Caporegime
- Joined
- 8 Jul 2003
- Posts
- 30,063
- Location
- In a house
-
Competitor rules
Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.
Researchers Discover new Intel processor Vulnerability - the BranchScope Attack
- Thread starter LoadsaMoney
- Start date
Permabanned
- Joined
- 9 Aug 2009
- Posts
- 12,234
- Location
- UK
The box is already pwned, so there are a million ways to get your stuff.
Are these guys the Intel hating equivalent of CTS-Labs?
Far more interesting is the post script at the bottom of the page, it contains a partially nVidia sponsored PDF about yet more Meltdown and Spectre exploits found.
https://arxiv.org/pdf/1802.03802.pdf
Last edited:
Where's Rroff?
What of it? I commented on it in the other thread.
I was reading a comment which said otherwise.
The AMD one required admin access. This appears to only require that you are allowed to run programs. As in you are able to log on and run... prime95.exe or something.
Yup all that is needed is a way to execute arbitrary code without having to use any way to obtain or circumvent elevated privileges. It does not (as long as you are using an already patched browser, etc. to give resilience against these kind of attacks) facilitate a new remote intrusion vector AFAIK.
(Information leached could potentially be used to gain elevated privileges).
(Information leached could potentially be used to gain elevated privileges).
Last edited:
But a nation powered bad actor could get access over a network then you'd be all sorts of screwed in major ways that totally aren't overblown non-sense that no-one else agrees with.
I'm not sure how something that only requires that code can be executed is less of a risk than something that requires full admin rights?
Considering the fuss you made about the Ryzen vulnerabilities when it required BOTH an unpatched browser AND admin rights...
This apparently NOT even needing admin rights, otherwise under similar circumstances, is something you're explaining away as easily patched against and shouldn't be worried about?
Care to explain why you were whipping a dead horse over less serious Ryzen issues? (It might as well have been horse flavoured paste by the end of it).
Last edited:
I've already said everything that needs to be said in the other thread regarding Ryzen, if you want to discuss any aspect of this BranchScope issue, in a less douchebag manner, I'm quite happy to - you may notice my reply in the Meltdown thread was kind of scathing about it though maybe my wording was too subtle for you.
Something about there being a reason you don't do bios patches, you patched your browser though so it's all ok? I don't see days of walking around the same tired points, long since refuted. Point me at your "scathing" comments on it.
If you're meaning earlier talk about meltdown/spectre, fair enough. I was referring to the newer bug on Intel, which continues to be more exploitable than anything AMD side but hasn't had you cling determinedly to the thinest of wedges to attempt to "make hay while the sun shines" when everyone else was replying with exactly the points you're now making in defence of the latest Intel hole.
Where am I defending it? you seem confused and desperate to make some kind of conclusion your own post is conflicted about.
These exploits are quite different aside from commonality in being side band second stage, both requiring the ability to execute arbitrary code and the ability to access memory areas they shouldn't - beyond that the AMD ones required escalating to admin privileges which as I demonstrated in the other thread isn't as insurmountable as some were implying while also giving a direct route to defeating any hardware security measures and becoming persistent below the OS layer while this Intel one doesn't directly give an attacker persistence outside the OS itself, has a slightly lower barrier to entry (once you can execute arbitrary code on a target machine all bets are off whether you have admin or not) and is far easier to use. So it terms of threat they have different concerns.
They sent out a statement a few days back to several sites claiming they've been working with the researchers involved for some time and that "existing software mitigations against side channel exploitation offers resilience against such attacks" which seems a bit weak.
Lol. Just a pinch of cts labs sarcasm
This is going to seem like I'm waving the Intel flag a bit but it is more in response to his sarcasm - I neither love or hate Intel particularly.
While it is a bit weak that they've not done a proper news release (that I've seen) - they already sent around statements to security researches and tech sites to publish in some cases around two days before the news broke and also recently launched a bugbounty program with financial rewards to encourage people to come to them rather than release like CTS Labs did ( https://hackerone.com/intel ) - so like a lot of his posts his sarcasm is misplaced:
It makes it a bit hard for me to be critical of them in the same way as AMD with CTS Labs as they already knew about this one and weren't having to react to something that was broken with short notice to them so not directly comparable scenario wise.
On the other hand I don't think that the fact Intel has reactively engaged with the security community, etc. excuses their failings leading upto some of the recent disclosures - especially the Intel AMT related vulnerabilities I'm deeply sceptical about.
Last edited: