Matthew Garrett: cloud provider: oh hey you guys are back early
security researcher: cpu's haunted
cloud provider: what
security researcher: *flushing cache and reloading registers* cpu's haunted
4 replies, 366 likes
Underfox: Researchers have discovered a novel way to exploit speculative dereferences,enabling direct leakage of data values stored in registers, showing that this effect can be adapted to Foreshadow by using addresses not valid in any address space of the guest.
3 replies, 259 likes
Ian Coldwater 📦💥: HAPPY FRIDAY 💥
7 replies, 92 likes
halvarflake: I shouldn't comment on this, but I have repeatedly said (until my voice broke down): KASLR is not a mitigation that has a chance of surviving against a local attacker, and should not be treated as such.
Another case in point:
4 replies, 90 likes
Chandler Carruth: Alternate framing I prefer:
Researchers clearly document the extent and easiest mechanisms for some of the last rounds of speculative execution data leaks. While not novel, essential and overdue.
And in doing so, they found painful gaps in some systems' mitigations. 🤦🏻
0 replies, 49 likes
Tinker Fairy: They replaced the prefetches with NOPs and it still prefetches! 💖
3 replies, 38 likes
Adrian Rueegsegger: So @lavados, @misc0110 et al released a new paper called “ Speculative Dereferencing of Registers: Reviving Foreshadow” getting at the root cause of Foreshadow making it clear that it’s not just Intel that’s affected but AMD, ARM etc too. Nice work! https://arxiv.org/pdf/2008.02307.pdf https://t.co/1oNdNuWclJ
1 replies, 32 likes
/r/netsec: Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks https://modernnetsec.io/intel-arm-ibm-amd-processors-vulnerable-to-new-side-channel-attacks/
0 replies, 7 likes
Found on Aug 07 2020 at https://arxiv.org/pdf/2008.02307.pdf