Neurochirurgie minim invazivă
"Primum non nocere" este ideea ce a deschis drumul medicinei spre minim invaziv. Avansul tehnologic extraordinar din ultimele decenii a permis dezvoltarea tuturor domeniilor medicinei. Microscopul operator, neuronavigația, tehnicile anestezice avansate permit intervenții chirurgicale tot mai precise, tot mai sigure. Neurochirurgia minim invazivă, sau prin "gaura cheii", oferă pacienților posibilitatea de a se opera cu riscuri minime, fie ele neurologice, infecțioase, medicale sau estetice. www.neurohope.ro |
Intel CPU - Design flaw in fiecare procesor din ultimii 10 ani
Last Updated: Mar 12 2021 19:26, Started by
ct03nut
, Jan 03 2018 09:08
·
0
#1549
Posted 05 January 2020 - 14:26
TPM Fail Attack
Quote
Most laptop and desktop computers nowadays come with a dedicated TPM chip, or they use the Intel firmware-based TPM (fTPM) which runs on a separate microprocessor inside the CPU. Intel CPUs support fTPM since the Haswell generation (2013). TPM chips are also used in other computing devices such as cellphones and embedded devices. We discovered timing leakage on Intel firmware-based TPM (fTPM) as well as in STMicroelectronics' TPM chip. Both exhibit secret-dependent execution times during cryptographic signature generation. While the key should remain safely inside the TPM hardware, we show how this information allows an attacker to recover 256-bit private keys from digital signature schemes based on elliptic curves. POC : https://github.com/VernamLab/TPM-Fail 2019.2 IPU – Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory Attached Files |
#1550
Posted 06 January 2020 - 17:00
In alte stiri Intel si-a tras patent pentru vulnerabilitati :>
Processor instruction support to defeat side-channel attacks - 2 ianuarie 2020 Attached FilesEdited by Arthos, 06 January 2020 - 17:00. |
#1551
Posted 27 January 2020 - 21:35
L1D Eviction Sampling (L1DES) si Vector Register Sampling (VRS)
Quote
L1D Eviction Sampling (L1DES) On Oct 25, 2019, we reported to Intel that this variant would bypass their latest VERW mitigation (and so did a PoC shared with Intel on May 10, 2019), resulting in Intel finally acknowledging the L1D eviction issue and requesting another (L1DES) embargo. Vector Register Sampling (VRS) On Oct 1, 2019, we reported to Intel that a 1-line modification of our 'alignment write' PoC can leak vector register values, resulting in Intel requesting a new (VRS) embargo. Practic Intel nu a rezolvat problemele de securitate cu microcodurile anterioare. Vector Register Sampling / CVE-2020-0548 / INTEL-SA-00329 L1D Eviction Sampling / CVE-2020-0549 / INTEL-SA-00329 |
#1552
Posted 28 January 2020 - 05:41
Intre timp avem si un site dedicat L1D Eviction Sampling (L1DES) : https://cacheoutattack.com/
Quote
CacheOut: Leaking Data on Intel CPUs via Cache Evictions We present CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. We show that despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data. Moreover, unlike previous MDS issues, we show in our work how an attacker can exploit the CPU's caching mechanisms to select what data to leak, as opposed to waiting for the data to be available. Finally, we empirically demonstrate that CacheOut can violate nearly every hardware-based security domain, leaking data from the OS kernel, co-resident virtual machines, and even SGX enclaves. Am I affected by this vulnerability? For a select number of processors released after Q4 2018, Intel inadvertently managed to partially mitigate this issue while addressing a previous issue called TSX Asynchronous Abort (TAA). What about other processor vendors? AMD is not affected by CacheOut, as AMD does not offer any feature akin to Intel TSX on their current offering of CPUs. Arm and IBM do have a feature similar to Intel TSX, but we are currently unaware of whether any of their products are affected. We are also unaware of any other attack vectors to exploit CacheOut. |
#1553
Posted 28 January 2020 - 13:16
Văd că s-au înmulțit vulnerabilitățile.
