View Single Post
Old 02-24-2018, 2:43 AM
oktavist oktavist is offline
Join Date: Aug 2015
Location: Santa Cruz County
Posts: 253
iTrader: 0 / 0%

this has been discussed, it's a joke
I missed the discussion. It's a good joke.

I specifically said there wasn't privilege escalation in the published code,
Actually spectre can result in privilege escalation through running unsigned code.
Sorry, I guess that wasn't specific enough for me.

Here is intels document on Speculative Side Channel Mitigations:
"Speculative Execution Side Channel Mitigations" (emphasis mine)
Thanks for the link, that was a good read. In summary:
Appropriately written software can use these indirect branch control mechanisms to defend against branch target injection attacks.
Yet another way to deal with this attack without needing a BIOS patch!

I was going to point out the irony in linking to a document that agrees with me, and talk about how spectre type side channel attacks rely on RDTSC opcode, and how it doesn't work on chips with SpeedStep or any other type of clock throttling, etc, etc... but then I realized it was another joke. Touché!

I came across this program from Gibson Research called InSpectre
Mr Gibson also makes a good point about RDTSC opcode. If your chip supports hardware virtualization, you can add some "fuzz" to the low bits for protection against the whole class of side channel attacks.
Calguns Lurker

Last edited by oktavist; 02-24-2018 at 2:52 AM.. Reason: needed some emphasis
Reply With Quote