[ISN] FAILURE OF PENTIUM III UTILITY Exposed by Zero-Knowledge Systems

From: mea culpa (jerichoat_private)
Date: Thu Mar 11 1999 - 13:34:06 PST

  • Next message: mea culpa: "[ISN] HTCIA 99 Conference"

    Forwarded From: William Knowles <erehwonat_private>
    -- Demonstration Available at Zero-Knowledge Systems Website,
    http://www.zks.net/p3 --
    Montreal--Mar. 10, 1999-Internet privacy company Zero-Knowledge Systems
    (http://www.zks.net/) today demonstrated an exploit of the program
    designed by Intel to suppress controversial ID numbers built into all
    Pentium III computers.
    Zero-Knowledge Systems programmer Mario Contestabile designed a small
    ActiveX program that bypasses Intel's Pentium Serial Number (PSN)  Control
    Utility. The Zero-Knowledge "exploit" places the serial number in a cookie
    file to demonstrate how easily a malicious attacker could activate or
    steal a user's serial number, even when the Intel utility indicates the ID
    number is turned off. 
    Austin Hill, president of Zero-Knowledge Systems, said: "Intel claims its
    utility will turn off the serial number and alert you when it has been
    turned back on. Our research shows that Intel's patch can actually leak
    out your serial number even when it tells you that you're safe.  We are
    very concerned about the public's ability to protect their privacy while
    using a Pentium III."
    Pentium III users can test their online privacy by visiting the Pentium
    III Processor Serial Number Exploit Page on the Zero-Knowledge Systems
    website at http://www.zks.net/p3 . The source code for the exploit will be
    posted on the website in the near future.
    David Banisar, policy director at the Electronic Privacy Information
    Center in Washington, DC, said: "This effort shows again that the PSN's
    privacy protections are largely illusionary. They function better
    protecting Intel's public image than consumers' privacy. Intel should
    recall the Pentium III and eliminate the PSN. Until then, users should
    avoid the Pentium III as unsafe and defective at any speed."
    Jason Catlett, president of Junkbusters Corp., one of the leaders of the
    boycott campaign against the feature, said: "Zero-Knowledge Systems has
    done the public a favor by demonstrating that Intel's so-called security
    feature is in reality very insecure and that Intel's control utility is
    useless. Malicious versions of the same technique may already have started
    silently circulating the Internet in viruses." He continued, "The Pentium
    III's processor serial number is like an appendix waiting to be infected. 
    It must be removed permanently." 
    About Zero-Knowledge Systems, Inc. 
    Zero-Knowledge Systems, Inc. (http://www.zks.net) is the only company
    providing a total privacy solution for the Internet. The company's
    flagship product, Freedom, uses high-level encryption and rerouting to
    provide a completely secure and private Internet experience for the World
    Wide Web, email, newsgroups and chat.
    Freedom is a trademark of Zero-Knowledge Systems, Inc. All other
    trademarks are the property of their respective owners.
    Dov Smith
    Director of Public Relations
    514.286.2636 x 248
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:20:44 PDT