[funsec] "Attacking Multicore CPUs" (slashdot, TheRegister)

Paul Vixie paul at vix.com
Tue Sep 18 14:45:22 CDT 2007


"The Register reports that the world of current multi-core central processing
units (CPUs) just entered is facing a serious threat. A security researcher at
Cambridge disclosed a new class of vulnerabilities that takes advantage of
concurrency to bypass security protections such as anti-virus software The
attack is based on the assumption that the software that interacts with the
kernel can be used without interference. The researcher, Robert Watson, showed
that a carefully written exploit can attack in the window when this happens,
and literally change the "words" that they are exchanging. Even if some of
these dark aspects of concurrency were already known, Watson proved that real
attacks can be developed, and showed that developers have to fix their
code. Fast..."

http://hardware.slashdot.org/article.pl?sid=07/09/16/131251
http://www.theregister.co.uk/2007/09/14/system_call_sploits/


More information about the funsec mailing list