backtop


Print 93 comment(s) - last by kalak.. on Aug 8 at 2:42 PM


Developers told not to panic over new Intel Core 2 Duo steppings

OpenBSD founder Theo de Raadt publicly denounced Intel’s Core 2 processors on the OpenBSD mailing list. Raadt cited 38 pages of processor errata from Intel’s published CPU specifications (PDF).

“These processors are buggy as hell, and some of these bugs don’t just cause development/debugging problems, but will *ASSUREDLY* be exploitable from userland code," Raadt said. "Some of these are things that cannot be fixed in running code, and some are things that every operating system will do until about mid-2008, because that is how the MMU has always been managed on all generations of Intel/AMD/whoeverelse hardware."

Linux coordinator and former Transmeta employee Linus Torvalds, thought otherwise and considers these bugs “totally insignificant.”

Processor errata is nothing new, Torvalds said. Commodity CPUs such as chips based on the Intel Core 2 architecture have a considerably lower bug rate than proprietary boutique CPUs.

“Yeah, x86 errata get more attention," said Torvalds. "But those things are pretty damn well tested. Better than most.”

The errata document specifically mentions the Core 2 Duo E4000, E6000, and X6800 series processors. None of the errata are nearly as insidious or widespread as more infamous problems, like the original Pentium floating-point bug, although some can lead to buffer overflow exploits, claims de Raalt. All of the current errata have patches in the works or can be — and have been — worked around by developers.

In a statement from Intel Global Communications, Nick Knuppfer writes:

“Months ago, we addressed a processor issue by providing a BIOS update for our customers that in no way affects system performance. We publicly documented this as an erratum in April. All processors from all companies have errata, and Intel has a well-known errata communication process to inform our customers and the public. Keep in mind the probability of encountering this issue is extremely low."

“Specification Updates for the affected processors are available at http://developer.intel.com. All errata are thoroughly investigated for issues and vulnerabilities, should they have any we fix them, usually through a microcode update.”


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Processor bugs are nothing new
By oab on 7/1/2007 4:27:10 PM , Rating: 5
Procesor bugs are indeed nothing new. However, while difficult to exploit a hardware-based buffer overflow has the potential to be quite devastating.

Though I doubt anything more then a proof of concept would be released.

More popular software applications (like IE or Office) present a much more appealing target to create bot-nets with then a DoS attack on hardware platforms. As popular as the Core 2 procs are, more people run Windows with IE then run a system with a Core 2 in it.

Its security on Firefox and IE. Firefox has flaws (thats why you are up to 2.0.0.4), IE has flaws. IE is used by more people therefore exploits are written to take advantage of IE instead of firefox.




RE: Processor bugs are nothing new
By HaZaRd2K6 on 7/1/2007 5:56:24 PM , Rating: 2
I'd rate you up, but you're already at 5. So "here, here".


By lukasbradley on 7/1/2007 7:05:43 PM , Rating: 5
For informational purposes only: it's actually "hear hear."
http://en.wikipedia.org/wiki/Hear_hear


RE: Processor bugs are nothing new
By LogicallyGenius on 7/2/07, Rating: -1
RE: Processor bugs are nothing new
By bhieb on 7/2/2007 12:50:49 PM , Rating: 2
Why? Since you went to the trouble of making such a well-worded reply go ahead and tell us why you would rate it down. Was there some glaring inaccuracy in the post? Maybe your are a MS hater and somehow think FireFox is completely secure. His point was right on, neither is completely safe, and hackers generally attack the most common variable (in this case IE since is is by far the most popular browser - note I did not say better).


RE: Processor bugs are nothing new
By mindless1 on 7/2/2007 1:26:24 PM , Rating: 1
I agree with LogicallyGenius, the first post should allow rating. I would've downrated it, because all it did is quote the link but then try to twist war sympathizers' ideals into some kind of aligning group, in order to make a logical leap in opinion not supported by that link.

Right or wrong the fellow noticed the potential for exploit and gave his recommendation - a recommendation you don't have to follow, as you're free to accept or reject any and all such recommendations from anyone. Taken one at a time, the likelihood of any particular vulnerablity actually becoming a widespread exploit is low, but ultimately some DO become somewhat so, we cannot discount each thing in turn as unimportant unless we simultaneously deny exploits exist, as those that do become most significant are the ones that go unresolved, that diligence on the system owners' part can't fix so easily.

Who are you to think we have to justify to you why we disagree? What a silly concept, and no we don't have to defend against your pathetic attempts at trollism like arbitrarily bringing up "MS Hater" or "Firefox" topics, which BTW, are not directly applicable to the first post so did you just pull them out of your arse while recognizing you needed some nonsense to distract from the fact that you didn't have a reasonable position? Anyone and everyone can rate a post without having to answer to you.

So sorry but the rating system is not meant to only mirror what YOU like.


By mindless1 on 7/2/2007 2:44:58 PM , Rating: 1
My apologies for the comment about pathetic attempts at trollism. I realize now you (bhieb) had misunderstood when the prior post mentioned the "first" post, possibly because it was posted in reply to the wrong place in the thread.

You had looked at the wrong post only two prior, and were drawing opinon from that post, instead of looking at the very first post on the page which was the one without any user rating possible - which did not mention the topics of MS and Firefox, so when you brought up these two often-debated topics which didn't pertain to the content of the first post, they looked like flamewar bait.


RE: Processor bugs are nothing new
By bhieb on 7/2/07, Rating: -1
RE: Processor bugs are nothing new
By kalak on 7/3/2007 4:33:42 PM , Rating: 1
quote:
Its security on Firefox and IE


What ? WHAT ??!!!
Firefox is a LOT more secure than IE... It has:
- NoScript
- AdBlock

and a community behind that make hundreds of useful extensions...

quote:
IE is used by more people therefore exploits are written to take advantage of IE instead of firefox.


So, you saying that... IS more safe to use Firefox than IE... Right ??? :-))


RE: Processor bugs are nothing new
By Fritzr on 7/4/2007 11:15:02 PM , Rating: 2
quote:
and a community behind that make hundreds of useful extensions..


This is a proven security risk with several holes reported & fixed ... of course the others...

I use Opera...also buggy just as IE & FireFox are. In general they share the same major flaws that arise from the nature of the code they are designed to correctly parse. In addition each of the three and the other less well known browsers have programmer errors & design features/errors that introduce additional security holes.

IE is distributed with all Windows installs & is ported to other OSes ... so it has the largest number of target systems available for attack.

FireFox is heavily marketed as an IE alternative. As a result it is highly visible and the number of installed copies in use is growing fast. This makes it an attractive secondary target.

I use Opera as it is less visible than the other 2, does all that I need and some of the nice features either appeared here first or at the very least I became aware of them here first. There are things that still stop Opera, so I keep FireFox & IE installed and even use them a few times a year.

This does not eliminate risk, but by going with the least visible browser that does what I need, I minimize the number of folks using me for target practice :P

I tend to agree with Linus on the original issue. As long as bugfixes are avalable below the OS level the risk is minimal due to more lucrative targets being available.

Of course putting the spotlight on the possibilty of micro-code reprogramming will challenge the oldtimers who do it for the challenge :P


"If a man really wants to make a million dollars, the best way would be to start his own religion." -- Scientology founder L. Ron. Hubbard











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki