Alphacool EISBAER Ex BLACK LCS review
Netgear Nighthawk AX12 Wi-Fi 6 router review
Corsair HS60 PRO Surround Headset Review
MSI Radeon RX 5700 Gaming X review
Team Group Cardea II NVMe 1 TB SSD Review
ASRock X570 Phantom Gaming ITX/TB3 review
Promo: URCDKey Autumn Sale Windows 10 Pro for $11
Patriot P200 1TB SATA3 SSD Review
ASRock Radeon RX 5700 XT Taichi OC+ review
Guru3D Rig of the Month - September 2019
NetSpectre Vulnerability hits the web
Rell researchers at the Graz University of Technology found a way to read arbitrary memory over a network called NetSpectre. NetSpectre attacks have been shown to work over LAN and Google Cloud. It's slow, though likely too slow as NetSpectre is only able to leak at an incredibly low rate of 15~60 bits per hour depending upon the processor.
So yeah the speed of the attack is limited to 60 bits per hour. Intel was notified of the exploit on March 20th, 2018 and agreed to the disclosure date in July 2018. NetSpectre is a new network-based speculative attack vulnerability that doesn't require exploited code to be running on the target machine. There Register on the topic:
Establishing a network connection to a service running exploitable snippets of code should, in theory, be enough to very slowly discern the contents of application memory remotely. This requires precise timing and constant measurement, so noisy network environments, such as the internet, will hamper exploitation to some extent.
That's the first stage. The next step is to pull out interesting data rather than grab temporary variables and other inconsequential stuff lying around in a program's memory – a step that is non-trivial.
"We show that Spectre attacks do not require local code execution but can also be mounted remotely," said Michael Schwartz, one of the NetSpectre researchers, in an email to The Register. "Moreover, with the new covert channel, we show that Spectre does not necessarily require the cache to leak values."
The major catch, described in a paper titled NetSpectre: Read Arbitrary Memory over Network, is that this side-channel attack only leaks 15 bits per hour, or 60 bits an hour via an AVX-based covert channel, which means it could take days to find and gather privileged information such as an encryption key or authentication token.
High-value targets
Schwartz reckons this data leakage is something people should worry about, although, admitted that the speed at which it can be conducted is a limiting factor.
"Luckily, the speed is quite limited, which makes this attack mainly interesting for targeted attacks on high-value targets," he said. "If the system is fully patched against Spectre, including the new gadget variants we show in the paper, the attack should be prevented. However, we are still at the beginning of understanding how Spectre gadgets can look like, so this is not a problem that is trivial to solve."
Spectre attacks manipulate the branch prediction mechanisms used in modern CPUs' speculative execution engines to force the target process to access memory in a way that leaks privileged information. Today's processors rely on speculative execution to run software at high speed, predicting where the flow of the program will go ahead and priming themselves with code and data in anticipation. It is possible to discern the contents of memory that is otherwise out of sight by manipulating and observing the effects of this predictive execution.
For a remote Spectre attack, the targeted device must include code that performs an operation such as an reading through an array in a loop with a bounds check on each iteration. The exploit abuses design decisions within the processor microarchitecture to induce speculative execution, and discern the content of memory as a result. The paper, written by Michael Schwarz, Daniel Gruss, Martin Schwarzl, Moritz Lipp, and Stefan Mangard of Austria's Graz University of Technology, calls these code fragments "Spectre gadgets."
Red Hat says it has been working with the researchers and plans to publish details about the impact on its products, if any, in a blog post on Friday. "We have not identified any viable userspace Spectre gadget attacks but are actively auditing all of the daemons that listen over the network and the rest of the stack," said Jon Masters, chief Arm architect and computer microarchitecture lead at Red Hat, via Twitter.
So far, as with the other Spectre and Meltdown variants and sub-variants, no malware is exploiting these flaws in the wild, that we know of.
fantaskarsef
Senior Member
Posts: 10716
Joined: 2014-07-21
Senior Member
Posts: 10716
Joined: 2014-07-21
#5568699 Posted on: 07/27/2018 09:16 AM
Graz...
Well, so far so good?
Graz...
"If the system is fully patched against Spectre, including the new gadget variants we show in the paper, the attack should be prevented. However, we are still at the beginning of understanding how Spectre gadgets can look like, so this is not a problem that is trivial to solve."
Well, so far so good?
