Overclock.net - An Overclocking Community

Overclock.net - An Overclocking Community (https://www.overclock.net/forum/)
-   Hardware News (https://www.overclock.net/forum/225-hardware-news/)
-   -   [TH] New AMD Side Channel Attacks Discovered, Impacts Zen Architecture (https://www.overclock.net/forum/225-hardware-news/1743498-th-new-amd-side-channel-attacks-discovered-impacts-zen-architecture.html)

Schmuckley 03-07-2020 08:24 AM

Quote:

Originally Posted by boot318 (Post 28357864)
Intel's billions finally found something on AMD.




"The researchers were able to exploit the vulnerability via JavaScript run on Chrome and Firefox browsers."

Is this a AMD problem or browser problem?

Sounds like javascript problem. NoScript fixes it.

Seriously, malicious javascript sites have been going up since just before 2000.

WannaBeOCer 03-07-2020 08:24 AM

Quote:

Originally Posted by Schmuckley (Post 28358072)
Ask me how much I care? Seriously. This is like that "Oh noees, there's an exploit in GeForce Experience" thread.

Show me an actual instance of the exploit working.

Pah! Tom'sHardware? Javascript in browsers? Well uh-duh!

This has been going on for 20 years, seriously.

Use Netscape Navigator, problem solved!

Or NoScript.

This is not a CPU exploit..not at all.

I wonder how much Intel bribed Tom's to print that load of hot bovine excrement.

It's a cache attack that can be exploited using JavaScript via a web browser. We'll see how quickly AMD addresses it.

You can read about it here: https://mlq.me/download/takeaway.pdf

Schmuckley 03-07-2020 08:25 AM

Quote:

Originally Posted by WannaBeOCer (Post 28358088)
It's a cache attack that can be exploited using JavaScript via a web browser. We'll see how quickly AMD addresses it.

You can read about it here: https://mlq.me/download/takeaway.pdf

How do they get the IP to do that? NoScript stops all that, problem solved.

Bro, in 1998, the people I knew were the ones making the javascript upload clone sites, k?

Copy site, add javascript addition, find host and mimic orig site. This is NOT news.
Also it works on everything, even MACs :o

This isn't just some AMD-specific exploit, it's a javascript thing.

WannaBeOCer 03-07-2020 08:38 AM

399 Attachment(s)
Quote:

Originally Posted by Schmuckley (Post 28358092)
How do they get the IP to do that? NoScript stops all that, problem solved.

Bro, in 1998, the people I knew were the ones making the javascript upload clone sites, k?

Copy site, add javascript addition, find host and mimic orig site. This is NOT news.
Also it works on everything, even MACs [IMG class=inlineimg]/forum/images/smilies/redface.gif[/IMG]

This isn't just some AMD-specific exploit, it's a javascript thing.

It's an AMD cache exploit, the news is right in front of you. Just takes a minute to read. Something I noticed people stopped doing on this site.

Quote:

To optimize the energy consumption and performance of their
CPUs, AMD introduced a way predictor for the L1-data (L1D) cache
to predict in which cache way a certain address is located. Conse-
quently, only this way is accessed, significantly reducing the power
consumption of the processor.

In this paper, we are the first to exploit the cache way predic-
tor. We reverse-engineered AMD’s L1D cache way predictor in
microarchitectures from 2011 to 2019, resulting in two new attack
techniques. With Collide+Probe, an attacker can monitor a vic-
tim’s memory accesses without knowledge of physical addresses
or shared memory when time-sharing a logical core. With Load+
Reload, we exploit the way predictor to obtain highly-accurate
memory-access traces of victims on the same physical core. While
Load+Reload relies on shared memory, it does not invalidate the
cache line, allowing stealthier attacks that do not induce any last-
level-cache evictions.

We evaluate our new side channel in different attack scenarios.
We demonstrate a covert channel with up to 588.9 kB/s, which we
also use in a Spectre attack to exfiltrate secret data from the kernel. Furthermore, we present a key-recovery attack from a vulnerable cryptographic implementation. We also show an entropy-reducing attack on ASLR of the kernel of a fully patched Linux system, the hypervisor, and our own address space from JavaScript. Finally, we propose countermeasures in software and hardware mitigating the presented attacks.

Asmodian 03-07-2020 08:45 AM

Quote:

Originally Posted by Schmuckley (Post 28358092)
This isn't just some AMD-specific exploit, it's a javascript thing.

No. The researchers implemented a proof of concept in javascript but it is an issue with AMD's L1D cache predictor. This is a side channel attack similar to many of the recent Intel ones. Why you assume it is at all similar to making javascript malware infected clone sites in 1998 I have no idea. You seem to have just seen the word "javascript" and failed to read any further.

skupples 03-07-2020 08:45 AM

dude says just use netscape. :D :D :D

rluker5 03-07-2020 09:06 AM

1 Attachment(s)
Problem solved!

ToTheSun! 03-07-2020 09:12 AM

Quote:

Originally Posted by Darren9 (Post 28357884)
I got this feeling that AMD micro-code updates to fix exploits won't be quite as smooth experience for everyone as it was with Intel, we'll see though :)

And you say that based on what?

Diffident 03-07-2020 10:16 AM

1 Attachment(s)
Quote:

Originally Posted by rluker5 (Post 28358148)
Problem solved!


Amateur. You should use w3m. :p


Attachment 331258

m4fox90 03-07-2020 11:49 AM

Why is it that every security "flaw" in AMD processors is discovered by people being paid by Intel?


All times are GMT -7. The time now is 05:16 PM.

Powered by vBulletin® Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
vBulletin Security provided by vBSecurity (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.

vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.