Forwarded From: William Knowles <erehwon@kizmiaz.dis.org>
ZERO-KNOWLEDGE SYSTEMS EXPOSES FAILURE OF INTEL'S PENTIUM III SERIAL
NUMBER CONTROL UTILITY
-- Demonstration Available at Zero-Knowledge Systems Website,
http://www.zks.net/p3 --
Montreal--Mar. 10, 1999-Internet privacy company Zero-Knowledge Systems
(http://www.zks.net/) today demonstrated an exploit of the program
designed by Intel to suppress controversial ID numbers built into all
Pentium III computers.
Zero-Knowledge Systems programmer Mario Contestabile designed a small
ActiveX program that bypasses Intel's Pentium Serial Number (PSN) Control
Utility. The Zero-Knowledge "exploit" places the serial number in a cookie
file to demonstrate how easily a malicious attacker could activate or
steal a user's serial number, even when the Intel utility indicates the ID
number is turned off.
Austin Hill, president of Zero-Knowledge Systems, said: "Intel claims its
utility will turn off the serial number and alert you when it has been
turned back on. Our research shows that Intel's patch can actually leak
out your serial number even when it tells you that you're safe. We are
very concerned about the public's ability to protect their privacy while
using a Pentium III."
Pentium III users can test their online privacy by visiting the Pentium
III Processor Serial Number Exploit Page on the Zero-Knowledge Systems
website at http://www.zks.net/p3 . The source code for the exploit will be
posted on the website in the near future.
David Banisar, policy director at the Electronic Privacy Information
Center in Washington, DC, said: "This effort shows again that the PSN's
privacy protections are largely illusionary. They function better
protecting Intel's public image than consumers' privacy. Intel should
recall the Pentium III and eliminate the PSN. Until then, users should
avoid the Pentium III as unsafe and defective at any speed."
Jason Catlett, president of Junkbusters Corp., one of the leaders of the
boycott campaign against the feature, said: "Zero-Knowledge Systems has
done the public a favor by demonstrating that Intel's so-called security
feature is in reality very insecure and that Intel's control utility is
useless. Malicious versions of the same technique may already have started
silently circulating the Internet in viruses." He continued, "The Pentium
III's processor serial number is like an appendix waiting to be infected.
It must be removed permanently."
About Zero-Knowledge Systems, Inc.
Zero-Knowledge Systems, Inc. (http://www.zks.net) is the only company
providing a total privacy solution for the Internet. The company's
flagship product, Freedom, uses high-level encryption and rerouting to
provide a completely secure and private Internet experience for the World
Wide Web, email, newsgroups and chat.
Freedom is a trademark of Zero-Knowledge Systems, Inc. All other
trademarks are the property of their respective owners.
Contact:
Dov Smith
Director of Public Relations
514.286.2636 x 248
mailto:dov@zks.net
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:32:28 1999