• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Intel Core 2 Duo Vulnerabilities Serious say Theo de Raadt

July 18, 2007

Views: 10,440

[ad]

The scariest type of all, hardware vulnerabilities. Security guru and creator of OpenBSD Theo de Raadt recently announced he had found some fairly serious bugs in the hardware architecture of Intel Core 2 Duo processors.

He goes as far as saying avoid buying a C2D processor until these problems are fixed.

A prominent software developer with a reputation for making waves in coding circles is doing it again – this time warning that Intel’s celebrated Core 2 Duo is vulnerable to security attacks that target known bugs in the processor.

Discussion forums on Slashdot and elsewhere were ablaze with comments responding to the claims made by Theo de Raadt, who is the founder of OpenBSD. Intel strongly discounted the report, saying engineers have thoroughly scanned the processor for vulnerabilities.

In it he warns that errata contained in the Intel processor is susceptible to security exploits that put users and enterprises at serious risk of being compromised. The exposure can exist even in cases where Intel has issued a fix, de Raadt said, because patches in the microcode frequently don’t get installed on systems purchased from smaller vendors or that run less popular operating systems.

“At this time, I cannot recommend purchase of any machines based on the Intel Core 2 until these issues are dealt with (which I suspect will take more than a year),” de Raadt concluded in his post to an OpenBSD discussion group.

The main problem being, these kind of issues cannot be fixed on a software level they need some re-engineering of the actual chips themselves and due to the nature of hardware vulnerabilities it means they can be exploited on any OS.

Many of the bugs lead to potentially dangerous buffer overflow in which write-protected or non-execute bits for a page table entry are ignored. Others involve floating point instruction non-coherencies or memory corruptions. Intel is aware of the security implications, but has yet to disclose them, he said in an interview.

Intel engineers and some outside security researchers disagree with de Raadt’s conclusion, but the implications of them being correct are serious. Thanks to its high performance and plentiful supply, the Core 2 Duo is seemingly everywhere – in Macs, phone switches and PCs running a wide variety of operating systems.

What’s more, a vulnerability in the processor could be exploited regardless of the OS it runs, and if the flaw resides in the silicon itself, the traditional remedy of pushing out a software patch could be rendered ineffective.

You can find 105 Core 2 errata here as published by Intel:

Core 2 Duo errata [PDF]

And the original e-mail from Theo here:

Intel Core 2

Source: The Register

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Exploits/Vulnerabilities, Hardware Hacking, UNIX Hacking Tagged With: exploits, Hardware Hacking, vulnerability



Reader Interactions

Comments

  1. moons says

    July 18, 2007 at 7:41 am

    very interesting, exploiting through hardware vulnerabilities, lucky for me i got my AMD X2 some time back.

    it seems to me though that intel is now busy with CYA (cover-your-***), as the link for Core 2 Errata published by intel shows up with

    Page Not Found

    The page you are looking for might have been removed, had its name changed, or is temporarily unavailable. Please check the address bar to make sure the link is typed correctly, use the links below to locate the information you want, or search the site for another destination.

  2. Bogwitch says

    July 18, 2007 at 11:50 am

    Looks like there has been a document revision.

    http://download.intel.com/design/processor/specupdt/31327915.pdf

  3. SN says

    July 18, 2007 at 1:00 pm

    now this is real news … wow

  4. moons says

    July 18, 2007 at 1:02 pm

    Ah yes, my bad then. Though i got to admit, to some extent, i’ve always been a little harsh on them, probably cause they’re sort of the main processor company.

    What i’m curious about though is more towards how they are actually gonna solve the problem. From the looks of whats been said, it definately is gonna be a long one.

  5. Sandeep Nain says

    July 19, 2007 at 3:35 am

    Ohh man…. this is unbelievable..
    is there anyone whom we can trust… Leaders like intel are making such big mistakes instead of making their product quality a benchmark fore rest.

  6. backbone says

    July 19, 2007 at 7:18 pm

    Well sandeep you must understand that we all are ppl… and ppl make mistakes… to many in this case, but maybe they hired a fresh graduated team =))

  7. Sandeep Nain says

    July 20, 2007 at 12:21 am

    Hey backbone,
    I fully agree with you that to err is human and we all are humans. But the point i wanna raise here is… intel is a world renowned brand for its quality processors. and im sure that they have rigorous testing procedures and they test each and every product before they send it to market. and still this was overlooked..

    well yeah probably they hired a fresh graduate team.. i remember making bigger mistakes than this when i was a graduate. .

  8. zupakomputer says

    March 19, 2008 at 1:22 pm

    What’s the latest on this – does it affect the Penyrns?

  9. Pantagruel says

    March 19, 2008 at 5:24 pm

    If you check the intel specs sheets (errata section) you will find some of the same errors as the C2D ‘sports’ .

  10. zupakomputer says

    March 20, 2008 at 3:27 pm

    So they just leave some of them in there for easier access to any system sporting those CPUs. A fine plan! If you go undercover and secure a priviledged job there, you get to discover that the machines make them do it as part of their future AI expansion programme.

  11. James C says

    March 20, 2008 at 4:41 pm

    Let not forget his real name is Theo de Ahole.
    He is the biggest asshole in the hole open source community.

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Views: 482

As threat surfaces grow and attack sophistication increases, many security teams face the same … ...More about Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 514

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 542

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 421

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 645

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 580

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (234)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,296,241)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,097)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,631)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,689)
  • Password List Download Best Word List – Most Common Passwords (933,504)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,157)
  • Hack Tools/Exploits (673,297)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,172)

Search

Recent Posts

  • Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance May 16, 2025
  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy