Forwarded From: William Knowles <erehwonat_private> ZERO-KNOWLEDGE SYSTEMS EXPOSES FAILURE OF INTEL'S PENTIUM III SERIAL NUMBER CONTROL UTILITY -- Demonstration Available at Zero-Knowledge Systems Website, http://www.zks.net/p3 -- Montreal--Mar. 10, 1999-Internet privacy company Zero-Knowledge Systems (http://www.zks.net/) today demonstrated an exploit of the program designed by Intel to suppress controversial ID numbers built into all Pentium III computers. Zero-Knowledge Systems programmer Mario Contestabile designed a small ActiveX program that bypasses Intel's Pentium Serial Number (PSN) Control Utility. The Zero-Knowledge "exploit" places the serial number in a cookie file to demonstrate how easily a malicious attacker could activate or steal a user's serial number, even when the Intel utility indicates the ID number is turned off. Austin Hill, president of Zero-Knowledge Systems, said: "Intel claims its utility will turn off the serial number and alert you when it has been turned back on. Our research shows that Intel's patch can actually leak out your serial number even when it tells you that you're safe. We are very concerned about the public's ability to protect their privacy while using a Pentium III." Pentium III users can test their online privacy by visiting the Pentium III Processor Serial Number Exploit Page on the Zero-Knowledge Systems website at http://www.zks.net/p3 . The source code for the exploit will be posted on the website in the near future. David Banisar, policy director at the Electronic Privacy Information Center in Washington, DC, said: "This effort shows again that the PSN's privacy protections are largely illusionary. They function better protecting Intel's public image than consumers' privacy. Intel should recall the Pentium III and eliminate the PSN. Until then, users should avoid the Pentium III as unsafe and defective at any speed." Jason Catlett, president of Junkbusters Corp., one of the leaders of the boycott campaign against the feature, said: "Zero-Knowledge Systems has done the public a favor by demonstrating that Intel's so-called security feature is in reality very insecure and that Intel's control utility is useless. Malicious versions of the same technique may already have started silently circulating the Internet in viruses." He continued, "The Pentium III's processor serial number is like an appendix waiting to be infected. It must be removed permanently." About Zero-Knowledge Systems, Inc. Zero-Knowledge Systems, Inc. (http://www.zks.net) is the only company providing a total privacy solution for the Internet. The company's flagship product, Freedom, uses high-level encryption and rerouting to provide a completely secure and private Internet experience for the World Wide Web, email, newsgroups and chat. Freedom is a trademark of Zero-Knowledge Systems, Inc. All other trademarks are the property of their respective owners. Contact: Dov Smith Director of Public Relations 514.286.2636 x 248 mailto:dovat_private -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:20:44 PDT