Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Meltdown/Spectre: Read Arbitrary Memory over Network
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
mike155
Guru
Guru


Joined: 17 Sep 2010
Posts: 566
Location: Frankfurt, Germany

PostPosted: Fri Jul 27, 2018 2:41 pm    Post subject: Meltdown/Spectre: Read Arbitrary Memory over Network Reply with quote

ADMIN EDIT: Continued from Meltdown/Spectre: Unauthorized Disclosure of Kernel Memory --pjp

Spectre attacks over the network - this is the news that everyone has been waiting for! :-(

https://misc0110.net/web/files/netspectre.pdf

Quote:
[...] In this paper, we present NetSpectre, a generic remote Spectre variant 1 attack. For this purpose, we demonstrate the first access- driven remote Evict+Reload cache attack over network, leaking 15 bits per hour. Beyond retrofitting existing attacks to a network scenario, we also demonstrate the first Spectre attack which does not use a cache covert channel. Instead, we present a novel high- performance AVX-based covert channel that we use in our cache- free Spectre attack. [...]

Quote:
[...]Responsible Disclosure. We disclosed our results to Intel on March 20th, 2018 and agreed on a disclosure date in late July 2018.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 6763
Location: almost Mile High in the USA

PostPosted: Sat Jul 28, 2018 2:48 pm    Post subject: Reply with quote

Not sure of its value: 15 bits per hour on an ASLR machine is tough to get specific data... and then what if the network latency is randomized. I also think it should be possible for IDS will pick up on the access pattern well before any amount of reasonable data is picked up (or perhaps even regular use from other machines at the same time is enough to throw off timing). Also I don't think distributed network accesses is helpful, so DDoS reading a machine's memory will get you more variability and tougher to get data...

This is still just theory, would like to see an actual attack that breaks the internet... granted this does not need special software on the target machine...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
barophobia
Apprentice
Apprentice


Joined: 27 Apr 2004
Posts: 227
Location: somewhere

PostPosted: Mon Jul 30, 2018 3:49 am    Post subject: Reply with quote

The paper does mention that adding randomness to network latency and monitoring for DDOS or something like that will make the attack not feasible.

I imagine this will be used once you get access to internal networks where you are not monitoring for DDOS and network latency is more stable.
_________________
An apple is an apple unless you say it is not an apple!
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 6763
Location: almost Mile High in the USA

PostPosted: Thu Aug 02, 2018 9:13 pm    Post subject: Reply with quote

hmm... x86 KPTI not in 4.14.52:
Processor: Pentium-M Dothan 1.6GHz
Code:
# cat /sys/devices/system/cpu/vulnerabilities/*
Vulnerable
Vulnerable
Mitigation: __user pointer sanitization
Mitigation: Full generic retpoline

Not looking forward to any more speed penalties...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum