--- begin forwarded text From: Dov Smith <[EMAIL PROTECTED]> To: ZKS Press Releases <[EMAIL PROTECTED]> Subject: [ZKS Press Release] FAILURE OF PENTIUM III UTILITY Exposed by Zero-Knowledge Systems Date: Wed, 10 Mar 1999 18:59:29 -0500 Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] ======================================================== Zero-Knowledge Systems Press Release, http://www.zks.net ======================================================== ZERO-KNOWLEDGE SYSTEMS EXPOSES FAILURE OF INTEL'S PENTIUM III SERIAL NUMBER CONTROL UTILITY -- Demonstration Available at Zero-Knowledge Systems Website, http://www.zks.net/p3 -- Montreal--Mar. 10, 1999-Internet privacy company Zero-Knowledge Systems (http://www.zks.net/) today demonstrated an exploit of the program designed by Intel to suppress controversial ID numbers built into all Pentium III computers. Zero-Knowledge Systems programmer Mario Contestabile designed a small ActiveX program that bypasses Intel's Pentium Serial Number (PSN) Control Utility. The Zero-Knowledge "exploit" places the serial number in a cookie file to demonstrate how easily a malicious attacker could activate or steal a user's serial number, even when the Intel utility indicates the ID number is turned off. Austin Hill, president of Zero-Knowledge Systems, said: "Intel claims its utility will turn off the serial number and alert you when it has been turned back on. Our research shows that Intel's patch can actually leak out your serial number even when it tells you that you're safe. We are very concerned about the public's ability to protect their privacy while using a Pentium III." Pentium III users can test their online privacy by visiting the Pentium III Processor Serial Number Exploit Page on the Zero-Knowledge Systems website at http://www.zks.net/p3 . The source code for the exploit will be posted on the website in the near future. David Banisar, policy director at the Electronic Privacy Information Center in Washington, DC, said: "This effort shows again that the PSN's privacy protections are largely illusionary. They function better protecting Intel's public image than consumers' privacy. Intel should recall the Pentium III and eliminate the PSN. Until then, users should avoid the Pentium III as unsafe and defective at any speed." Jason Catlett, president of Junkbusters Corp., one of the leaders of the boycott campaign against the feature, said: "Zero-Knowledge Systems has done the public a favor by demonstrating that Intel's so-called security feature is in reality very insecure and that Intel's control utility is useless. Malicious versions of the same technique may already have started silently circulating the Internet in viruses." He continued, "The Pentium III's processor serial number is like an appendix waiting to be infected. It must be removed permanently." About Zero-Knowledge Systems, Inc. Zero-Knowledge Systems, Inc. (http://www.zks.net) is the only company providing a total privacy solution for the Internet. The company's flagship product, Freedom, uses high-level encryption and rerouting to provide a completely secure and private Internet experience for the World Wide Web, email, newsgroups and chat. Freedom is a trademark of Zero-Knowledge Systems, Inc. All other trademarks are the property of their respective owners. Contact: Dov Smith Director of Public Relations 514.286.2636 x 248 mailto:[EMAIL PROTECTED] --- end forwarded text ----------------- Robert A. Hettinga <mailto: [EMAIL PROTECTED]> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
