Security News

Great minds think alike... on hacker exploits

By Angela Gunn | Published March 20, 2009, 7:55 AM

invisible things lab logoAh, the CanSecWest season -- spring is springing, Pwn20wn is smiting browsers, and the fearsome Invisible Things Lab team of Joanna Rutkowska and Rafal Wojtczuk have debuted another attack on SMM (system management mode) memory. Thing is, so has researcher Loic Duflot; in his case, right at the CanSecWest conference. The public disclosure was coordinated for Thursday, but the exploit itself was discovered independently by both teams.

Rutkowska's got the whole story on her site. Invisible Things and Duglot's team are all good eggs, so Intel was informed about the exploit well before CanSecWest attendees got the details. The exploit itself (PDF available here) allows for privilege escalation from Ring 0 to the SMM on various newer motherboards with Intel CPUs. "Informing Intel," by the way, turns out to be the weirdest part of the story -- turns out that not only has the company known about the SMRAM-related security gap since 2005, they've mentioned it in a patent application.

Comments

View comments by with a score of at least

betavirus1025
Mar 20, 2009 - 5:50 PM

Great minds may think alike, and the other side of that is that fools seldom differ.

Score: 0

|
Post Reply

Latest Firefox 3.6 beta fixes 133 bugs, promises faster page load times

A once-sluggish beta testing process has kicked into overdrive, with astonishing success at finding serious bugs. Will Mozilla be able to fix all the others in time?

Apple invokes DMCA, claims Psystar is 'trafficking in circumvention devices'

In trying to close the book on possibly the last attempt at a Mac clone, Apple cites from its own landmark case...but may actually be misinterpreting it.

The fallacy of Facebook privacy

Carmi Levy | Wide Angle Zoom: If an insurance company learns something interesting about its client through the Internet, is that snooping?

Microsoft 'worked with Apple' for Silverlight on iPhone, says Goldfarb

By not making such a big deal out of trying to stream video to the iPhone, Microsoft got a big deal out of it, revealed the Silverlight product manager.

Confirmed: Office 2010 to ship in June

Two weeks after Microsoft had been expected to draw a clearer roadmap for its principal applications suite, it's finally ready to commit to the end of H1.

New EU antitrust commissioner will oversee Microsoft, Oracle+Sun, Intel issues

As one of Europe's most prominent politicians shifts positions in January, her replacement remains a question mark over technology's biggest issues.

Without its own 'iTablet' yet, is Apple missing the boat?

Steve Jobs is on record as dissing "single-purpose" devices like e-readers. But given their recent popularity, was that a mistake?

Not-so-mobile battery life: Time to force the issue

Carmi Levy | Wide Angle Zoom: If power efficiency is important when you buy a car or even a motorcycle, why shouldn't it matter for a smartphone?

Clicker.com cuts through the Web video chaos

In a world where homemade video and Hollywood movies travel the same pipeline, it's good to have a real search engine to cut through the clutter.

Microsoft's Ray Ozzie: 'Nobody's going to be 100% open'

The mobile apps ecosystems of the world may converge over time, led by apps being ported over across platforms, according to the Chief Software Architect.

A case study in improving software: What Office 2010 can learn from Notion 3

A music composition product gambles with a complete overhaul, in an effort to make headway against two well-known competitors in a tough market.