Index  | Recent Threads  | Unanswered Threads  | Who's Active  | Guidelines  | Search
 
World Community Grid Forums
  Category: Community
  Forum: Chat Room
  Thread: 'New' flaw(s) in Intel chips

Quick Go »
No member browsing this thread
Thread Status: Active
Total posts in this thread: 1
[ Jump to Last Post ]
Post new Thread
Author
Previous Thread This topic has been viewed 4394 times and has 0 replies Next Thread
adriverhoef
Master Cruncher
The Netherlands
Joined: Apr 3, 2009
Post Count: 2346
Status: Offline
Project Badges:
Reply to this Post  Reply with Quote 
'New' flaw(s) in Intel chips
https://www.wired.com/story/intel-mds-attack-speculative-execution-buffer/
https://www.securityweek.com/new-class-data-l...ilities-impact-intel-cpus
https://www.tellerreport.com/tech/2019-05-14-...rom-intel-.HkN7CF_2V.html
https://www.windowscentral.com/intel-processo...aw-impacting-millions-pcs
https://arstechnica.com/gadgets/2019/05/new-s...l-chips-internal-buffers/

"Today sees the publication of a range of closely related flaws named variously RIDL, Fallout, ZombieLoad, or Microarchitectural Data Sampling. The many names are a consequence of the several groups that discovered the different flaws. From the computer science department of Vrije Universiteit Amsterdam and Helmholtz Center for Information Security, we have "Rogue In-Flight Data Load." From a team spanning Graz University of Technology, the University of Michigan, Worcester Polytechnic Institute, and KU Leuven, we have "Fallout." From Graz University of Technology, Worcester Polytechnic Institute, and KU Leuven, we have "ZombieLoad," and from Graz University of Technology, we have "Store-to-Leak Forwarding."

Intel is using the name "Microarchitectural Data Sampling" (MDS), and that's the name that arguably gives the most insight into the problem. The issues were independently discovered by both Intel and the various other groups, with the first notification to the chip company occurring in June last year."

"As with previous similar attacks, the use of hyperthreading, where both an attacker thread and a victim thread run on the same physical core, can increase the ease of exploitation."

"Generally, an attacker has little or no control over these buffers; there's no easy way to force the buffers to contain sensitive information, so there's no guarantee that the leaked data will be useful. The VU Amsterdam researchers have shown a proof-of-concept attack wherein a browser is able to read the shadowed password file of a Linux system. However, to make this attack work, the victim system is made to run the passwd command over and over, ensuring that there's a high probability that the contents of the file will be in one of the buffers. Intel accordingly believes the attacks to be low or medium risk."
[May 15, 2019 10:48:55 AM]   Link   Report threatening or abusive post: please login first  Go to top 
[ Jump to Last Post ]
Post new Thread