A very interesting attack was unveiled in Friday, 24 June by Daniel Gruss, Clémentine Maurice, Stefan Mangard. Maybe the Rowhammer is the next Hearthbleed, or worse?
As DRAM has been scaling to increase in density, the cells are less isolated from each other. Recent studies have found that repeated accesses to DRAM rows can cause random bit flips in an adjacent row, resulting in the so called Rowhammer bug. This bug has already been exploited to gain root privileges and to evade a sandbox, showing the severity of faulting single bits for security. However, these exploits are written in native code and use special instructions to flush data from the cache.
In this paper we present Rowhammer.js, a JavaScript-based implementation of the Rowhammer attack. Our attack uses an eviction strategy found by a generic algorithm that improves the eviction rate compared to existing eviction strategies from 95.2% to 99.99%. Rowhammer.js is the first remote software-induced hardware-fault attack. In contrast to other fault attacks it does not require physical access to the machine, or the execution of native code or access to special instructions. As JavaScript-based fault attacks can be performed on millions of users stealthily and simultaneously, we propose countermeasures that can be implemented immediately.
http://arxiv.org/abs/1507.06955
Full report can be found here (PDF)
(Score: 2, Insightful) by chrysosphinx on Wednesday July 29 2015, @06:45AM
Don't execute arbitrary code.
Your advise is worthless since it blindly ignores ancient fundamental truth: Data is Code and Code is Data.
The real problem is: hardware which cannot be trusted.
(Score: 1) by anubi on Wednesday July 29 2015, @08:22AM
I beg to differ with you about data and code.
When I open a text file, I have no intention of executing it. I just want to display the data on the screen as its ASCII equivalent. The furthest stretch of the imagination is to consider a line feed and carriage return as cursor placement instructions and the end of file sentinel stopping the display.
The first malware I encountered was known at the time as an "ANSI bomb". This was the result of mixing code and data. It was shown to me right then and there that mixing executables in along with the data was a terrible idea.
You do not know just how bad I was hoping the Linux guys would come up with a HTML equivalent of a text editor. Safely read anything. HTML tags would direct streams of data to the proper interpreter... and have it simple. Standard font and only standard multimedia files for images, audio, and video - using thoroughly understood codecs.
Sure, the thing may be useless at first, but if people adopted it just so they did not have to constantly virus-scan their machine, businesses would be forced to comply to it or risk getting the following message presented to their customer....
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Wednesday July 29 2015, @03:33PM
But data is code and code is data; all it needs is a chmod +x