Security Researchers Detail New "BlindSide" Speculative Execution Attack

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • loganj
    Senior Member
    • Nov 2017
    • 608

    #31
    does it work on android too? i don't mind waiting a few minutes to get root access

    Comment

    • gojul
      Junior Member
      • Oct 2015
      • 39

      #32
      Looks like using full ASLR mitigates quite well (but not fully) the issue. Debian has switched to it, just like many common distros. PIE executables are now the norm, not the exception.

      Comment

      • starshipeleven
        Premium Supporter
        • Dec 2015
        • 14568

        #33
        Originally posted by loganj View Post
        does it work on android too? i don't mind waiting a few minutes to get root access
        Theoretically it should, since Android is using random Linux kernel versions that have never been updated in years.

        The big question is if ARM processors are vulnerable to this exploit at all, Cortex-A72 and Cortex-A57 and newer ARM are all using speculative execution so COULD be vulnerable in theory, older ones are using in-order execution so they cannot be vulnerable to this.

        Comment

        • zyxxel
          Senior Member
          • Mar 2020
          • 159

          #34
          Originally posted by Raka555 View Post
          Can we get a 5Ghz Cortex-A53, please...
          You can't get a secure processor with good performance. It's more a question of time and money to identify possible attack vectors for different architectures.

          Comment

          • zyxxel
            Senior Member
            • Mar 2020
            • 159

            #35
            Originally posted by Vistaus View Post
            An attack that works on an AMD CPU? Is this fake news or what? 'Cause everyone, esp. on this site, keeps saying AMD is 100% safe against this kind of stuff...
            Not at all. But some *fools* might say that.

            Comment

            • Guest

              #36
              Originally posted by Vistaus View Post
              An attack that works on an AMD CPU? Is this fake news or what? 'Cause everyone, esp. on this site, keeps saying AMD is 100% safe against this kind of stuff...
              Lol, AMD is also vulnerable to Spectre. AMD fanboys just like bragging about how their CPU is bigger than everyone else's, and thus deny reality.

              Comment

              • Jabberwocky
                Senior Member
                • Aug 2011
                • 1205

                #37
                Originally posted by sandy8925 View Post

                Lol, AMD is also vulnerable to Spectre. AMD fanboys just like bragging about how their CPU is bigger than everyone else's, and thus deny reality.
                Your QoL will improve if you ignore people who can't read something as simple as Wikipedia.

                Comment

                • angrypie
                  Senior Member
                  • Jan 2018
                  • 498

                  #38
                  Originally posted by sandy8925 View Post

                  Lol, AMD is also vulnerable to Spectre. AMD fanboys just like bragging about how their CPU is bigger than everyone else's, and thus deny reality.
                  Performance impact on AMD with Spectre mitigations is 7%-ish vs. 30-50% for Intel with Meltdown+Spectre. And Intel knew all along that speculative execution without bounds checking would backfire badly, yet still implemented it anyway because every 1% counts when you're stuck on a process node.

                  So yes, AMD is indeed more secure and way less retarded with their designs. It's just unfortunate tech companies are so incestuous and have to CLA with each other over (possibly) faulty technology.

                  Comment

                  • SystemCrasher
                    Senior Member
                    • Jan 2015
                    • 1376

                    #39
                    Sounds kinda advanced. And kinda evil. I'd say in all this race for speed at cheap prices something eventually got lost. Like, say, quality of implementation.

                    Comment

                    Working...
                    X