Collaborate Disseminate
I learned a new acronym while reading about a set of flaws in the Dell BIOS update system. Because Dell has patched their driver, but hasn’t yet revoked the signing …read more Continue reading This Week in Security: BYOVD, Spectre Vx, More Octal Headaches, and ExifTool
It’s been three years, but now researchers have disclosed new attacks on speculative execution in Intel and AMD chips.
The post Specter of Spectre is Back, in New Micro-Op Cache Vuln appeared first on Security Boulevard.
Continue reading Specter of Spectre is Back, in New Micro-Op Cache Vuln
If you have looked into this demo of Spectre in JavaScript: Did I get it right that only current site memory can be accessed, due to site isolation etc? I saw there is also an addon to detect attackts (Spectroscope). Can somebody describe … Continue reading What is the impact and threat of Spectre in Javascript?
I am learning the prime+probe algorithm in side channel attacks. But I am puzzled. Its steps are:
prime: fill each cache set with its own data
delay: trigger the victim to access
probe: Detect whether the data in each cache set is still th… Continue reading Will prime+probe be affected by variables in the program?
Microsoft and three major computing vendors — AMD, Intel and Qualcomm Technologies — on Tuesday said they would produce security chips designed to keep attackers from stealing critical data such as encryption keys and credentials from computing systems. The goal is to guard against a relatively new breed of attack techniques, made famous by the 2018 Spectre and Meltdown vulnerabilities, that pry data from a computer’s most sensitive enclaves. To do this, Microsoft said it will store critical data on the chip itself, isolating it from the rest of the system. Advocates of the new security chip, known as Pluton, say it will cut off a key vector for data-stealing attacks: a communication channel between a computing system’s central processing unit (CPU) and another piece of hardware known as the trusted platform module (TPM). In one example of that type of attack, researchers from security company NCC Group in 2018 […]
The post Microsoft’s new ‘Pluton’ security processor gets buy-in from Intel, AMD appeared first on CyberScoop.
Continue reading Microsoft’s new ‘Pluton’ security processor gets buy-in from Intel, AMD
Intel’s addition of memory encryption to its upcoming 3rd generation Xeon Scalable processors matches AMD’s Secure Memory Encryption (SME) feature. Continue reading Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips
Researchers have published frightening details on what they’re calling BlindSide, which relies on co-opting our old friend speculative execution.
The post BlindSide: Intel/AMD Speculation Bugs Under Microscope Again appeared first on Security Boulevar… Continue reading BlindSide: Intel/AMD Speculation Bugs Under Microscope Again
I asked the same question on Stack Overflow, but I got no answers and I was suggested to ask it here.
Abbreviations used:
CORP: Cross Origin Resource Policy
CORS: Cross Origin Resource Sharing
CORB: Cross Origin Read Blocking
SSCAs: specu… Continue reading Why are cross-origin isolation and CORB/CORP both needed? [closed]
I’m trying to understand and perform the Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR. The author have released the proof-of-concept code.
I’m trying to run the attack on my Intel Haswell machine, using Linux Ubuntu 20.04, … Continue reading Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR
I researched CPU vulnerabilities in the past, such as Specter and Meltdown.
I read that one of those attacks is made easier if the code is a certain way. I cannot remember if it was related to being efficiently written, securely written, o… Continue reading Secure code makes exploitation easier with CPU vulnerabilities?