• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

NetSpectre: A Remote Spectre Attack Without Attacker-Controlled Code on the Victim

cageymaru

Fully [H]
2FA
Joined
Apr 10, 2003
Messages
22,935
Remember our coverage of Spectre? Well researchers at the Graz University of Technology have a working model of how to read arbitrary memory over a network called NetSpectre. NetSpectre attacks have been shown to work over LAN and Google Cloud. The computers being attacked do not need to run attacker-controlled code at all. Luckily, the speed of the attack is currently limited to 60 bits per hour, but better tools might be on the way as researchers and others discover new ways to exploit the weaknesses. Intel was notified of the exploit on March 20th, 2018 and agreed to the disclosure date in July 2018.

Instead, we present a novel high-performance AVX-based covert channel that we use in our cache-free Spectre attack. We show that in particular remote Spectre attacks perform significantly better with the AVX-based covert channel, leaking 60 bits per hour from the target system. We verified that our NetSpectre attacks work in local-area networks as well as between virtual machines in the Google cloud. NetSpectre marks a paradigm shift from local attacks, to remote attacks, exposing a much wider range and larger number of devices to Spectre attacks. Spectre attacks now must also be considered on devices which do not run any potentially attacker-controlled code at all.
 
It was nice of the researchers to wait until after Intel released their financial results.
 
Based on my understanding of that paper the attacker still needs access to the machine.

All they did was show that you can figure out what is a cache hit/miss using network latency as well.
 
It was nice of the researchers to wait until after Intel released their financial results.


or.. maybe they were playing it smart. let intel release their results, stocks go up. They then short intel.. and release this news..

;)
 
Based on my understanding of that paper the attacker still needs access to the machine.

All they did was show that you can figure out what is a cache hit/miss using network latency as well.
Just network access; they use gadgets inside the OS network layer to help them target a specific bit in memory. Then using statistical analysis of network latency they can determine cache hit/miss, which is how bits are leaked via Spectre. Very clever and more than enough bits/day to steal encryption keys and such.
 
Back
Top