Fox2232
Senior Member
Posts: 9737
Joined: 2012-07-20
Senior Member
Posts: 9737
Joined: 2012-07-20
#5568702 Posted on: 07/27/2018 09:27 AM
Graz...
Well, so far so good?
I think that quote you used says that mitigation for netspectre is not included in Spectre patches. Which seems to be consistent with intel's statement:
NetSpectre is an application of Bounds Check Bypass (CVE-2017-5753), and is mitigated in the same manner - through code inspection and modification of software to ensure a speculation stopping barrier is in place where appropriate. We provide guidance for developers in our whitepaper, Analyzing Potential Bounds Check Bypass Vulnerabilities, which has been updated to incorporate this method. We are thankful to Michael Schwarz, Daniel Gruss, Martin Schwarzl, Moritz Lipp, & Stefan Mangard of Graz University of Technology for reporting their research.
"If the system is fully patched against Spectre, including the new gadget variants..."
vs "If the system is fully patched against Spectre which includes the new gadget variants..."
Graz...
Well, so far so good?
I think that quote you used says that mitigation for netspectre is not included in Spectre patches. Which seems to be consistent with intel's statement:
NetSpectre is an application of Bounds Check Bypass (CVE-2017-5753), and is mitigated in the same manner - through code inspection and modification of software to ensure a speculation stopping barrier is in place where appropriate. We provide guidance for developers in our whitepaper, Analyzing Potential Bounds Check Bypass Vulnerabilities, which has been updated to incorporate this method. We are thankful to Michael Schwarz, Daniel Gruss, Martin Schwarzl, Moritz Lipp, & Stefan Mangard of Graz University of Technology for reporting their research.
"If the system is fully patched against Spectre, including the new gadget variants..."
vs "If the system is fully patched against Spectre which includes the new gadget variants..."
fantaskarsef
Senior Member
Posts: 10716
Joined: 2014-07-21
Senior Member
Posts: 10716
Joined: 2014-07-21
#5568704 Posted on: 07/27/2018 09:34 AM
Ah, I thought the quote says, that if you apply all the patches that are around so far, it should theoretically work, just that they have not yet toyed with every way to get into a system via a Spectre attack / gadget / kit that they haven't seen / tried yet.
Ah, I thought the quote says, that if you apply all the patches that are around so far, it should theoretically work, just that they have not yet toyed with every way to get into a system via a Spectre attack / gadget / kit that they haven't seen / tried yet.
386SX
Senior Member
Posts: 454
Joined: 2017-06-26
Senior Member
Posts: 454
Joined: 2017-06-26
#5568716 Posted on: 07/27/2018 10:06 AM
And yet another way of loosing your data.
Is there any "overview" of some kind to see what's currently happening in IT sec? Like some "comparision chart" with Intel and AMD and what security flaw affects which systems and when they get / got fixed? Would be nice to see.
But to break this info a bit down:
Almost every sensitive information you have, passwords, tokens, logins, certificates, etc. wander through your RAM one time or another. At some point everything you do gets shoveled through the RAM.
This attack here is a method to get this RAM's content (which itself is a dumb storage of 0's and 1's, the operating system puts those to use and / or protects sensitive parts by not allowing any access or specific access) to be read by some attacker over your network, if possible (means: if your router allows this) even through the internet.
To ease any upcoming panic:
If I read this correct, the attack was demonstrated through LAN (fastest kind of network possible to get to data, so "best case") and the rate of the data recovered is very low: 15 to 60 bits per hour.
That means if you own certificates to secure connections / servers and stuff (those typically are set to some 2048bit or greater key length) this takes:
ideal best case:
2048 : 60 = 34,13 (hours to get the key)
ideal worst case:
4096 : 15 = 237,067 (hours to get the key)
But that was the IDEAL best case, because as they said they couldn't "pinpoint the extraction". RAM gets shifted sometimes (moved to another location), flushed or filled with other stuff. Therefore it can happen you read a part of memory, then read it again after some time and it contains very different values. You are not this lucky to start extraction from the first bit on at the right part.
And because an attacker is typically set OUTSIDE of your house, over "internet" this attack is even more unreliable because of the "noise" on the line (other data sent through this line at the time you are listening for the "hacked packets").
And when you do not know where the key you want to extract is stored, good luck finding the right 2048+ bit on a system with 8GB RAM or more.
8GB = 68.719.476.736 bit
... at 15 to 60 bits per hour ....
means ~1.145.324.612 hours to process the 8GB RAM, that's ~130.745 YEARS !!!!! (calculated at attacker's "BEST" case with 60bits per hour to put "fear" in your hearts!)
So from my perspective:
a) This is another security issue which should be taken care of, because CPUs and GPUs get better and better over time (more processing power) so the attack may be more profitable in a few years / decades.
b) We don't have to worry about getting hit and successfully "hacked" by this within the next decade (I think).
And yet another way of loosing your data.
Is there any "overview" of some kind to see what's currently happening in IT sec? Like some "comparision chart" with Intel and AMD and what security flaw affects which systems and when they get / got fixed? Would be nice to see.
But to break this info a bit down:
Almost every sensitive information you have, passwords, tokens, logins, certificates, etc. wander through your RAM one time or another. At some point everything you do gets shoveled through the RAM.
This attack here is a method to get this RAM's content (which itself is a dumb storage of 0's and 1's, the operating system puts those to use and / or protects sensitive parts by not allowing any access or specific access) to be read by some attacker over your network, if possible (means: if your router allows this) even through the internet.
To ease any upcoming panic:
If I read this correct, the attack was demonstrated through LAN (fastest kind of network possible to get to data, so "best case") and the rate of the data recovered is very low: 15 to 60 bits per hour.
That means if you own certificates to secure connections / servers and stuff (those typically are set to some 2048bit or greater key length) this takes:
ideal best case:
2048 : 60 = 34,13 (hours to get the key)
ideal worst case:
4096 : 15 = 237,067 (hours to get the key)
But that was the IDEAL best case, because as they said they couldn't "pinpoint the extraction". RAM gets shifted sometimes (moved to another location), flushed or filled with other stuff. Therefore it can happen you read a part of memory, then read it again after some time and it contains very different values. You are not this lucky to start extraction from the first bit on at the right part.
And because an attacker is typically set OUTSIDE of your house, over "internet" this attack is even more unreliable because of the "noise" on the line (other data sent through this line at the time you are listening for the "hacked packets").
And when you do not know where the key you want to extract is stored, good luck finding the right 2048+ bit on a system with 8GB RAM or more.
8GB = 68.719.476.736 bit
... at 15 to 60 bits per hour ....
means ~1.145.324.612 hours to process the 8GB RAM, that's ~130.745 YEARS !!!!! (calculated at attacker's "BEST" case with 60bits per hour to put "fear" in your hearts!)
So from my perspective:
a) This is another security issue which should be taken care of, because CPUs and GPUs get better and better over time (more processing power) so the attack may be more profitable in a few years / decades.
b) We don't have to worry about getting hit and successfully "hacked" by this within the next decade (I think).
Fox2232
Senior Member
Posts: 9737
Joined: 2012-07-20
Senior Member
Posts: 9737
Joined: 2012-07-20
#5568718 Posted on: 07/27/2018 10:15 AM
And yet another way of loosing your data.
Is there any "overview" of some kind to see what's currently happening in IT sec? Like some "comparision chart" with Intel and AMD and what security flaw affects which systems and when they get / got fixed? Would be nice to see.
But to break this info a bit down:
Almost every sensitive information you have, passwords, tokens, logins, certificates, etc. wander through your RAM one time or another. At some point everything you do gets shoveled through the RAM.
This attack here is a method to get this RAM's content (which itself is a dumb storage of 0's and 1's, the operating system puts those to use and / or protects sensitive parts by not allowing any access or specific access) to be read by some attacker over your network, if possible (means: if your router allows this) even through the internet.
To ease any upcoming panic:
If I read this correct, the attack was demonstrated through LAN (fastest kind of network possible to get to data, so "best case") and the rate of the data recovered is very low: 15 to 60 bits per hour.
That means if you own certificates to secure connections / servers and stuff (those typically are set to some 2048bit or greater key length) this takes:
ideal best case:
2048 : 60 = 34,13 (hours to get the key)
ideal worst case:
4096 : 15 = 237,067 (hours to get the key)
But that was the IDEAL best case, because as they said they couldn't "pinpoint the extraction". RAM gets shifted sometimes (moved to another location), flushed or filled with other stuff. Therefore it can happen you read a part of memory, then read it again after some time and it contains very different values. You are not this lucky to start extraction from the first bit on at the right part.
And because an attacker is typically set OUTSIDE of your house, over "internet" this attack is even more unreliable because of the "noise" on the line (other data sent through this line at the time you are listening for the "hacked packets").
