Hyper-Threading technology, built into some Intel Pentium 4 central processing unit (CPU) microprocessors can be exploited by crackers and allow access to security keys. A description of the timing attack was presented Friday by a Colin Percival, a computer science researcher, at the BSDCan 2005 conference. Intel’s Hyper-Threading (HT) algorithm enables Pentium CPUs to maximize the efficiency of the processing system. According to Intel’s website, with HT technology “desktop users can experience greater system responsiveness and performance when multitasking. At home, users can encode audio and video at the same time, or run a virus scan in the background while continuing to play their favorite game. In the office, HT Technology enables IT managers to deploy PC services such as encryption, compression or backup technologies while minimizing the impact on PC user productivity. In addition, multitasking business workers can experience greater system responsiveness, enabling increased productivity. In summary, the Pentium 4 processor supporting HT Technology delivers a new level of performance and PC responsiveness for consumers and business professionals.”
It was only a month ago that Microsoft Corp. announced its free antispyware application; however, malware has already been detected by an antivirus company, Sophos PLC, that will disable Microsoft’s program and delete all files in the program’s installation directory.
Symantec Corp., manufacturer of the popular Norton series of antivirus products, yesterday warned customers of a multiple critical holes in Microsoft Corp.’s Windows operating system. The security holes make the Windows systems vulnerable to remote attack.
Three academic computer scientists have uncovered a serious security hole in the Google Desktop Search Toolbar that was released on October 14th. Dan Wallach, assistant professor of computer science at Rice University and two graduate students, Seth Fogarty and Seth Nielson, have known of the security problem for a month; however, this is the first confirmed report of a serious problem with Google’s popular search tool.
A flaw in the Windows Internet Name Service (WINS) in Windows NT Server 4.0, Server 2000, and Server 2003 creates a security hole that would allow a cracker to gain full control over the network server, thereby putting corporate data at risk.
WINS is a network component that manages a distributed database of network stations by mapping computer names and IP addresses across a routed network. While other versions of Microsoft Windows include support for WINS, only the server versions are currently known to be infected, according to Microsoft.
Microsoft will patch this security flaw as part of it’s scheduled monthly update.
This is a serious security issue. Until an update is released, network administrators can secure their systems by blocking their firewall’s TCP and UDP ports 42 and either removing WINS or using IPsec to secure the network traffic.
Call for Comments
What do you think? Leave your comments below.