Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 4th quarter (Oct-Dec) 1997: Re: Intel Pentium Bug

Re: Intel Pentium Bug

Aleph One (aleph1DFW.NET)
Fri, 7 Nov 1997 19:49:28 -0600

On Fri, 7 Nov 1997, George Imburgia wrote:

> Intel recently acknowledged that they enabled the ability to update
> microcode on Pentium chips several years ago. That's right folks, they put
> a backdoor in your hardware. The good news is, it could be used to fix
> this bug, should Intel be so inclined.
> AMD's microcode is updateable too. No clue about cyrix.

This is something I discussed with a friend about two years ago.
Imagine if you will someone with information on how to download new
microcode to the CPU. This person has the availity to write a
virus/trojan/activex/program that can now compleatly disable your CPU
in such a way that it would need to be taken out to reinitialize.
If they fully disable the CPU the end user would program replace every
single component of the computer before the CPU. This would cost thousands
of hours of lost work and man power.

Far worse, it could introduse subtle random flaws in for example the login
or artihmetic processing. How may industries would be affected if hit?
Or what about microcode backdoors that add your own instructions to
bypass memory protection? You could write your own program to modify
your process structure to become owned by root. The possibilities are

If Intel where to provide a program to update the microcode on the CPU
it would most probably be disassembled and reverse engineered quickly.
Whats a multi-billion company to do?C

> George Imburgia, Network Specialist             Phone:  (302)739-4068
> Delaware Technical & Community College          Fax:    (302 739-3345
> Office of the President                         e-mail: gtihopi.dtcc.edu

Aleph One / aleph1dfw.net
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01