F00F bug or why morons shouldn’t be writing about security (again)

kao

Every once in a while, I read an article about security which is so incredibly bad that I just have to comment on it.

This time, it's an article from iTWire called "When F00F bug hit 20 years ago, Intel reacted the same way". It's written by Sam Varghese who claims to have decades of experience in the field. Let's see..

Make Intel CPU to hang remotely and anonymously?

Let me write that down!

Any Intel Pentium/Pentium MMX could be remotely and anonymously caused to hang, merely by sending it the byte sequence "F0 0F C7 C8".

This statement is incorrect in so many ways!

Yes, there was a bug in Pentium CPUs. CPU would freeze when executing instruction lock cmpxchg8b eax which has the opcode "F0 0F C7 C8". Can you see the difference?

  1. CPU doesn't hang on merely seeing the data sequence "F0 0F C7 C8". It hangs when trying to execute these bytes. Big difference! And if someone is able to run arbitrary instructions on your CPU, you have much bigger problems than just a simple hang.
  2. There is no f*ing way to run any code on any CPU remotely and anonymously. You can remotely exploit a bug in firmware/OS/software to execute some code - that's called remote code execution. But that is not specific to Intel CPUs and have nothing to do with the F00F bug in particular.

Dear Sam Varghese, please stop writing about security. Open a hotdog stand or do anything else that doesn't involve computers. You just don't get them.

3 thoughts on “F00F bug or why morons shouldn’t be writing about security (again)

  1. Your wrong, Dos, Linux and Windows allowed this to happen in user land without root access. Remote execution was also possible because back then. CGI scripts were used, and they were exploited to run code all the time. So I have no idea what your going on about. Either you werent in the field 20 years ago or you have no idea how OS's worked in 1997. We didn't have virtual sandboxes or even proper memory protection. It was pretty much the wild west.

    As for just having the f00f sequence in memory, no it has to be executed.

    1. Yes, operating systems were much easier to exploit 20 years ago. And that's pretty much what I wrote:

      You can remotely exploit a bug in firmware/OS/software to execute some code - that's called remote code execution.

      But you can't just magically "remotely and anonymously" send a "byte sequence" directly to a CPU. 🙂

Leave a Reply

  • Be nice to me and everyone else.
  • If you are reporting a problem in my tool, please upload the file which causes the problem.
    I can`t help you without seeing the file.
  • Links in comments are visible only to me. Other visitors cannot see them.

 ×  nine  =  63