meltdown – WindowsTechs.com

How can a timing/cache side-channel attack be performed? How can attack know the time of which certain instructions are performed by the victim?

Posted on July 9, 2024 by AllExJ

About timing my question is:
How can attack know the time of which certain instructions are performed by the victim?
And about the cache, how can attacker know which cache line is being accessed by the victim? Is this doable in "norma… Continue reading How can a timing/cache side-channel attack be performed? How can attack know the time of which certain instructions are performed by the victim?→

Are Haswell CPUs still secure? Do they still get microcode updates?

Posted on July 20, 2022 by schaman

I have a Dell laptop with a Haswell CPU, and the recent Retbleed vulnerabilities made me think how vulnerable it is in general. The whitepaper implies Haswell quite a lot, but it wasn’t tested. I keep my microcode package up-to-date, but i… Continue reading Are Haswell CPUs still secure? Do they still get microcode updates?→

How to select a CPU to buy for the best security?

Posted on November 29, 2021 by Teekin

Various versions of Spectre, Meltdown, Foreshadow and ZombieLoad make it quite the jungle trip to navigate which CPUs are affected, how to mitigate them.
Right now, my problem is that I need a new computer but I want to make sure that I bu… Continue reading How to select a CPU to buy for the best security?→

Are CPU side-channel attacks still a concern on VPSs

Posted on October 14, 2021 by Letal1s

I’ve been looking into getting a VPS to run an OpenVPN server on and a few other things. I’ve been speaking to a hosting company and they have sent me this screenshot to show they are protected against all currently known exploits on their… Continue reading Are CPU side-channel attacks still a concern on VPSs→

Does enabling SharedArrayBuffers via service worker headers create Spectre vulnerability?

Posted on October 7, 2021 by ultraGentle

In browsers, use of SharedArrayBuffer is restricted to sites with the following HTTP headers because otherwise it exposes vulnerabilities to Spectre and Meltdown.
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-… Continue reading Does enabling SharedArrayBuffers via service worker headers create Spectre vulnerability?→

Is protecting against Meltdown and Spectre on virtual servers actually possible?

Posted on September 27, 2021 by Letal1s

I’ve been reading into the Meltdown and Spectre bugs recently and the issues they cause for virtualised servers, as memory in one VM can potentially be accessed by another user in a separate VM with the same host.
I found this article on D… Continue reading Is protecting against Meltdown and Spectre on virtual servers actually possible?→

Understanding the Meltdown vulnerability

Posted on September 14, 2021 by Segmentation fault

I need to write a simple program that demonstrates a race condition. I picked the Meltdown vulnerability.
I want to clarify something. I’m following this explanation https://resources.infosecinstitute.com/topic/race-conditions-exploitation… Continue reading Understanding the Meltdown vulnerability→

Are there any class of systems where it is safe to disable spectre and meltdown patches

Posted on May 28, 2021 by computinglife

I was not able to find a definite answer to the question whether it is safe to disable spectre and meltdown vulnerabilities but i could articles that suggests the defaults might be revisited & windows seems to allow the disabling of th… Continue reading Are there any class of systems where it is safe to disable spectre and meltdown patches→

Can a meltdown attack also violate data integrity of other processes or is it just violating data secrecy?

Posted on April 28, 2021 by Minh Nguyen Nhat

Can a meltdown attack also violate data integrity of other processes by obtaining different passwords or is it just violating data secrecy by reading data it is unauthorized to do?

Continue reading Can a meltdown attack also violate data integrity of other processes or is it just violating data secrecy?→

Can Software-based fault isolation (SFI) prevent meltdown?

Posted on April 28, 2021 by Minh Nguyen Nhat

Suppose we have a complete implementation of SFI on a CPU hardware that is vulnerable to meltdown attacks that also happens to run a Linux kernel that is also vulnerable to meltdown attacks. Can SFI alone prevent these meltdown attacks fro… Continue reading Can Software-based fault isolation (SFI) prevent meltdown?→