>The intel bug can be executed through your browsers Javascript
Is there a single fact to back this up?
The intel bug can be executed through your browsers Javascript
Lucas Ortiz
Other urls found in this thread:
Christian Adams
Not really, the Intel™ Design Flaw™ has the same risk as a local escalation vulnerability, meaning you need local user rights first to escalate this (so not something a browser could use, but software the user runs could).
Lincoln Jackson
Pic related?
Connor Torres
where did you find this picture of me?
Luke Baker
You can row hammer with javascript, I don't see why this hw feature couldn't be exploitable as well
Jordan Lee
So all we need is a browsers exploit.
Tyler Thomas
The intel bug allows VMs to access the data of other VMs. Meaning if a VM gets hacked it can access the data of other VMs on the system.
I don't know how this is related to JavaScript in any possible way.
Juan Hill
This bug has nothing specific to do with VMs. It's a bug that allows any program using the exploit to pull in kernel memory information. Level 0 access....
Andrew Parker
It's basically a cocktail of exploits that will allow it.
Rowhammer can allow you to flip bits in other buffers which are tables in memory near its own.
This can change certain non volatile(writted to disk) options via change reaction of alterations to the running userspace.
There's also the ability to do a buffer overflow exploit to write your own buffer which can execute any code which could modify your kernel or bootloader.
At this point it doesn't matter though because they already had full priv esc for any code they wished but...
Now if you can pre determin the location in memory(possible without KASLR/KAISER) that the kernel is unpacked to you can exploit it in any way that you wish before it gains protection.
At this point you can produce a rootkit which will effectively preboot before your kernel or allow booting their own.
ASLR was a band-aid for this and KASLR is implementation in the kernel level.
Sadly KASLR doesn't have enough randomization and that's what KAISER is for which is the patch.
Noah Nelson
Single hit rowhammer still is active even with ECC.
Jose Parker
>hardware runs code without proper secure measures
>execute malevolous code on machine
>machine runs it
What's so difficult to understand?
Elijah Ramirez
and thats why we need an open hardware CPU
Josiah Nelson
Btw microsoft is implementing their own page table isolation to ranomize windows but as of now they are bare cheeked vulnerable.
Linux already had their pants back on with ASLR/KASLR a couple kernels back and KAISER is being upstreamed right now (KPTI=kernel page table isolation))is basically chainmail.
Robert Collins
Is it just me, or were there more security bugs in the last few years than ever from everyone?
Ayden Moore
I bet NSA knew.
Henry Scott
How do I hack the AWS? Link to a guide? Preferably one that doesn't require a Math PhD to understand. Thank
Noah Wilson
open doesn't mean bug free
Xavier Torres
Security experts are starting to view the entire computer as vulnerable to exploits, not just software. Discovered bugs are to be expected.
Logan Barnes
OH YES
Bentley Mitchell
He means open so there can be auditors, not a bug rid chip
Brody Jenkins
WHY CONTAIN IT
LET THE BODIES PILE UP IN THE STREETS
Thomas Bailey
In the Linux kernel patch notes someone used Javascript exploit to showcase the bug.
Julian Kelly
its still better than having a 30yo bug thats impossible to find unless u are a gov spy
Nolan Lewis