And when you do not know where the key you want to extract is stored, good luck finding the right 2048+ bit on a system with 8GB RAM or more.
8GB = 68.719.476.736 bit
... at 15 to 60 bits per hour ....
means ~1.145.324.612 hours to process the 8GB RAM, that's ~130.745 YEARS !!!!! (calculated at attacker's "BEST" case with 60bits per hour to put "fear" in your hearts!)
So from my perspective:
a) This is another security issue which should be taken care of, because CPUs and GPUs get better and better over time (more processing power) so the attack may be more profitable in a few years / decades.
b) We don't have to worry about getting hit and successfully "hacked" by this within the next decade (I think).
Who's to say that their LAN attack access is faster than many high value target network access?
And who's to say that they came with most efficient vector of attack? On 1st look it looks like they need to push gigabytes of data into victim computer to extract few bytes. But that does not sound right. How many datagrams/bytes has to come via network to forge request for particular access to protected memory? I think they forged method, but far from efficient one.
And yet another way of loosing your data.
Is there any "overview" of some kind to see what's currently happening in IT sec? Like some "comparision chart" with Intel and AMD and what security flaw affects which systems and when they get / got fixed? Would be nice to see.
But to break this info a bit down:
Almost every sensitive information you have, passwords, tokens, logins, certificates, etc. wander through your RAM one time or another. At some point everything you do gets shoveled through the RAM.
This attack here is a method to get this RAM's content (which itself is a dumb storage of 0's and 1's, the operating system puts those to use and / or protects sensitive parts by not allowing any access or specific access) to be read by some attacker over your network, if possible (means: if your router allows this) even through the internet.
To ease any upcoming panic:
If I read this correct, the attack was demonstrated through LAN (fastest kind of network possible to get to data, so "best case") and the rate of the data recovered is very low: 15 to 60 bits per hour.
That means if you own certificates to secure connections / servers and stuff (those typically are set to some 2048bit or greater key length) this takes:
ideal best case:
2048 : 60 = 34,13 (hours to get the key)
ideal worst case:
4096 : 15 = 237,067 (hours to get the key)
But that was the IDEAL best case, because as they said they couldn't "pinpoint the extraction". RAM gets shifted sometimes (moved to another location), flushed or filled with other stuff. Therefore it can happen you read a part of memory, then read it again after some time and it contains very different values. You are not this lucky to start extraction from the first bit on at the right part.
And because an attacker is typically set OUTSIDE of your house, over "internet" this attack is even more unreliable because of the "noise" on the line (other data sent through this line at the time you are listening for the "hacked packets").
And when you do not know where the key you want to extract is stored, good luck finding the right 2048+ bit on a system with 8GB RAM or more.
8GB = 68.719.476.736 bit
... at 15 to 60 bits per hour ....
means ~1.145.324.612 hours to process the 8GB RAM, that's ~130.745 YEARS !!!!! (calculated at attacker's "BEST" case with 60bits per hour to put "fear" in your hearts!)
So from my perspective:
a) This is another security issue which should be taken care of, because CPUs and GPUs get better and better over time (more processing power) so the attack may be more profitable in a few years / decades.
b) We don't have to worry about getting hit and successfully "hacked" by this within the next decade (I think).
Who's to say that their LAN attack access is faster than many high value target network access?
And who's to say that they came with most efficient vector of attack? On 1st look it looks like they need to push gigabytes of data into victim computer to extract few bytes. But that does not sound right. How many datagrams/bytes has to come via network to forge request for particular access to protected memory? I think they forged method, but far from efficient one.
386SX
Senior Member
Posts: 454
Joined: 2017-06-26
Senior Member
Posts: 454
Joined: 2017-06-26
#5568746 Posted on: 07/27/2018 12:23 PM
Who's to say that their LAN attack access is faster than many high value target network access?
And who's to say that they came with most efficient vector of attack? On 1st look it looks like they need to push gigabytes of data into victim computer to extract few bytes. But that does not sound right. How many datagrams/bytes has to come via network to forge request for particular access to protected memory? I think they forged method, but far from efficient one.
LAN is a definition. And I compared LAN to WAN/GAN/whatever, LAN therefore always has the least latency. If they tested on 10mbit LAN or 10gbit LAN, dunno. I only said LAN makes the attack easier (less noise and more control of the noise produced, which is hindering the attack as they wrote) INSTEAD of attacking through the internet / from the outside.
