[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


------- Forwarded Message Follows -------
Date:          Wed, 10 Mar 1999 19:20:31 -0500
To:            dcsb@ai.mit.edu, cypherpunks@cyberpass.net, cryptography@c2.net
From:          Robert Hettinga <rah@shipwright.com>
Subject:       [ZKS Press Release] FAILURE OF PENTIUM III UTILITY Exposed by
               Zero-Knowledge Systems

--- begin forwarded text

From: Dov Smith <dov@zks.net>
To: ZKS Press Releases <zks-press@zks.net>
Subject: [ZKS Press Release] FAILURE OF PENTIUM III UTILITY Exposed by
Zero-Knowledge Systems Date: Wed, 10 Mar 1999 18:59:29 -0500 Sender:
owner-zks-press@zks.net Reply-To: press@zks.net

Zero-Knowledge Systems Press Release, http://www.zks.net


-- Demonstration Available at Zero-Knowledge Systems
Website, http://www.zks.net/p3 --

Montreal--Mar. 10, 1999-Internet privacy company Zero-Knowledge
Systems (http://www.zks.net/) today demonstrated an exploit of
the program designed by Intel to suppress controversial ID numbers
built into all Pentium III computers.

Zero-Knowledge Systems programmer Mario Contestabile designed a
small ActiveX program that bypasses Intel's Pentium Serial Number
(PSN) Control Utility. The Zero-Knowledge "exploit" places the serial
number in a cookie file to demonstrate how easily a malicious attacker
could activate or steal a user's serial number, even when the Intel
utility indicates the ID number is turned off.

Austin Hill, president of Zero-Knowledge Systems, said: "Intel claims
its utility will turn off the serial number and alert you when it has
been turned back on. Our research shows that Intel's patch can
actually leak out your serial number even when it tells you that
you're safe. We are very concerned about the public's ability to
protect their privacy while using a Pentium III."

Pentium III users can test their online privacy by visiting the
Pentium III Processor Serial Number Exploit Page on the Zero-Knowledge
Systems website at http://www.zks.net/p3 . The source code for the
exploit will be posted on the website in the near future.

David Banisar, policy director at the Electronic Privacy Information
Center in Washington, DC, said: "This effort shows again that the
PSN's privacy protections are largely illusionary. They function
better protecting Intel's public image than consumers' privacy. Intel
should recall the Pentium III and eliminate the PSN. Until then, users
should avoid the Pentium III as unsafe and defective at any speed."

Jason Catlett, president of Junkbusters Corp., one of the leaders of
the boycott campaign against the feature, said: "Zero-Knowledge
Systems has done the public a favor by demonstrating that Intel's
so-called security feature is in reality very insecure and that
Intel's control utility is useless. Malicious versions of the same
technique may already have started silently circulating the Internet
in viruses." He continued, "The Pentium III's processor serial number
is like an appendix waiting to be infected.  It must be removed

About Zero-Knowledge Systems, Inc.

Zero-Knowledge Systems, Inc. (http://www.zks.net) is the only company
providing a total privacy solution for the Internet. The company's
flagship product, Freedom, uses high-level encryption and rerouting to
provide a completely secure and private Internet experience for the
World Wide Web, email, newsgroups and chat.

Freedom is a trademark of Zero-Knowledge Systems, Inc. All other
trademarks are the property of their respective owners.


Dov Smith
Director of Public Relations
514.286.2636 x 248

--- end forwarded text

Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism <http://www.philodox.com/> 44
Farquhar Street, Boston, MA 02131 USA "... however it may deserve
respect for its usefulness and antiquity, [predicting the end of the
world] has not been found agreeable to experience." -- Edward Gibbon,
'Decline and Fall of the Roman Empire'