This is gonna hurt
Intel says probing alleged Pentium flaw
By Dick Satran
SAN FRANCISCO (Reuters) - A German computer magazine Tuesday reported it found a flaw in the product serial number system of Intel Corp.'s new Pentium chips, and Intel said it was looking into the report.
The Pentium III chips are set for commercial release later this week, but some have already worked their way into distribution channels. It was not clear how the magazine, Computer Technology, or c/t, obtained its version of the new Pentium.
''Our people in Europe have talked to them but so far we are not sure what they have shown or not shown,'' said Intel spokesman Tom Waldrop.
The alleged flaw was found in the system that operates Intel's embedded serial numbers, a new feature Intel introduced so computer users have a ''license plate'' identifier for online transactions and security.
When it was unveiled, the numbering system sparked heavy protests and boycott threats from privacy advocates, and, in response, Intel installed an ''on-off'' switch letting computer users protect their anonymity online.
But the magazine's computer expert, using ''published plans,'' said the newly installed switch apparently has a flaw that lets hackers disable it without the PC user's knowledge. Intel had said its system would let users easily and securely disable the ID number if they wished to remain anonymous on the Web.
''We have proven that this is wrong,'' said Christian Persson, editor in chief of the bi-weekly c/t magazine based in Hannover said in an article on the Wired News Web site. ''We must ask if there is any use for the serial number any more.''
The potential problem, posted on c/t's Web site (http://www.heise.de/ct/english/99/05/news1), fanned the flames already surrounding the controversial chip.
''If this is true, it could potentially be a very serious problem for Intel. It could lead to demands for a recall of the chip,'' said privacy expert Austin Hill, president of Zero-Knowledge Systems Inc.
Intel, which learned a lesson about dealing early with chip problems after the costly recall of the first Pentium processor five years ago, said it would continue to work with privacy groups and anyone else who finds flaws related to the new chip.
''If they have found something that's real, we will be talking with them more and we will try to create some kind of patch to prevent the security problem,'' said Waldrop. ''We are concerned about privacy and making the Internet secure and that's why we implemented the security feature.''
The Intel spokesman said that the serial numbers have been embedded ''because the Internet is not very secure and the security methods that are there are essentially software and we know that software is highly hackable.''
Since the new on-off system is a software fix that was put in place, it too can be hacked, Intel conceded, and it said it had already posted instructions on the Internet to help improve the security of the switch system. ''We will work with the magazine to see what's been done. We still can't confirm that there is a problem. We don't know.''
^REUTERS@ Reut21:48 02-23-99
(23 Feb 1999 21:48 EST) |