And from what I read when I read through my text again, I didn't state this would be the most efficient approach to that. But given the issue is new, this is the most efficient way SO FAR. I only took this exact case, this exact issue into the equation. And if what they did was the current "way to do it", then this is nothing to be scared of. That was all I meant.
And yes, I agree with you, this sounds like they found something, but probably not followed "the best way" to take use of it. Time will tell. Cheers.
Who's to say that their LAN attack access is faster than many high value target network access?
And who's to say that they came with most efficient vector of attack? On 1st look it looks like they need to push gigabytes of data into victim computer to extract few bytes. But that does not sound right. How many datagrams/bytes has to come via network to forge request for particular access to protected memory? I think they forged method, but far from efficient one.
LAN is a definition. And I compared LAN to WAN/GAN/whatever, LAN therefore always has the least latency. If they tested on 10mbit LAN or 10gbit LAN, dunno. I only said LAN makes the attack easier (less noise and more control of the noise produced, which is hindering the attack as they wrote) INSTEAD of attacking through the internet / from the outside.
And from what I read when I read through my text again, I didn't state this would be the most efficient approach to that. But given the issue is new, this is the most efficient way SO FAR. I only took this exact case, this exact issue into the equation. And if what they did was the current "way to do it", then this is nothing to be scared of. That was all I meant.
And yes, I agree with you, this sounds like they found something, but probably not followed "the best way" to take use of it. Time will tell. Cheers.
Fox2232
Senior Member
Posts: 9737
Joined: 2012-07-20
Senior Member
Posts: 9737
Joined: 2012-07-20
#5568751 Posted on: 07/27/2018 12:35 PM
LAN is a definition. And I compared LAN to WAN/GAN/whatever, LAN therefore always has the least latency. If they tested on 10mbit LAN or 10gbit LAN, dunno. I only said LAN makes the attack easier (less noise and more control of the noise produced, which is hindering the attack as they wrote) INSTEAD of attacking through the internet / from the outside.
And from what I read when I read through my text again, I didn't state this would be the most efficient approach to that. But given the issue is new, this is the most efficient way SO FAR. I only took this exact case, this exact issue into the equation. And if what they did was the current "way to do it", then this is nothing to be scared of. That was all I meant.
And yes, I agree with you, this sounds like they found something, but probably not followed "the best way" to take use of it. Time will tell. Cheers.
Just to clarify bit. I used your post as jumping platform. Questions there were meant for everyone to think about.
I think that even if this is pretty hard to pull (much harder than other spectre attacks), it is one which is most dangerous, because it does not need any kind of authentication or user mistake.
When spectre misuses unprotected browser, it is because user was on site which hosted spectre code. But here it 'only' takes network interface willing to receive and reply. I did not see full details to find out if you just need something like icmp reply, or one needs any opened socket like for RPC (even if it is to throw auth errors, because it is still receiving and sending packets).
LAN is a definition. And I compared LAN to WAN/GAN/whatever, LAN therefore always has the least latency. If they tested on 10mbit LAN or 10gbit LAN, dunno. I only said LAN makes the attack easier (less noise and more control of the noise produced, which is hindering the attack as they wrote) INSTEAD of attacking through the internet / from the outside.
And from what I read when I read through my text again, I didn't state this would be the most efficient approach to that. But given the issue is new, this is the most efficient way SO FAR. I only took this exact case, this exact issue into the equation. And if what they did was the current "way to do it", then this is nothing to be scared of. That was all I meant.
And yes, I agree with you, this sounds like they found something, but probably not followed "the best way" to take use of it. Time will tell. Cheers.
Just to clarify bit. I used your post as jumping platform. Questions there were meant for everyone to think about.
I think that even if this is pretty hard to pull (much harder than other spectre attacks), it is one which is most dangerous, because it does not need any kind of authentication or user mistake.
When spectre misuses unprotected browser, it is because user was on site which hosted spectre code. But here it 'only' takes network interface willing to receive and reply. I did not see full details to find out if you just need something like icmp reply, or one needs any opened socket like for RPC (even if it is to throw auth errors, because it is still receiving and sending packets).
Ricepudding
Senior Member
Posts: 492
Joined: 2017-02-17
Senior Member
Posts: 492
Joined: 2017-02-17
#5568752 Posted on: 07/27/2018 12:36 PM
I found a solution guys 100% works, cut your Ethernet cable a no boogieman can hurt you.
