Overclock.net - An Overclocking Community

Overclock.net - An Overclocking Community (https://www.overclock.net/forum/)
-   Hardware News (https://www.overclock.net/forum/225-hardware-news/)
-   -   [TH] New AMD Side Channel Attacks Discovered, Impacts Zen Architecture (https://www.overclock.net/forum/225-hardware-news/1743498-th-new-amd-side-channel-attacks-discovered-impacts-zen-architecture.html)

Talon2016 03-07-2020 12:37 AM

[TH] New AMD Side Channel Attacks Discovered, Impacts Zen Architecture
 
Quote:

A new paper released by the Graz University of Technology details two new "Take A Way" attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor. The researchers claim that the vulnerability impacts all AMD processors from 2011 to 2019, meaning that the Zen microarchitecture is also impacted.

https://www.tomshardware.com/news/ne...n-architecture

boot318 03-07-2020 12:43 AM

Intel's billions finally found something on AMD.

Quote:

"Additional funding was provided by generous gifts from Intel. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding parties."

"The researchers were able to exploit the vulnerability via JavaScript run on Chrome and Firefox browsers."

Is this a AMD problem or browser problem?

epic1337 03-07-2020 01:06 AM

Quote:

Originally Posted by boot318 (Post 28357864)
"The researchers were able to exploit the vulnerability via JavaScript run on Chrome and Firefox browsers."

Is this a AMD problem or browser problem?

both plus the website who uses a compromised javascript.
  • the platform that has a security exploit
  • the application that allows such exploit to run
  • the host of the exploit
sadly one of the main source of such exploits (ads) can have such an exploit running without the host site being aware of it, i wonder if the website owner can sue the ads provider for the damages done.

Darren9 03-07-2020 01:58 AM

I got this feeling that AMD micro-code updates to fix exploits won't be quite as smooth experience for everyone as it was with Intel, we'll see though :)

umeng2002 03-07-2020 05:23 AM

Time for everyone to sell their AMD CPU and get Intel... oh wait...

rluker5 03-07-2020 05:50 AM

I wonder if the researchers also needed local administrative access and privileges to install and run malware on the target computer like with getting all of the Intel vulnerabilities to work minus Meltdown, or if it can be done solely with remote unprivileged interaction. That would make a difference if you had to run noscript to be secure. But at least that option already exists if you want to have an instant fix while dealing with your bank related information online.

bonami2 03-07-2020 06:59 AM

What.... JAVA has being know to be easy to implement malware and stuff in there pluggin for like 15 years. Time to stop using it...

rluker5 03-07-2020 07:29 AM

Quote:

Originally Posted by bonami2 (Post 28358026)
What.... JAVA has being know to be easy to implement malware and stuff in there pluggin for like 15 years. Time to stop using it...

Java =/= JavaScript. They do sound similar though.

WannaBeOCer 03-07-2020 07:36 AM

399 Attachment(s)
Not shocking, as AMD's market share increases the more researchers will test AMD's hardware. It was just a matter of time.

Quote:

This has, of course, generated plenty of attention, but it is noteworthy that the study's Intel-funded co-authors have also disclosed Intel vulnerabilities in the past (10 on Intel, including Spectre, Meltdown, and Zombieload, three on ARM, two on AMD, and one on IBM). The lead researcher also responded on Twitter, disclosing that Intel funds some of its students and the university fully discloses the sources of its funding. He also noted that Intel doesn't restrict the universities' academic freedom and independence, and that Intel has funded the program for two years.

Intel has disclosed, as recently as two weeks ago, that it funds research into product security and also awards prizes to researchers for finding holes in its architectures (Intel Bug Bounty program PDF), so this doesn't appear to be a case of Intel directly funding research against its competitor. The paper also engages in responsible disclosure of its funding sources, which makes any nefarious intent questionable. To cover the bases, we've also reached out to Intel for comment on the matter. According to the paper, Intel has already patched a similar vulnerability in its processors.

Schmuckley 03-07-2020 08:12 AM

Ask me how much I care? Seriously. This is like that "Oh noees, there's an exploit in GeForce Experience" thread.

Show me an actual instance of the exploit working.

Pah! Tom'sHardware? Javascript in browsers? Well uh-duh!

This has been going on for 20 years, seriously.

Use Netscape Navigator, problem solved!

Or NoScript.

This is not a CPU exploit..not at all.

I wonder how much Intel bribed Tom's to print that load of hot bovine excrement.

This is a total waste of internet. FUD at its epitome.

When that Intel-sponsored school can hack my box and actually do something after I give them my ip, then there's something.


All times are GMT -7. The time now is 03:44 AM.

Powered by vBulletin® Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
vBulletin Security provided by vBSecurity (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.

vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.