Ungood news about processor security.
http://arstechnica.com/security/2016/10/flaw-in-intel-chips-could-make-malware-attacks-more-potent/
http://arstechnica.com/security/2016/10/flaw-in-intel-chips-could-make-malware-attacks-more-potent/
ASLR bypassable=security problem
- Thread starter cloasters
- Start date
This is currently a non-trivial attack to implement and requires the attacker to already have the ability to run applications on the local machine. Coupled with a web server compromise or a SQL injection attack, however, it could conceivably be used as a privilege escalation attack. The basic take-away here is that you need to be sure you've got all your patches installed. Side-channel attacks like this (where the attack targets the system hardware as opposed to the software) are somewhat rare right now, but are only going to get worse as the software gets better at repelling other kinds of attacks.
The scary thing about all of this is that if someone successfully develops a hardware-based attack, it's likely that there's little can be done to mitigate it in most situations. Even if something can be done in the hardware, it will usually require a CHANGE in the hardware to implement the fix.
In this case, I'm not even sure there's something that CAN be done, since the attack is actually targeting hardware that NEEDS to operate pretty much the way it does.
The scary thing about all of this is that if someone successfully develops a hardware-based attack, it's likely that there's little can be done to mitigate it in most situations. Even if something can be done in the hardware, it will usually require a CHANGE in the hardware to implement the fix.
In this case, I'm not even sure there's something that CAN be done, since the attack is actually targeting hardware that NEEDS to operate pretty much the way it does.
Thank you for this info, Gizmo! Wow, a change in hardware might be needed to address this kind of attack. I pray that no one (yeah, I know. Good luck with that) bothers to implement this kind of assault on our machines. Could you say that a successful implementation of this attack could "brick" your PC?
A hardware attack could be something as simple as someone stealing your laptop or breaking into your house and stealing your desktop.
Unfortunately more threats are going to appear as Linux becomes more popular for home/entertainment use. Most of the threats I hear about are focused on web servers since that is where Linux is most prevalent.
Unfortunately more threats are going to appear as Linux becomes more popular for home/entertainment use. Most of the threats I hear about are focused on web servers since that is where Linux is most prevalent.
This attack doesn't focus on Linux, indeed it doesn't care WHAT operating system you are using, and in most cases it doesn't even matter which PROCESSOR. Pretty much ANY MODERN processor is vulnerable, regardless of what operating system they are running.
There's another attack called RowHammer which works by attacking the physical structure of DRAM to selectively flip bits in memory. Again, it doesn't care about operating system (other than just needing to know which bits to flip in order to get root/admin access), nor does it care about processor. This attack was just recently demonstrated as being viable (it was previously an academic curiosity).
There's another attack called RowHammer which works by attacking the physical structure of DRAM to selectively flip bits in memory. Again, it doesn't care about operating system (other than just needing to know which bits to flip in order to get root/admin access), nor does it care about processor. This attack was just recently demonstrated as being viable (it was previously an academic curiosity).
Flipping a few bits in Memory maybe could wreck an OS installation unless there's a simple fix. I really don't know how hard it would be to recover from such an attack. Or if any recovery short of wiping a hard disk and an OS re-installation is possible.
Perhaps I see too much in these latest asinine attempts to wreck your day. I hope so!
Perhaps I see too much in these latest asinine attempts to wreck your day. I hope so!
George, my friend...You remind me of a guy using a microscope for the first time. He's suddenly made aware that he's not alone!!
A terrorizing moment passes before he realizes that all those terrorizing creatures have always been there without doing to much harm.
But now that he is made aware of them he can to some degree arm himself in advance by good practices.
So in the end all the terror he had to endure in the beginning brings about a more secure situation.
Something that helps me sleep on my more insecure nights... Of all the hacks, bugs, scripts D-dos and friends that I have read about, I have actually personally encountered exactly Zero.
I have been hit by lighting as often as by hackers!
In short, a new parent worries, that's just what we do.":O}
A terrorizing moment passes before he realizes that all those terrorizing creatures have always been there without doing to much harm.
But now that he is made aware of them he can to some degree arm himself in advance by good practices.
So in the end all the terror he had to endure in the beginning brings about a more secure situation.
Something that helps me sleep on my more insecure nights... Of all the hacks, bugs, scripts D-dos and friends that I have read about, I have actually personally encountered exactly Zero.
I have been hit by lighting as often as by hackers!
In short, a new parent worries, that's just what we do.":O}
pinky
New Member
i can sort of tell when something is meant to be having the effect,
but haven't really had anything generate the actual effect (i think)
what really interested me was the concept of whispering
being linked to some kind of potential security breach
[ps: thanks for the welcome, i hope i'm transitioning into technical forum protocol]