ix@samsung:~$ grep . /sys/devices/system/cpu/vulnerabilities/* itlb_multihit:KVM: Mitigation: Split huge pages l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled mds:Mitigation: Clear CPU buffers; SMT disabled meltdown:Mitigation: PTI spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, RSB filling tsx_async_abort:Not affected |
#1554
Posted 11 March 2020 - 11:27
LVI - Hijacking Transient Execution with Load Value Injection
Quote
LVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all existing mitigations. Instead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle — "inject" — the attacker's data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim’s fingerprints or passwords. Crucially, LVI is much harder to mitigate than previous attacks, as it can affect virtually any access to memory. Unlike all previous Meltdown-type attacks, LVI cannot be transparently mitigated in existing processors and necessitates expensive software patches, which may slow down Intel SGX enclave computations 2 up to 19 times. What about other processor vendors (ARM, AMD, etc.)? In our current assessment, LVI principally applies only to Intel processors with SGX technology. However, following the argument of symmetry, in in principle any processor that is vulnerable to Meltdown-type data leakage, would also be vulnerable to LVI-style data injection. Some non-Intel processors have been shown to be affected by some variants of Meltdown and Foreshadow. We maintain an up-to-date overview on the website https://transient.fail/ (select Meltdown + vendor ARM or AMD). If an attacker finds software that uses these features in an exploitable way, LVI might still be possible. We encourage future research to investigate the applicability of LVI to non-Intel CPUs. Can I detect if someone has used LVI against me? We do not have any data on this. The exploitation might not leave any traces in traditional log files. Intel: AFFECTED PROCESSORS: Latest Transient Execution Attacks by Product CPU Model Intel: Processors Load Value Injection Advisory Intel: Deep Dive: Load Value Injection Attached FilesEdited by Arthos, 11 March 2020 - 11:27. |
#1555
Posted 13 March 2020 - 00:25
Avem si niste benchmark-uri cu impactul patchurilor :
Phoronix : The Brutal Performance Impact From Mitigating The LVI Vulnerability Din Xeon in 486 ;> |
#1556
Posted 09 June 2020 - 21:41
SGAxe - How SGX Fails in Practice
Quote SGAxe is an evolution of CacheOut, specifically targeting SGX enclaves. We show that despite extensive efforts done by Intel in order to mitigate SGX side channels, an attacker can still breach the confidentiality of SGX enclaves even when all side channel countermeasures are enabled. Quote We understand that remote attestion can be very tricky to pass. However, since we already done all the hard work of getting genuine attestation keys, we decided to help you out by developing a Twitter bot that passes SGX attestation for you. Our bot provides Attestation as a Service (AaaS), which allows you to get your own quotes signed with the keys we extracted using SGAxe. This way you can pass attestation without even owning an SGX machine. If you want to make use of our service, you can send a tweet to our bot @SGAxe_AaaS. If you’ll tweet it, we’ll sign it! Quote With these keys at hand, network attackers are able to impersonate as legitimate SGX enclaves thereby eroding trust in the entire SGX ecosystem. Din ce vad pe Github Intel are microcode-uri noi postate acum 3 ore pentru aproape toate platformele si procesoarele : https://github.com/i...rocode-20200609 L.E Microcode-urile sunt pentru alta vulnerabilitate CROSSTalk ascunsa din 2018 ;> Quote We disclosed an initial PoC (Proof-Of-Concept) showing the leakage of staging buffer content in September 2018, followed by a PoC implementing cross-core RDRAND/RDSEED leakage in July 2019. Following our reports, Intel acknowledged the vulnerabilities, rewarded CrossTalk with the Intel Bug Bounty (Side Channel) Program, and attributed the disclosure to our team with no other independent finders. Intel also requested an embargo until May 2020 (later extended), due to the difficulty of implementing a fix for the cross-core vulnerabilities identified in this paper. Intel describes our attack as “Special Register Buffer Data Sampling” or SRBDS (CVE-2020-0543), classifying it as a domain-bypass transient execution attack. Edited by Arthos, 09 June 2020 - 21:51. |
#1557
Posted 09 June 2020 - 23:18
Arthos, on 13 martie 2020 - 00:25, said:
Avem si niste benchmark-uri cu impactul patchurilor : Din Xeon in 486 ;> Gaming performance: Clipboard01.jpg 47.01K 36 downloads Edited by _mumbai_, 09 June 2020 - 23:19. |
#1558
Posted 10 June 2020 - 17:06
Lista oficiala cu procesoarele afectate : https://software.int...oduct-cpu-model
|
|
#1559
Posted 21 June 2020 - 02:34
Intel-ul are probleme cu bug-urile, precum și AMD-ul, doar la procesoarele cu APU, produse in perioada 2016 - 2019.
SMM Callout Privilege Escalation https://www.amd.com/...roduct-security https://www.zdnet.co...d-of-june-2020/ https://www.tomshard...y-vulnerability |
#1560
Posted 09 March 2021 - 18:58
Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical
Quote We introduce the first microarchitectural side channel attacks that leverage contention on the CPU ring interconnect. There are two challenges that make it uniquely difficult to exploit this channel. First, little is known about the ring interconnect's functioning and architecture. Second, information that can be learned by an attacker through ring contention is noisy by nature and has coarse spatial granularity. To address the first challenge, we perform a thorough reverse engineering of the sophisticated protocols that handle communication on the ring interconnect. With this knowledge, we build a cross-core covert channel over the ring interconnect with a capacity of over 4 Mbps from a single thread, the largest to date for a cross-core channel not relying on shared memory. To address the second challenge, we leverage the fine-grained temporal patterns of ring contention to infer a victim program's secrets. We demonstrate our attack by extracting key bits from vulnerable EdDSA and RSA implementations, as well as inferring the precise timing of keystrokes typed by a victim user. Attached Files |
#1561
Posted 11 March 2021 - 14:39
W3C Draft : Post-Spectre Web Development
Quote
Spectre-like side-channel attacks inexorably lead to a model in which active web content (Javascript, WASM, probably CSS if we tried hard enough, and so on) can read any and all data which has entered the address space of the process which hosts it. While this has deep implications for user agent implementations' internal hardening strategies (stack canaries, ASLR, etc), here we’ll remain focused on the core implication at the web platform level, which is both simple and profound: any data which flows into a process hosting a given origin is legible to that origin. |
#1562
Posted 12 March 2021 - 19:26
Google Security Blog : A Spectre proof-of-concept for a Spectre-proof web
Quote
Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against Javascript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to this exploitation vector The demonstration website can leak data at a speed of 1kB/s when running on Chrome 88 on an Intel Skylake CPU. Note that the code will likely require minor modifications to apply to other CPUs or browser versions; however, in our tests the attack was successful on several other processors, including the Apple M1 ARM CPU, without any major changes. [ https://www.youtube-nocookie.com/embed/V_9cQP60ZGI?feature=oembed - Pentru incarcare in pagina (embed) Click aici ] https://leaky.page/ |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users