Stories
Slash Boxes
Comments

SoylentNews is people

OpenBSD Chief De Raadt Says No Easy Fix For New Intel CPU Bug

posted by mrpg on Tuesday June 26 2018, @12:40AM   Printer-friendly
from the I-predict-another-one-in-six-months-tops dept.

Arthur T Knackerbracket has found the following story:

Recompiling is unlikely to be a catch-all solution for a recently unveiled Intel CPU vulnerability known as TLBleed, the details of which were leaked on Friday, the head of the OpenBSD project Theo de Raadt says.

The details of TLBleed, which gets its name from the fact that the flaw targets the translation lookaside buffer, a CPU cache, were leaked to the British tech site, The Register; the side-channel vulnerability can be theoretically exploited to extract encryption keys and private information from programs.

Former NSA hacker Jake Williams said on Twitter that a fix would probably need changes to the core operating system and were likely to involve "a ton of work to mitigate (mostly app recompile)".

But de Raadt was not so sanguine. "There are people saying you can change the kernel's process scheduler," he told iTWire on Monday. "(It's) not so easy."

Original Submission

 
This discussion has been archived. No new comments can be posted.
OpenBSD Chief De Raadt Says No Easy Fix For New Intel CPU Bug | Log In/Create an Account | Top | 24 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Interesting) by Anonymous Coward on Tuesday June 26 2018, @09:38PM

    by Anonymous Coward on Tuesday June 26 2018, @09:38PM (#698976)

    First, I assume you're a high value private company, but not military or centrifuge manufacturing or anything. That said:

    Buy your devs $150 laptops.

    Put those on a different network.

    Let them bring in data that way. But take the in-office network off the internet.

    Thusly, it becomes very hard for your devs to browse to stackoverflow, load a poisoned ad, and compromise your perimeter. Instead, the laptop network will be 'taken' and that's just fine.

    When they need to move data that they can't crunch on the laptops or that they need to push to the public, USB sticks. Yeah, that's an in/exfiltration opportunity. No, it's nothing compared to being hooked into the net. A nation state actor will compromise you, even if they have to walk up to your building and do it in person. But your competitors might not, and general wannabe crackers sure won't.

    $150/head is a lot cheaper than ... just about any other option! Plus a few K to set up a linux image and ongoing support as they need reflashing, but IT gonna IT.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Total Score:   1