Originally posted by birdie
View Post
Announcement
Collapse
No announcement yet.
New ZombieLoad Side-Channel Attack Variant: TSX Asynchronous Abort
Collapse
X
-
Originally posted by birdie View PostDemonstration (quite scary and effective):
Again, if you're not running untrusted code on your system (a web browser with enabled JS does run it), there's nothing to worry about.
In short: this new vulnerability again mostly affects cloud providers and users who run untrusted random code off the net.
- Likes 12
Comment
-
Originally posted by milkylainen View Post
I think you're missing the bigger picture.
The big picture is that there is a new class of exploits out there.
And one of the vendors is looking more like a big sieve from my point of view.
Actually the sieve is looking like a total rot and rusted away, leaving nothing but a gaping hole.
So if you're crafting a zeroday for this class of exploits, one of the vendors is looking like the more vulnerable target.
And you can _bet_ that people are working on unknown exploits in this class.
Otherwise there will be more and more exploits in the wild - unless processor designer stopped pursuing newer micro-arch for higher IPC.
- Likes 4
Comment
-
Originally posted by andyprough View Post"Zombieland" - is that the name of the exploit, or the re-branding of all of Intel's chip lines?
I feel like "can't we just rip the bandage off all at once and do all the exploits and mitigations in one big batch?" But then, I'd probably be stuck with a computer that would never boot again.
- Likes 9
Comment
-
Originally posted by wswartzendruber View Post
Ah yes, the upcoming Core i9 11900ZL (ZombieLand), which will be part of the upcoming "Spectre Lake" architecture.
- Likes 2
Comment
-
Originally posted by DoMiNeLa10 View PostI guess the joke about Intel CPUs losing performance on a monthly basis is as true as ever. Who knows how many of these are under embargo right now?
So you can have your mega-deluxe-super-secure-something-machine only to get fudged by totally obscure microarch fuckups that operating systems traditionally have been shielded from by abstraction. So all this security and hardware that you spent $$$ on gets translated to squat.
- Likes 3
Comment
-
Originally posted by zxy_thf View PostI think it's time for processor designer to hire some formal verification people to tackle with this mess.
Otherwise there will be more and more exploits in the wild - unless processor designer stopped pursuing newer micro-arch for higher IPC.
I'd imagine severe loss of hair and acquiring muscle twitching tics from just trying to grasp the magnitude of effort.
- Likes 1
Comment
-
Originally posted by milkylainen View Post
I guess what scares me the most is exactly all the unknowns as of yet. This class of exploits is just flourishing.
So you can have your mega-deluxe-super-secure-something-machine only to get fudged by totally obscure microarch fuckups that operating systems traditionally have been shielded from by abstraction. So all this security and hardware that you spent $$$ on gets translated to squat.Last edited by hotaru; 12 November 2019, 07:58 PM.
- Likes 5
Comment
Comment