Vendors 'slow to fix' hyperthreading flaw
Source: ZDNet - Posted by Pax Dickinson   
Host Security A researcher claims that Microsoft and some Linux vendors have put small businesses at risk with their slow reaction to a vulnerability in Intel's hyperthreading chip technology.

Operating system vendors were given two months notice before a serious security flaw was made public but some have yet to resolve the issue, a security researcher has claimed.

Colin Percival detailed the vulnerability — which affects versions of Intel's CPU that use a technology called hyperthreading — at a conference on 13 May.

The vulnerability could allow hackers to steal sensitive information such as passwords on servers configured to allow multiple users to login simultaneously.

The FreeBSD security team member has received formal responses to the issue from the makers of the BSD family of open-source operating systems, as well as SCO and Ubuntu Linux. However, Linux vendors Red Hat, Novell and Mandriva as well as Microsoft have been slow to act.

"Given that I reported this problem in early March, I really think that they [Microsoft and Linux vendors] should have had a patch over a month ago — in time to test it extensively before releasing it on May 13th," Percival said.

Read this full article at ZDNet

Only registered users can write comments.
Please login or register.

Powered by AkoComment!