Only downside is no internet
But seriously this is getting ridiculous now, what on our pc isn't vulnerable at this stage?
I found a solution guys 100% works, cut your Ethernet cable a no boogieman can hurt you.
Only downside is no internet
But seriously this is getting ridiculous now, what on our pc isn't vulnerable at this stage?
386SX
Senior Member
Posts: 454
Joined: 2017-06-26
Senior Member
Posts: 454
Joined: 2017-06-26
#5568794 Posted on: 07/27/2018 02:54 PM
BIOS is writable after admin privs are gained.
Intel ME is writable in usermode sometimes and in admin mode almost ever and in pre-manufacturing mode (headers set to FF FF FF) everything is writable without any block at all.
AMD's ME counterpart is "hackable" like this socalled security professionals found out (cannot and will not remember the name).
Content of RAM is readable without any privs at all. (= This issue here)
Content of RAM is changeable (bit-flipping) to desired values.
USB may contain a keylogger in its physical model embedded (hardware hack) or put between the connector and the cable (like man in the middle).
LAN port can house so many security issues it is hilarious and shocking. Sniffing, phishing, fingering (NO, I do NOT talk about women here!!), exploiting encryption, packets, traffic in general by dozens of different attacks (man in the middle, 0day, buffer overflow, side channel, IP/MAC/identity spoofing, etc.) all give you the stuff you want.
The soundcard may be hacked to archive different things: send data (yes, you heard right: SEND DATA!), receive data (= malware), bit flipping, malware housing (firmware), crossflashing (flash a BIOS from your PCI soundcard, activate Windows 7 by PCI card, etc.)
SATA/IDE/SAS/FC controllers may be manipulated, by intentionally modding a BIOS you may disable them all (render them unusable). By ordering specific commands you could for example let the SSD do full disk defrag every 2 seconds after its previous run (= kill your SSD).
Every device what has got a firmware on it (USB, sound, LAN, chipset, Intel ME & AMD's counterpart, etc.) may be altered so it gets unusable or behaves not the way intended. Options are endless.
CPU may be altered, because of different tools you could set your OC to insane values and watch the computer POP like popcorn.
... there are more ... definitely!
Rule of thumb: If there is ANY logic or storage in there, it is hackable and therefore may not behave as expected.
So to answer your question: Nothing is secure, everything is vulnerable.
EDIT:
Did that once, didn't protect me from malware, even used the USA ones even though I live in Germany:
what on our pc isn't vulnerable at this stage?
BIOS is writable after admin privs are gained.
Intel ME is writable in usermode sometimes and in admin mode almost ever and in pre-manufacturing mode (headers set to FF FF FF) everything is writable without any block at all.
AMD's ME counterpart is "hackable" like this socalled security professionals found out (cannot and will not remember the name).
Content of RAM is readable without any privs at all. (= This issue here)
Content of RAM is changeable (bit-flipping) to desired values.
USB may contain a keylogger in its physical model embedded (hardware hack) or put between the connector and the cable (like man in the middle).
LAN port can house so many security issues it is hilarious and shocking. Sniffing, phishing, fingering (NO, I do NOT talk about women here!!), exploiting encryption, packets, traffic in general by dozens of different attacks (man in the middle, 0day, buffer overflow, side channel, IP/MAC/identity spoofing, etc.) all give you the stuff you want.
The soundcard may be hacked to archive different things: send data (yes, you heard right: SEND DATA!), receive data (= malware), bit flipping, malware housing (firmware), crossflashing (flash a BIOS from your PCI soundcard, activate Windows 7 by PCI card, etc.)
SATA/IDE/SAS/FC controllers may be manipulated, by intentionally modding a BIOS you may disable them all (render them unusable). By ordering specific commands you could for example let the SSD do full disk defrag every 2 seconds after its previous run (= kill your SSD).
Every device what has got a firmware on it (USB, sound, LAN, chipset, Intel ME & AMD's counterpart, etc.) may be altered so it gets unusable or behaves not the way intended. Options are endless.
CPU may be altered, because of different tools you could set your OC to insane values and watch the computer POP like popcorn.
... there are more ... definitely!
Rule of thumb: If there is ANY logic or storage in there, it is hackable and therefore may not behave as expected.
So to answer your question: Nothing is secure, everything is vulnerable.
