RSS Alerts

Related Links

Related Stories

  • Catch me if you can
    These days, malware writers are in it for the money. In order to maximise profit, discretion is imperative so stealth technology has been adopted as a rule, rather than an exception. Danny Bradbury looks to the cat and mouse game that researchers and attackers are playing to see who’s coming out on top
  • Zero Day of the Dead
    The data load that has accompanied the globalization of trade would make even Atlas stagger. And that’s without the added burden of counter-terrorisAs you read this, zombie programs are flitting across the internet like a pestilence to infect and drain the life from innocent computer systems. Yet, for all the aggravation and grief they cause, you may never know you are part of a global invasion of the system snatchers, says William Knight. Unless…
  • An Olympic effort to secure the Games
    Managing the security of the 2010 Olympic Games in Vancouver is no mean feat. Danny Bradbury went behind the scenes at the Olympic site to talk to the people who are tasked with ensuring the event goes smoothly
  • Comment: Back to information security basics
    As security companies add new technologies to meet the demands of both the evolving threat landscape and a compressed market, it is important they try not to forget about the core information security technologies that have been protecting businesses for decades
  • Leaving a trace
    IT forensics is seen by many in the industry as something of a black art. But it's actually a highly professional discipline, with professional software to assist, as Steve Gold discovers

News

Black Hat researchers blow hole in Intel BIOS security

19 February 2009

The Black Hat security event taking place in Washington this week brought its usual array of hacker methodology revelations, but Intel watchers will have sat up straight after hearing how researchers have effectively blown a hole in the firm's trusted execution technology.

The security researchers - Joanna Rutkowska and Rafal Wojtczuk - originally sketched out the flaw in Intel's TXT technology earlier this year, but revealed their full methodology at the Black Hat event.

The security flaw in Intel's newly-released TXT - aka LaGrande - centers on a design flaw in the technology.

According to the researchers with the Invisible Things Lab of Poland, the flaw allows hackers to bypass any of TXT's security protections.

Intel's previous claims that its technology was secure were blown away by proof-of-concept code that showed how anyone could use their methodology to compromise Intel's implementation of the trusted boot-strap process.

In their presentation at the Black Hat conference, the Polish researchers said that patching the PC's BIOS would address the system software vulnerabilities, but added that there is no simple solution to the fundamental TXT problem.

Intel has moved swiftly to confirm the security flaw, which affects notebook, desktop, and server motherboards and is reportedly to be working on an update for the affected BIOSs.

Intel's TXT technology is designed to provide a trusted method for loading and launching system software such as an operating system kernel or a virtual server environment on a computer system.

The technology has been billed as reducing the risk of a system being compromised by rootkit and similar attack vectors, although Infosecurity notes that only Intel's vPro processor family currently supports the security system.

 

This article is featured in:
Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water