off of the internet in the first place. if intel really wanted to sell the idea of the internet and their chips as business sales tools then the really should take a few clues from the financial world and do their damnedest to keep security and privacy specs up to date.
you know, that is just all i need.. as if it was not easy enough to spot a red dress and lapel pin insignia..
if you don't look at the fnords, they won't eat you.
Trojan (Score:1)
Easier way???? (Score:1)
you wouldn't have to reboot that way (I can't test it
Re:Easier way???? (Score:1)
http://users.skynet.be/somnus/virshop.html
(sssh! don't tell anyone)
Re:Uhh, sorry. Not worried. (Score:1)
It is nowhere stated that the PID is retrieved before the reboot.
So there's nothing about this 'exploit' that gives any new insights.
Re:Uhh, sorry. Not worried. (Score:1)
Re:Trojan (Score:1)
Re:laughing... (Score:1)