Intel PortSmash vulnerability found in all CPUs with Hyper Threading

Intel BTFO once again

https://web.archive.org/web/20181102155747/https://github.com/bbbrumley/portsmash

requires you to already have code execution on the machine in order to do anything with this

wow it's fucking nothing
malware can do bad things on your computer
grass is green
news at 11

>>2
thank you rabbi

>>3
rabbi?

>>2
Javascript.

>>5
nobody is forcing you to run malicious javascript

>>2
+1

Whomever OP is, I want them to mature quickly, or BTFO.
This affects SMT chips, all of them, esp. ARM7+.

>>2
This may surprise you, but there exist machines that execute code from multiple users. Often the users have different privilege levels and are supposed to be isolated from one another. Breaking that isolation is not "fucking nothing".

PortSmash attack punches hole in Intel's Hyper-Thread CPUs, leaves with crypto keys
https://www.theregister.co.uk/2018/11/02/portsmash_intel_security_attack/

Intel CPUs impacted by new PortSmash side-channel vulnerability
https://www.zdnet.com/article/intel-cpus-impacted-by-new-portsmash-side-channel-vulnerability/

Intel CPUs fall to new hyperthreading exploit that pilfers crypto keys
https://arstechnica.com/information-technology/2018/11/intel-cpus-fall-to-new-hyperthreading-exploit-that-pilfers-crypto-keys/

Researchers Exploit Another Intel Hyper-Threading Flaw
https://www.tomshardware.com/news/portsmash-intel-hyper-threading-flaw,38014.html

PortSmash attack exploits Intel’s Hyper-Threading architecture to steal your data
https://www.digitaltrends.com/computing/new-portsmash-attack-allow-attackers-to-steal-encrypted-data/

Intel CPUs Are Vulnerable to New PortSmash Side-Channel Exploit
https://www.hardocp.com/news/2018/11/02/intel_cpus_are_vulnerable_to_new_portsmash_sidechannel_exploit

Side-channel dubs leaking!

>>9
but /prog/ is anti-cloud so if you practice what you preach then you wouldn't be running some AWS EC2 t1.micropenis instance on some shared hypervisor

a shared server is like a public bathroom, it has everyone else's filth, gross!
a dedicated server is like your own -- it has shit on it, but it's only YOUR shit, so you're okay with that

a deditated serber with moar deditated wam is moar ekkusupensibu dough

>>6
Society is, basically. Want to use banking websites? Run javasript. Want to use your company's website? Enable javascript or find another job. Want to use a social networking site all your friends use to coordinate meetups? Better update that whitelist. And you can't even verify that scripts are non-malicious now with obfuscript being so trivial to make.

>>9

but there exist machines that execute code from multiple users.

Now you have multiple problems.

>>14

obfuscript

Thanks for the new word. Do you want credit for it? -O.E.D.

>>9
We have all kinds of issues and side channels, consider rowhammer, spectre, meltdown, etc. The solution is instead of bloating the processors to have a single privilege level and run virtual machines in it for each different user - or do something similar to Singularity that uses type checking to verify that the code does not try to access things that it is not allowed to.

>>17
what would prevent those VMs from accessing each other's data? now hypervisor does that, but you can't have a hypervisor on a single privilege level

>>15
Kinda like System and Administrator!
Don't act retarded, nobody programs for simple operations anymore. If you have a business, business requires multiple employees, which demand multiple users.
Even in the military you have chain of command that must at the least communicate with their chain to work efficiently.

Intel hasn't been securing their chips for 20 years, even against common guidelines. Speculative execution was the canary, and they've long breached it.