EDIT:
if you apply all the patches that are around so far
Did that once, didn't protect me from malware, even used the USA ones even though I live in Germany:
schmidtbag
Senior Member
Posts: 4422
Joined: 2012-11-10
Senior Member
Posts: 4422
Joined: 2012-11-10
#5568824 Posted on: 07/27/2018 04:21 PM
If all you're trying to collect is login credentials, 60 bits per hour is plenty fast enough if your hack can't be detected.
If all you're trying to collect is login credentials, 60 bits per hour is plenty fast enough if your hack can't be detected.
Reddoguk
Senior Member
Posts: 1726
Joined: 2010-05-26
Senior Member
Posts: 1726
Joined: 2010-05-26
#5568849 Posted on: 07/27/2018 05:51 PM
I have a theory that someone somewhere wants to sell you some kind of hardware key and device to 100% secure ones electrical goods. Like chip and pin but for log ins. ^^
I have a theory that someone somewhere wants to sell you some kind of hardware key and device to 100% secure ones electrical goods. Like chip and pin but for log ins. ^^
slyphnier
Senior Member
Posts: 644
Joined: 2009-11-30
Senior Member
Posts: 644
Joined: 2009-11-30
#5568852 Posted on: 07/27/2018 06:00 PM
then can it pinpointed to collect only for login credentials ?
i think it only work like key-logger, it log-everything rather than specific things
except someone add more code for detection.... at that point i believe most security-companies will actively block/remove the threat
If all you're trying to collect is login credentials, 60 bits per hour is plenty fast enough if your hack can't be detected.
then can it pinpointed to collect only for login credentials ?
i think it only work like key-logger, it log-everything rather than specific things
except someone add more code for detection.... at that point i believe most security-companies will actively block/remove the threat
schmidtbag
Senior Member
Posts: 4422
Joined: 2012-11-10
Senior Member
Posts: 4422
Joined: 2012-11-10
#5568854 Posted on: 07/27/2018 06:03 PM
then can it pinpointed to collect only for login credentials ?
i think it only work like key-logger, it log-everything rather than specific things
I'm not sure, but that's a good point.
except someone add more code for detection.... at that point i believe most security-companies will actively block/remove the threat
But, kind of the sole reason why Spectre, Meltdown, and their variants are so scary is because they can't be detected. Maybe netspectre can, I'm not sure, but I have a feeling it can't.
then can it pinpointed to collect only for login credentials ?
i think it only work like key-logger, it log-everything rather than specific things
I'm not sure, but that's a good point.
except someone add more code for detection.... at that point i believe most security-companies will actively block/remove the threat
But, kind of the sole reason why Spectre, Meltdown, and their variants are so scary is because they can't be detected. Maybe netspectre can, I'm not sure, but I have a feeling it can't.
Fox2232
Senior Member
Posts: 9737
Joined: 2012-07-20
Senior Member
Posts: 9737
Joined: 2012-07-20
#5568857 Posted on: 07/27/2018 06:14 PM
There are few hints:
- intel hands out advices on how to code net applications which can't be misused for this attack => not detectable, therefore has to be prevented on micro level
- if detectable => not preventable without impact ... Why? Because if I attack your icmp driver and OS responds in blocking library handling those requests, I just successfully executed DoS attack.
- > Imagine connecting to RPC, database, tomcat, ... few hundreds of requests and something in OS detects compromised application => killed => Attack successful
But affected application can be quite easily coded to kick/block communication with anything that sends it trash. Except applications which accept anonymous connections like web servers. As there getting valid requests vs infected requests would be likely not detectable.
But, kind of the sole reason why Spectre, Meltdown, and their variants are so scary is because they can't be detected. Maybe netspectre can, I'm not sure, but I have a feeling it can't.
There are few hints:
- intel hands out advices on how to code net applications which can't be misused for this attack => not detectable, therefore has to be prevented on micro level
- if detectable => not preventable without impact ... Why? Because if I attack your icmp driver and OS responds in blocking library handling those requests, I just successfully executed DoS attack.
- > Imagine connecting to RPC, database, tomcat, ... few hundreds of requests and something in OS detects compromised application => killed => Attack successful
But affected application can be quite easily coded to kick/block communication with anything that sends it trash. Except applications which accept anonymous connections like web servers. As there getting valid requests vs infected requests would be likely not detectable.
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 9737
Joined: 2012-07-20
Are there any nails left? This is most serious of them all. No local code execution needed at all.
While 60 bits/hour is small number, it does not mean that there is no vastly improved version of this behind corner.