Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : PC Sector Round Table -- Ignore unavailable to you. Want to Upgrade?

To: Yogi - Paul who wrote (1472)	2/25/1999 11:23:00 AM
From: LK2	Read Replies (1) \| Respond to of 2025

Intel's new chip ID and privacy games for the paranoid. For Personal Use Only >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> infoworld.com Intel's new chip ID utility reportedly easy to hack (InfoWorld) Intel's new chip ID utility reportedly easy to hack By Mary Lisbeth D'Amico InfoWorld Electric Posted at 6:52 AM PT, Feb 25, 1999 A hardware editor at a German technology magazine on Thursday confirmed that he has tested the software utility program that Intel has promised will enable users to switch the serial number function of its Pentium III chip on and off, and found it "shocking" how easy it was to manipulate. "It was shocking for me to see how easily you can patch the tool," said Andreas Stiller, hardware editor at the Hanover-based magazine Computer Technology, known as c't. "You can get around these security measures very easily." Stiller's conclusions, posted on the Web site of the technology magazine Tuesday, have caused a stir just as Intel plans to launch its next-generation microprocessor. Intel initially touted the serial numbers included on its new chips as a unique feature that would provide better security for Internet-commerce transactions, allowing parties in a transaction to identify one another, for example. It would also give network managers a way to keep track of computer assets in a corporate network, Intel said. But privacy advocates jumped all over the idea, worrying that a serial number that identifies a computer user would allow third parties to track the user's every move. To mollify the critics, Intel said it would make available a software utility program on its Web site that would let users switch the serial number function off if they wanted. Now, Stiller has brought into question whether these "security measures" proposed by Intel have any validity. He told IDG News Service Thursday that he has carried out a number of experiments on both the software utility and test versions of the chip itself. Intel was told about the experiments and confirmed that in some cases the serial number can be manipulated, Stiller said. There are a number of what Stiller calls "power management tricks" that allow the switch to be turned on or off without the user's knowledge. That mainly involves tampering with the ACPI (Advanced Configuration and Power Interface), a piece of software that puts a computer into a power-saving or "deep-sleep mode," he said. On Wednesday, Intel spokesman Tom Waldrop confirmed that the deep-sleep mode can result in a reboot of the computer, which can offer an opportunity for the serial number to be turned on. However, he claimed that the control utility checks the status of the serial number every 15 seconds and resets it to "disable" if that is the user's preference. Stiller also has done experiments on the chip that he said show vulnerabilities, although he did not elaborate. But he said it is hard to make conclusions about the chip itself, because that depends to a large extent upon the hardware configuration in which it is installed. The other method Intel has suggested for disabling the serial number -- a switch buried in the BIOS of a PC -- is also vulnerable, Stiller said. "A BIOS can also be manipulated," Stiller said. It is also very impractical, he said, for a hardware manufacturer to set the switch in the BIOS correctly. The BIOS is the program that runs when a system is first booted up. So far some, but not all, of the PC manufacturers who will offer Pentium III systems have agreed to include the BIOS switch, Intel said Wednesday at its annual developer's conference in Palm Springs, Calif. "We don't think the serial number idea has much merit for e-commerce," Stiller concluded. "It is much too complicated to implement." A better way to add security, he said, is to have a smart card and a smart-card reader to decipher sensitive information. To combat negative publicity surrounding the serial number brouhaha, Intel has said it will spend more than $300 million in advertising alone to promote the new Pentium III, which at its initial launch speed of 500 MHz will be its fastest processor to date. Computer Technology, in Hanover, Germany, can be reached at www.heise.de/ct. Intel Corp., in Santa Clara, Calif., is at www.intel.com. Mary Lisbeth D'Amico is a correspondent in the Munich bureau of the IDG News Service, an InfoWorld affiliate. Related articles: "Boycott widened over new Intel chip ID plan" "Intel tones down chip ID plan" Copyright © 1999 InfoWorld Media Group Inc. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<