It looks like it would be very hard to set up a circumstance that could use these exploits, especially remotely. If you have to be on the machine as root to do it, then you are already on the machine as root. You would have to have intimate knowledge of the specific machine configuration and be quite adept at kernel programming it would seem.

r.cade wrote:

It looks like it would be very hard to set up a circumstance that could use these exploits, especially remotely. If you have to be on the machine as root to do it, then you are already on the machine as root. You would have to have intimate knowledge of the specific machine configuration and be quite adept at kernel programming it would seem.

Err...Mozilla has already confirmed they are exploitable with Javascript. And you don't have to be root - the whole point of speculative execution is it will try and execute instructions you aren't supposed to - then swallow the fault as in the real world you didn't *actually* execute them at all.

There is something in the wild already? How on Earth would Javascript have access to kernel code and memory?

r.cade wrote:

There is something in the wild already? How on Earth would Javascript have access to kernel code and memory?

It doesn't. That's why they are called side-channel attacks. You speculatively try and execute something you *don't* have access to, the fault is swallowed by the branch prediction engine, and you can then try and infer some information from changes to processor cache, TLB, page tables, etc.

Intel just released an analysis that looks like a good analysis of the issue: https://newsroom.intel.com/wp-content/uploads … de-Channels.pdf

All I can say that is on part of the people who made this possible is GG WP, how in hell could this go on unnoticed for what 23 years?

nforce4max wrote:

All I can say that is on part of the people who made this possible is GG WP, how in hell could this go on unnoticed for what 23 years?

It's an incredibly ingenious exploit. It seems that the whole concept of side-channel attacks against the fundamental architecture is relatively new. How did rowhammer go unnoticed for even longer?

There are probably a ton of other thing we haven't thought of yet still waiting to be discovered. This is why IT security is a relatively safe career choice 😉

i wonder if the old Cyrix CPU also affected by this? after all they're the one which uses OoOE before intel also decided to adopt that approach.

Is not a bug is a feature! 🤣
Falling in the conspiranoia it sounds a CIA/NSA/FBI/???* backdoor 😎

I don't think it is practical enough to be such a backdoor in any case (intel management engine anyone?). Maybe it fits as a subtile way of planned product obsolescence instead. 🙄 But they have to step it up a little, because I see no reason to ditch things for the home user using safe browsing plugins.

AyyMD right now

Stojke wrote:

AyyMD right now

untitled.png

Not really

You mean itanium/RPi users?

Stojke wrote:

AyyMD right now

untitled.png

I died from laughter. Thanks for that 🤣 .