新品種 Side-Channel Attack:PortSmash - 3C
By Oliver
at 2018-11-03T10:31
at 2018-11-03T10:31
Table of Contents
https://www.theregister.co.uk/2018/11/02/portsmash_intel_security_attack/
簡單說結論
就是Intel的Hyper-Threading被發現漏洞 可以從A Thread竊聽到B Thread的密鑰
(文章報導是OpenSSL 1.1.0h以前的版本)
目前解決的辦法跟L1TF一樣:只能關掉HT
AMD/ARM也在調查是不是有受到這個漏洞的影響
Intel的發言人說他們已經知道這個漏洞 並且說這與Spectre/Meltdown/L1TF
是不同的漏洞 因此需要新的解決辦法...
目前已經在Skylake/Kaby-Lake上確認 其他Intel CPU不明 RyZen等也不明
----
不知道是歷史共業 還是又一個獨家漏洞...
引述一下一個推特好了
https://twitter.com/marcan42/status/1058404388794847232
Hector Martin
Allow me to summarize x86 side channel attacks:
Spectre v1: speculation is insecure by design
Spectre v2: secure branch prediction matters
Meltdown: Intel are dumbasses
L1TF: Intel are monumental, inexcusable dumbasses
PortSmash: hyperthreading is insecure by design
--
簡單說結論
就是Intel的Hyper-Threading被發現漏洞 可以從A Thread竊聽到B Thread的密鑰
(文章報導是OpenSSL 1.1.0h以前的版本)
目前解決的辦法跟L1TF一樣:只能關掉HT
AMD/ARM也在調查是不是有受到這個漏洞的影響
Intel的發言人說他們已經知道這個漏洞 並且說這與Spectre/Meltdown/L1TF
是不同的漏洞 因此需要新的解決辦法...
目前已經在Skylake/Kaby-Lake上確認 其他Intel CPU不明 RyZen等也不明
----
不知道是歷史共業 還是又一個獨家漏洞...
引述一下一個推特好了
https://twitter.com/marcan42/status/1058404388794847232
Hector Martin
Allow me to summarize x86 side channel attacks:
Spectre v1: speculation is insecure by design
Spectre v2: secure branch prediction matters
Meltdown: Intel are dumbasses
L1TF: Intel are monumental, inexcusable dumbasses
PortSmash: hyperthreading is insecure by design
--
Tags:
3C
All Comments
By Sarah
at 2018-11-05T15:28
at 2018-11-05T15:28
By Andrew
at 2018-11-09T14:10
at 2018-11-09T14:10
By Genevieve
at 2018-11-14T04:00
at 2018-11-14T04:00
By George
at 2018-11-17T03:39
at 2018-11-17T03:39
By Jack
at 2018-11-21T04:27
at 2018-11-21T04:27
By Eartha
at 2018-11-24T17:25
at 2018-11-24T17:25
By Leila
at 2018-11-25T05:36
at 2018-11-25T05:36
By Kyle
at 2018-11-26T10:49
at 2018-11-26T10:49
By John
at 2018-11-29T12:42
at 2018-11-29T12:42
By George
at 2018-12-04T05:00
at 2018-12-04T05:00
By Rebecca
at 2018-12-06T01:35
at 2018-12-06T01:35
By Valerie
at 2018-12-10T17:45
at 2018-12-10T17:45
By Kelly
at 2018-12-11T15:30
at 2018-12-11T15:30
By Sandy
at 2018-12-13T03:18
at 2018-12-13T03:18
By Frederica
at 2018-12-16T20:26
at 2018-12-16T20:26
By Callum
at 2018-12-21T12:10
at 2018-12-21T12:10
By Selena
at 2018-12-21T16:19
at 2018-12-21T16:19
By Faithe
at 2018-12-23T19:36
at 2018-12-23T19:36
By Andrew
at 2018-12-25T02:34
at 2018-12-25T02:34
By Ivy
at 2018-12-26T01:16
at 2018-12-26T01:16
By Edith
at 2018-12-27T08:40
at 2018-12-27T08:40
By Mia
at 2018-12-27T20:31
at 2018-12-27T20:31
By Quintina
at 2018-12-29T16:00
at 2018-12-29T16:00
Related Posts
1070ti+RX570 雙卡補楨 power瓦數?
By Heather
at 2018-11-03T10:16
at 2018-11-03T10:16
強化背板及千斤頂還有風扇的問題
By Kama
at 2018-11-03T09:59
at 2018-11-03T09:59
請問INTEL 4790 在INTEL官網查不到保固
By Charlotte
at 2018-11-03T09:27
at 2018-11-03T09:27
僅需待機、遠端操縱的電腦
By Heather
at 2018-11-03T08:42
at 2018-11-03T08:42
10K文書機 or 品牌機
By Callum
at 2018-11-03T02:40
at 2018-11-03T02:40