VOGONS

Common searches


Reply 20 of 31, by r.cade

User metadata
Rank Member
Rank
Member

It looks like it would be very hard to set up a circumstance that could use these exploits, especially remotely. If you have to be on the machine as root to do it, then you are already on the machine as root. You would have to have intimate knowledge of the specific machine configuration and be quite adept at kernel programming it would seem.

Reply 21 of 31, by squiggly

User metadata
Rank Member
Rank
Member
r.cade wrote:

It looks like it would be very hard to set up a circumstance that could use these exploits, especially remotely. If you have to be on the machine as root to do it, then you are already on the machine as root. You would have to have intimate knowledge of the specific machine configuration and be quite adept at kernel programming it would seem.

Err...Mozilla has already confirmed they are exploitable with Javascript. And you don't have to be root - the whole point of speculative execution is it will try and execute instructions you aren't supposed to - then swallow the fault as in the real world you didn't *actually* execute them at all.

Reply 23 of 31, by squiggly

User metadata
Rank Member
Rank
Member
r.cade wrote:

There is something in the wild already? How on Earth would Javascript have access to kernel code and memory?

It doesn't. That's why they are called side-channel attacks. You speculatively try and execute something you *don't* have access to, the fault is swallowed by the branch prediction engine, and you can then try and infer some information from changes to processor cache, TLB, page tables, etc.

Intel just released an analysis that looks like a good analysis of the issue: https://newsroom.intel.com/wp-content/uploads … de-Channels.pdf

Reply 24 of 31, by nforce4max

User metadata
Rank l33t
Rank
l33t

All I can say that is on part of the people who made this possible is GG WP, how in hell could this go on unnoticed for what 23 years?

On a far away planet reading your posts in the year 10,191.

Reply 25 of 31, by squiggly

User metadata
Rank Member
Rank
Member
nforce4max wrote:

All I can say that is on part of the people who made this possible is GG WP, how in hell could this go on unnoticed for what 23 years?

It's an incredibly ingenious exploit. It seems that the whole concept of side-channel attacks against the fundamental architecture is relatively new. How did rowhammer go unnoticed for even longer?

There are probably a ton of other thing we haven't thought of yet still waiting to be discovered. This is why IT security is a relatively safe career choice 😉

Reply 28 of 31, by gerwin

User metadata
Rank l33t
Rank
l33t

I don't think it is practical enough to be such a backdoor in any case (intel management engine anyone?). Maybe it fits as a subtile way of planned product obsolescence instead. 🙄 But they have to step it up a little, because I see no reason to ditch things for the home user using safe browsing plugins.

--> ISA Soundcard Overview // Doom MBF 2.04 // SetMul

Reply 29 of 31, by Stojke

User metadata
Rank l33t
Rank
l33t

AyyMD right now

untitled.png
Filename
untitled.png
File size
195.59 KiB
Views
533 views
File license
Fair use/fair dealing exception

Note | LLSID | "Big boobs are important!"