Great minds think alike... on hacker exploits

Ah, the CanSecWest season -- spring is springing, Pwn20wn is smiting browsers, and the fearsome Invisible Things Lab team of Joanna Rutkowska and Rafal Wojtczuk have debuted another attack on SMM (system management mode) memory. Thing is, so has researcher Loic Duflot; in his case, right at the CanSecWest conference. The public disclosure was coordinated for Thursday, but the exploit itself was discovered independently by both teams.

Rutkowska's got the whole story on her site. Invisible Things and Duglot's team are all good eggs, so Intel was informed about the exploit well before CanSecWest attendees got the details. The exploit itself (PDF available here) allows for privilege escalation from Ring 0 to the SMM on various newer motherboards with Intel CPUs. "Informing Intel," by the way, turns out to be the weirdest part of the story -- turns out that not only has the company known about the SMRAM-related security gap since 2005, they've mentioned it in a patent application.