http://arstechnica.com/news.ars/post/20070711-security-paper-shows-how-applications-can-steal-cpu-cycles.html
I won't bore you with the details (you can look them up yourself) but what concerns me is that such techniques (hiding from the process list and stealing CPU cycles) will probably be exploited by hackers/phishers/cybercriminals and the like.
It's not terribly complex to do so, and the only reason the MacOS is immune to the problem is it uses a different algorithm (per the site above). Windows and *nix are quite vulnerable to this exploit, and an admin could be left scratching his head on who or what is consuming all of that CPU but not showing up in top or ps -ef.
Imagine a really pesky little malware/virus/trojan using this weakness - and you can quickly see that traditional methods of detection and removal will probably not work here. The only way to fix this problem is at the hardware level, or update the OS to use a completely different way of figuring out CPU usage and process-tracking.
Overall, the use of this threat is probably low at this point, but now that it's out and famous, expect use of this annoying vulnerability very soon (say less than 2 months).
Be safe!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment