|
Wiggly Wayne DDS posted:start of a thread: It really is scary that rowhammer's back from the dead.
|
#
?
Jan 3, 2018 14:32
|
|
|
|
| # ? May 13, 2024 21:46 |
|
|
Wiggly Wayne DDS posted:e: just to be clear i do think there's a ton of hysteria for what is rowhammer again That seems to be the sense I'm getting trying to suss out the meaning of a bunch of vague comms about embargoed info. Still no read on if this is a financial catastrophe for Intel or not.
|
|
#
?
Jan 3, 2018 14:34
|
|
|
mrmcd posted:That seems to be the sense I'm getting trying to suss out the meaning of a bunch of vague comms about embargoed info. Still no read on if this is a financial catastrophe for Intel or not.
|
|
#
?
Jan 3, 2018 14:35
|
|
|
Wiggly Wayne DDS posted:if this wasn't embargoed it wouldn't have 5 threads trying to talk about it but the mystery just draws in speculation As long as you don't execute based on pure speculation you should be fine.
|
|
#
?
Jan 3, 2018 14:37
|
|
|
mrmcd posted:As long as you don't execute based on pure speculation you should be fine.
|
|
#
?
Jan 3, 2018 14:52
|
|
|
mrmcd posted:As long as you don't execute based on pure speculation you should be fine. https://www.youtube.com/watch?v=kJaM8qJNx8M
|
|
#
?
Jan 3, 2018 15:16
|
|
|
stolen from the grey thread
|
|
#
?
Jan 3, 2018 15:51
|
|
|
in theory a poc appears: https://twitter.com/brainsmoke/status/948561799875502080
|
|
#
?
Jan 3, 2018 16:09
|
|
|
Avenging_Mikon posted:Right, I keep forgetting that America is ultra-turbo-hosed, as opposed to the turbo-hosed it was previously. Y’all should move to Canada. We’re legalizing weed nationwide. What do you think the OSC does when something like this happens? I'm interested to understand what part you think the SEC should copy. OSC requires annual reporting against the ASDP, not per-sale. Canada is known internationally for having poo poo enforcement of domestic and international financial crime. Our record on insider trading is especially laughable.
|
|
#
?
Jan 3, 2018 16:49
|
|
|
something something lord black of crossharbouring a fugitive
|
|
#
?
Jan 3, 2018 16:59
|
|
|
https://twitter.com/martijn_grooten/status/948581711696351237
|
|
#
?
Jan 3, 2018 17:26
|
|
|
Uhhhhhhh I'm seeing a coinhive.js miner thing that hit a browser and my logs say its signed with a Juniper cert. What the gently caress? Dunno if someone can track down a copy or something but here's the hash: 7A4ED680D5E94D437D2C9D41B07349D308A2E724D3C26C51A420DBBFF49ADADD
|
|
#
?
Jan 3, 2018 17:40
|
|
|
that's coinhive.min.js, do you happen to have a juniper box in your route reinspecting but somehow missing this?
|
|
#
?
Jan 3, 2018 17:44
|
|
|
^^^^^^^ Beat me to it, did it get inspected and re-packed? BangersInMyKnickers posted:Uhhhhhhh I'm seeing a coinhive.js miner thing that hit a browser and my logs say its signed with a Juniper cert. What the gently caress? Forged maybe?
|
|
#
?
Jan 3, 2018 17:44
|
|
|
Client system with no inline inspection, this thing came straight from the net. I hope like hell the signing is invalid but also Juniper can be loving idiots and I wouldn't put it past them to lose their signing keys. I don't have access to the system and this hellfucker AV platform doesn't let me pull from a quarantine remotely so all I have is the hash right now.
|
|
#
?
Jan 3, 2018 17:46
|
|
|
Subjunctive posted:What do you think the OSC does when something like this happens? I'm interested to understand what part you think the SEC should copy. OSC requires annual reporting against the ASDP, not per-sale. As far as I was aware, the OSC focuses just on Ontario (because the TSE is there, I know), and there's not really a Canada-wide equivalent to the SEC because Canada's just leaned on the SEC to take care of everything. I don't really think the OSC does anything, which is why I didn't say "come to Canada, we prosecute our financial criminals" I said "come to Canada, we're legalizing weed nationwide." The white-collar poo poo doesn't really get better on our side of the border. We're still less poo poo than the US overall though, and I think all Americans should become Canadians. 
|
|
#
?
Jan 3, 2018 17:54
|
|
|
BangersInMyKnickers posted:Client system with no inline inspection, this thing came straight from the net. I hope like hell the signing is invalid but also Juniper can be loving idiots and I wouldn't put it past them to lose their signing keys. I don't have access to the system and this hellfucker AV platform doesn't let me pull from a quarantine remotely so all I have is the hash right now. Source for the page request?
|
|
#
?
Jan 3, 2018 18:09
|
|
|
Cybernetic Vermin posted:if the details we have so far are correct there will be almost no impact on "pure" cpu-intensive loads, since the fix so far suggested is a huge overhead on syscalls as the entire kernel pagetable needs to be established on entry and then fully discarded on exit. if there is a microcode fix it may indeed have some impact, but we have no idea what that would look like in that case. since games mostly avoid doing io during gameplay (and to the extent they do it is large streaming chunks), and graphics drivers bulk calls in userspace, most games should be fine, they just don't syscall much bearing in mind that every context switch between processes will involve unmapping the kernel so as a consumer you're fine, if you only have one process running on the system. i hope you like classic dos gaming
|
|
#
?
Jan 3, 2018 18:36
|
|
|
CommieGIR posted:Source for the page request? Don't know yet. Looks like its coming in through a resident dropper that isn't being detected by anything at the moment. I'll need to send someone out to pull the thing so we can pick at it.
|
|
#
?
Jan 3, 2018 18:38
|
|
|
context switching already trashes your userspace tlb caches, i doubt the new effects from pti are going to be significantly measurable compared to that
|
|
#
?
Jan 3, 2018 18:41
|
|
|
BangersInMyKnickers posted:Don't know yet. Looks like its coming in through a resident dropper that isn't being detected by anything at the moment. I'll need to send someone out to pull the thing so we can pick at it.
|
|
#
?
Jan 3, 2018 18:44
|
|
|
anthonypants posted:is it one of those captive-portals-with-a-bitcoin-miner?
|
|
#
?
Jan 3, 2018 18:45
|
|
|
anthonypants posted:is it one of those captive-portals-with-a-bitcoin-miner? I don't think so. The coinminer.js is coming in through some dropper that's packed in three+ layers of compressed archives. Its weird as hell and either Juniper lost their signing cert or they're doing something extremely weird that would expose their signing keys inappropriately.
|
|
#
?
Jan 3, 2018 18:50
|
|
|
despite recent performance it appears apple have not fired all of their security professionals https://twitter.com/aionescu/status/948609809540046849
|
|
#
?
Jan 3, 2018 19:00
|
|
|
Wiggly Wayne DDS posted:start of a thread: well, it did lack practical relevance -- the KASLR is Dead: Long Live KASLR paper describes two attacks: 1) when you attempt to read a kernel address, you can measure the difference between reading a page that isn't mapped and reading a page that is mapped but you don't have permission to access and 2) sometimes on some CPUs you can extract part of a kernel code address by measuring branching speed to figure out what's in the BTB. the first one isn't useful, it tells you where data is and where data isn't but it doesn't tell you what data is where, which is what you actually need to build a ROP chain targeting the kernel, and the second was so unreliable that it isn't useful on most hardware it was extending this to timing the results of speculative reads that made the attack so interesting
|
|
#
?
Jan 3, 2018 19:05
|
|
|
Wiggly Wayne DDS posted:in theory a poc appears: lol that was quick. hosed up if true
|
|
#
?
Jan 3, 2018 19:24
|
|
|
Notorious b.s.d. posted:bearing in mind that every context switch between processes will involve unmapping the kernel i don't think that'll be much of an issue at all. for one scheduling quanta are huge compared to the rate of syscalls e.g. a database system produces, and further a process switch involves changing page tables anyway, so while the kernel mapping step (which may involve modifying the actual table rather than just setting c3?) does not happen the tlb is getting invalidated anyway, so a pretty big chunk of the cost was there no matter what possibly even better, i am not sure about the details, but quite likely the kernel can just maintain two page tables in parallel for each process, one for the kernel view and one for the process view, making a process switch cost just two tlb invalidations where it used to be one (quantum expiring, breaking into kernel with a switch to the kernel view for that process, then another switch to new process), where the first invalidation is likely to be very low impact since the kernel has very little work to do (few pages to touch) to just switch to the new process. that still makes every syscall a tlb flush though which is what is a huge cost compared to how it works when the page table could be left alone
|
|
#
?
Jan 3, 2018 19:25
|
|
|
sure it took a while for those PoC papers to pay off but you have to admit it was worth the wait. it will be interesting to see what the microcode fix will be. iirc those attacks aren't actually all that likely to work individually but instead rely on being able to repeatedly hammer the caches with the attack millions of times per second until sheer luck wins out. I wonder if it might be possible to watch for access patterns and faults indicative of the attack and halt/flush everything when they are spotted. I don't know how much flexibility they have with the hardware they are working to fix.
|
|
#
?
Jan 3, 2018 19:28
|
|
|
https://twitter.com/valarauca1/status/948624846757310464 loving the hardware features that require permanently mapped virtual addresses
|
|
#
?
Jan 3, 2018 19:54
|
|
|
welp, at least x86 had a good run
|
|
#
?
Jan 3, 2018 20:44
|
|
|
Itanium Is Back, Baby!
|
|
#
?
Jan 3, 2018 20:45
|
|
|
But it doesn't effect AMD?
|
|
#
?
Jan 3, 2018 20:47
|
|
|
CommieGIR posted:But it doesn't effect AMD? looks like the amd patch is not getting into the first kernel release, and who the gently caress knows how microsoft is going to handle the issue.
|
|
#
?
Jan 3, 2018 20:49
|
|
|
CommieGIR posted:But it doesn't effect AMD?
|
|
#
?
Jan 3, 2018 20:58
|
|
|
well i was planning on building a new pc this year but i guess im waiting for the next gen of intel chips 
|
|
#
?
Jan 3, 2018 21:24
|
|
|
Kuvo posted:well i was planning on building a new pc this year but i guess im waiting for the next gen of intel chips on the other hand AMD has always been honest about a 30% performance hit
|
|
#
?
Jan 3, 2018 21:31
|
|
|
hobbesmaster posted:on the other hand AMD has always been honest about a 30% performance hit 
|
|
#
?
Jan 3, 2018 21:36
|
|
|
hobbesmaster posted:on the other hand AMD has always been honest about a 30% performance hit i lold
|
|
#
?
Jan 3, 2018 21:37
|
|
|
Notorious b.s.d. posted:so as a consumer you're fine, if you only have one process running on the system. i hope you like classic dos gaming
|
|
#
?
Jan 3, 2018 21:48
|
|
|
|
| # ? May 13, 2024 21:46 |
|
|
hobbesmaster posted:on the other hand AMD has always been honest about a 30% performance hit idgi
|
|
#
?
Jan 3, 2018 22:05
|
|
