my take on computers is "oh well, that was fun - sometimes, when it wasn't destroying society, being used to kill people or simply not working at all while we made our whole infrastructure rely on it - while it lasted, I guess"

oh there's a red hat advisory that says "uh yeah you'll need to update hardware to mitigate this. It's not used yet so that's all we have to say"

to be perfectly clear this is not an attack that's exploitable right now as there's no public exploit, only a proof of concept, and it's pretty hard to exploit. but it's also almost impossible to mitigate and has incredibly far reaching implications

@velartrill @wxcafe How many more of these system architecture vulnerabilities does it take until they realize that maybe the web shouldn’t be entirely based on running arbitrary code?

@velartrill @wxcafe Yeah I guess a lot of people will be out of a job then and we can’t let that happen, can we.


I think most non-security people think that this distinction is bigger than it is.

(concept of an attack vs practical proof of concept)

It's like deprecating bad cryptography: theoretical attacks gradually become practical ones and it takes a really long time to mitigate stuff. Hardware is in that category too.

No idea why governments (ok, US+EU) do not have hardware security verification task forces yet with serious funding.

Instead we rely on...Uni Graz etc to find the problems.

@szbalint sure, but I mean it's not like heartbleed where you could just take the piece of code and run it to get data, here you need to figure out what you're trying to read, massage the memory, get the data, recover it, etc

@wxcafe @szbalint Why fiddle around with all of this complicated stuff when plain old application level memory unsafety bugs are so easy to find and exploit

@elomatreb @szbalint basically yeah. I mean nation-state or determined attackers could exploit this (my employer hosts some stuff for french ministries, for example), but script kiddies probably won't (not immediately at least)

@wxcafe @szbalint And even nation states, tbh

Another example: Why pay billions of dollars for super/quantum computers to crack cryptography when you could also just spend thousands of dollars on a few programmers to take a long hard look at some C code buried in an obscure corner of OpenSSL
@wxcafe This is getting into weird strategic theorycrafting of course, but if the NSA started to buy Lorge quantum computer today to crack cryptography, the relevant nation state adversaries against which they would want to use it would surely take notice and adapt (so your attack doesn't even have to actually happen to be detected and mitigated).

The mere suggestion of practical quantum computers at Some Point In The Next 20 Years is got cryptographers get really busy developing safer alternatives

@szbalint @wxcafe Those task forces exist, they're inside the spot agencies, and they try to collect vulnerabilities rather than prevent them.

@wxcafe AMD CPUs have a feature to encrypt VMs' RAM, it looks like it could work as a mitigation.

@val yeah SEV, I read about it

that's nice and all, but uh, noone uses AMD cpus in datacenters, so. It'd still require changing all hardware

@wxcafe Some Kimsufi/Soyoustart and servers have an AMD CPU; though only Online's seem to be recent enough to support this extension

@val yeah, very low end dedicated hardware have this

dedicated hardware doesn't really need this though. cloud providers need this, and everyone uses intel

@wxcafe cloud hosting companies are so fucked (mostly by Intel but also by other hardware makers aswell).

Turns out security has to start in the hardware. If one thing Intel has learned since 1990 is never to acknowledge the impact of a hardware bug/design issue.

@wxcafe I'd love to see Project Zero's "unfixable hardware vulnerabilities" list and their mitigation planning.

That kind of thing turns people towards bottles of vodka.

@szbalint @wxcafe The problem is trust. They trust anyone to upload and run arbitrary content, and then they trust that multiple users can be trusted not to attack each other's content, the system itself, or both.

@wxcafe hmmmmm so this sounds like "pi clusters" might be the answer, right? well, not exactly pi's but something more robust yet cheap

@wxcafe oh FFS, we aren't even secure on a chip with no branch prediction now

@falkreon @wxcafe my thoughts exactly, how screwed are we in general now? Do remotely secure systems even exist?

@thufie @falkreon I mean to exploit this an adversary still needs to get onto your server, so if you're not on the cloud then it's not as big a threat

@wxcafe @falkreon but still this is only the 300th ring-escalation exploit since meltdown and spectre, so are permissions just a charade or what?

We really need to start designing for security instead of patching for it...

@thufie @wxcafe Sure, but I think what wxcafe's saying is, any security needs to be tempered by a threat model. You can't, by design, worry about everything.

On a server, if you can privelege-escalate, you can then steal data from *the other customers of the cloud service*. That's what makes it financially lucrative. That's why the voltage and timing tricks are, in any universe, worth it.

Meanwhile, windows barely even has ASLR, so these attacks aren't really needed on most desktops. Softer targets abound


Sign in to participate in the conversation

This is a mastodon instance for social justice activists, LGBTQIA+ people, and activists in general See the Goals and technical details, and Rules and privacy policy pages for more information