Researchers Exploit Another Intel Hyper-Threading Flaw
Five academics from the Tampere University of Technology in Finland and Technical University of Havana, Cuba, have discovered yet another flaw in Intel's Hyper-Threading (HT) technology that attackers could use to steal users' encrypted data, as reported by ZDNet today.
Other CPUs that use Simultaneous Multithreading (SMT) technology may also be affected by the bug, but so far only Intel's HT has been confirmed as vulnerable. SMT and HT are technologies that allow two or multiple computing threads to be executed on the same CPU core. Intel enables two threads per physical core with its HT technology.
[...] The vulnerability, which the researchers nicknamed PortSmash, allows attackers to create a malicious process that can run alongside another legitimate process using HT's parallel thread running capabilities. This malicious process can then leak information about the legitimate process and allow the attacker to reconstruct the encrypted data processed inside the legitimate process.
The researchers also made available the proof of concept (PoC) for the attack, showing that it is indeed feasible and not just theoretical. This PoC can now also be re-purposed and modified by attackers to launch a real attack against owners of systems using Intel CPUs.
Also at Ars Technica and The Register.
Related: OpenBSD disables Intel's hyper-threading over CPU data leak fears
TLBleed Affects Intel Processors with Hyperthreading to Leak Encryption Keys, Non-Trivial to Exploit
OpenBSD Chief De Raadt Says No Easy Fix For New Intel CPU Bug
Intel 'Gags' Linux Distros From Revealing Performance Hit From Spectre Patches
(Score: 2) by DannyB on Saturday November 03 2018, @07:19PM (1 child)
The porpoises for which the exploit is reporpoised expect free fish to be included with the exploit. If no fish, then zsh is 2nd choice.
All of Intel's performance enhancement drugs not only don't work (in bed), did not help Ballmer, but also make the system insecure due to information leakage.
In the future, how about a simple, secure, and understandable architecture without 4 decades of legacy baggage needed to boot MS-DOS 1.0.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Sunday November 04 2018, @07:18AM
Any new system will be designed by low quality cheap labor which will finish the design on deadline. The system will be much slower and more insecure than anything before it and will not be able to be fixed. It will be used anyway because otherwise feelings would be hurt of the low quality cheap labor. Example: user interface designers and their useless designs
And the new system will also be compromised to the core by devil's rejects. So there is nothing to gain from a new design. On the positive note, get Russians, Europeans to design it and then it could work.