Friday, 5 January 2018

silent Bob is no longer silent

I was mistaken when I thought that the intel bug that is in the news isn't all that recent. I thought it was announced back in May last year as part of that Active Management Technology 'silent Bob' blooper. Hands up all the that still have ports 16992, 16993, and 623 active?

I also remember having a Thinkpad where some Intel management technology was quietly discontinued - at least two years ago,

They were examples of where the computer's management system could provide a more serious security exploit than the systems it is protecting. Much like the way that Bruce Willis et al will shoot the security lock on the wall of the citadel in order to spark the wires to get in.

It turns out that the recently named spectre and meltdown exploits have an even older origin. In ye olden days of computing, a way to do something tricksy was to embed the 'machine code' into the data string of a high level language and then to deliberately overrun the normal length of the embedded data to, in effect, execute the data as if it was machine instructions.

Huh? I hear you say. Mumbo jumbo?

It used to be a way to very efficiently execute something that might otherwise have not been practical. To put some raw machine code into the middle of a high level program (nowadays an App).

There even used to be reserved words for it, typically 'code' followed by a data string. Of course in those days, it was done for wholesome performance reasons.

Nowadays it is more likely to be prefaced as something like "arbitrary code execution via unrestricted deserialization" and be the source of a menacing attack.

But as we've all got anti-virus and other security software, it should be okay?

Just because Barclays stopped offering free Kaspersky software to customers as a "precautionary decision" shouldn't mean that the Russian-based software isn't fine to use. Nor should the (British) National Cyber Security Centre decision to write to all government departments to suggest they don't use the that particular brand of Russian anti-virus software be seen as anything worrisome.

And I suppose if it is difficult to revise the firmware code on all the Intel and AMD cpus produced since 2008, imagine what it will be like when the Internet of Things really gets going.

No comments: