XPost: talk.politics.misc, alt.security, alt.politics

https://scitechdaily.com/intels-memory-leak-nightmare-5000-bytes-per-second-in-the-hands-of-hackers/

Computer scientists at ETH Zurich have uncovered a serious
flaw in Intel processors that could let attackers steal
sensitive information by exploiting how modern chips predict
upcoming actions. Using specially designed sequences of
instructions, hackers can bypass security boundaries and
gradually read the entire memory of a shared processor.
This vulnerability affects a wide range of Intel chips
used in personal computers, laptops, and cloud servers.

Researchers identified a new class of vulnerabilities in
Intel CPUs linked to speculative execution — a technique
that helps processors work faster by predicting the
next steps.

The flaw allows attackers to break down barriers between
users sharing the same processor, potentially accessing
private data stored in memory.

By repeating the attack at high speed, hackers can extract
memory content byte by byte until the full contents are
revealed.

. . .

Sounds too complex for broad use on 'home' systems
but becomes more of an issue if you're "important",
big biz, bank, defense. Orgs that save money by using
very 'thin' clients, where most of the work is done
by a single kick-ass box, may risk rather broad
exposure to this new hacking approach. Hmmm ...
Office365-online kinda does this ....

Alas, speculative execution is one of the things
that put a lot more pop into modern CPUs. Turn
if off and you step back YEARS performance-wise.

Similar issues may exist for other CPUs, but Intel
gets the most press.

Vlad and Xi's bad boyz .. they have State resources,
time and energy. They will pound CPUs and systems
relentlessly looking for the slightest 'in'. Good
chance they knew about this issue well before any
'professionals' did.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

c186282 <[email protected]> wrote: >https://scitechdaily.com/intels-memory-leak-nightmare-5000-bytes-per-second-in-the-hands-of-hackers/

The flaw allows attackers to break down barriers between
users sharing the same processor, potentially accessing
private data stored in memory.

This is only really relevant for the cloud providers, where multiple
tenants run code concurrently on the same CPU. It is totally
irrelevant for home users, and only partially relevant for on-prem virtualizsation ("private cloud").

Sounds too complex for broad use on 'home' systems
but becomes more of an issue if you're "important",
big biz, bank, defense. Orgs that save money by using
very 'thin' clients, where most of the work is done
by a single kick-ass box, may risk rather broad
exposure to this new hacking approach. Hmmm ...
Office365-online kinda does this ....

If you put your private data on the public cloud, your data is at
risk. But it has been like that for years, and noone cares.

Alas, speculative execution is one of the things
that put a lot more pop into modern CPUs. Turn
if off and you step back YEARS performance-wise.

Yes. Most mitigations for this type of issue (it's not the first one)
costs performance.

Greetings
Marc
--
---------------------------------------------------------------------------- Marc Haber | " Questions are the | Mailadresse im Header Rhein-Neckar, DE | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.politics, talk.politics.misc, alt.security

On 22/05/2025 16:18, Grimble Crumble wrote:

The NSA has attempted to build backdoors into computers and cryptography
for awhile now. While I have no proof, and frankly don't suspect, that they're responsible for this one specifically, privacy and the government
are nearly mutually exclusive right now in digital communications and technology.

No, they are not responsible for this one. Its the way computers work
that is the problem and he way they have been optimised to work faster.


--
"The most difficult subjects can be explained to the most slow witted
man if he has not formed any idea of them already; but the simplest
thing cannot be made clear to the most intelligent man if he is firmly persuaded that he knows already, without a shadow of doubt, what is laid
before him."

- Leo Tolstoy

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Marc Haber <[email protected]> writes:

c186282 <[email protected]> wrote:

https://scitechdaily.com/intels-memory-leak-nightmare-5000-bytes-per-second-in-the-hands-of-hackers/
The flaw allows attackers to break down barriers between
users sharing the same processor, potentially accessing
private data stored in memory.

This is only really relevant for the cloud providers, where multiple
tenants run code concurrently on the same CPU. It is totally
irrelevant for home users, and only partially relevant for on-prem virtualizsation ("private cloud").

I don’t think that’s correct. The BPRC attack breaches user/kernel, guest/host and application-internal boundaries (i.e. it undermines
IBPB). Much wider impact than cloud service providers.

https://comsec.ethz.ch/wp-content/files/bprc_sec25.pdf
is the full paper.

--
https://www.greenend.org.uk/rjk/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.politics, talk.politics.misc, alt.security

On 5/22/25 3:08 PM, The Natural Philosopher wrote:

On 22/05/2025 16:18, Grimble Crumble wrote:

The NSA has attempted to build backdoors into computers and cryptography
for awhile now. While I have no proof, and frankly don't suspect, that
they're responsible for this one specifically, privacy and the government
are nearly mutually exclusive right now in digital communications and
technology.

No, they are not responsible for this one. Its the way computers work
that is the problem and he way they have been optimised to work faster.

Fully true.

"Speculative"/"predictive" execution is a major
reason modern CPUs are so fast. It's a HARDWARE
decision - but SOMEBODY has found ways to
exploit it, at least in Intel processors.

We're talking little hacks, probably with
State-level backing. They can try EVERYTHING,
just POUND at every possible flaw.

THEY will find it well before the rest of us.
NOT good.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 5/22/25 4:16 PM, Richard Kettlewell wrote:

Marc Haber <[email protected]> writes:

c186282 <[email protected]> wrote:

https://scitechdaily.com/intels-memory-leak-nightmare-5000-bytes-per-second-in-the-hands-of-hackers/
The flaw allows attackers to break down barriers between
users sharing the same processor, potentially accessing
private data stored in memory.

This is only really relevant for the cloud providers, where multiple
tenants run code concurrently on the same CPU. It is totally
irrelevant for home users, and only partially relevant for on-prem
virtualizsation ("private cloud").

I don’t think that’s correct. The BPRC attack breaches user/kernel, guest/host and application-internal boundaries (i.e. it undermines
IBPB). Much wider impact than cloud service providers.

https://comsec.ethz.ch/wp-content/files/bprc_sec25.pdf
is the full paper.

Theoretically true. In PRACTICE however, it's a kinda
difficult breech technique - so expect it to be almost
entirely confined to "big"/"important" targets.

"Home", "smaller biz", nope.

STILL needs to be fixed ... but can EXISTING
chips be fixed without trashing performance ?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

c186282 <[email protected]> writes:

On 5/22/25 4:16 PM, Richard Kettlewell wrote:

I don’t think that’s correct. The BPRC attack breaches user/kernel,
guest/host and application-internal boundaries (i.e. it undermines
IBPB). Much wider impact than cloud service providers.
https://comsec.ethz.ch/wp-content/files/bprc_sec25.pdf
is the full paper.

Theoretically true. In PRACTICE however, it's a kinda
difficult breech technique - so expect it to be almost
entirely confined to "big"/"important" targets.

Read the paper. The user/kernel version of the exploit is not
theoretical; they built it. The data leakage rate quoted is based on measurement, not analysis.

"Home", "smaller biz", nope.

That’s rather naive. Domestic users are absolutely a target. For example
when building a botnet the ownership of the endpoints is totally
irrelevant - it’s all about quantity, not quality.

STILL needs to be fixed ... but can EXISTING
chips be fixed without trashing performance ?

Read the paper, they quote the performance cost of mitigations.

--
https://www.greenend.org.uk/rjk/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 24/05/2025 11:08, Richard Kettlewell wrote:

c186282 <[email protected]> writes:

On 5/22/25 4:16 PM, Richard Kettlewell wrote:

I don’t think that’s correct. The BPRC attack breaches user/kernel,
guest/host and application-internal boundaries (i.e. it undermines
IBPB). Much wider impact than cloud service providers.
https://comsec.ethz.ch/wp-content/files/bprc_sec25.pdf
is the full paper.

Theoretically true. In PRACTICE however, it's a kinda
difficult breech technique - so expect it to be almost
entirely confined to "big"/"important" targets.

Read the paper. The user/kernel version of the exploit is not
theoretical; they built it. The data leakage rate quoted is based on measurement, not analysis.

"Home", "smaller biz", nope.

That’s rather naive. Domestic users are absolutely a target. For example when building a botnet the ownership of the endpoints is totally
irrelevant - it’s all about quantity, not quality.

Ah. Do you think this is the easiest way to build a botnet?

My impression is that the technical lack of sophistication of most
ratware apps is only exceeded by the complete disregard of basic
security on internet connected hosts.

How many bots knocking on my doors trying to ssh in as 'root' Or login
to a pop or SMTP server using 'user@domain' identities?

STILL needs to be fixed ... but can EXISTING
chips be fixed without trashing performance ?

Read the paper, they quote the performance cost of mitigations.

Its technically a very interesting flaw. How serious in real life is
unknown.

--
Truth welcomes investigation because truth knows investigation will lead
to converts. It is deception that uses all the other techniques.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

The Natural Philosopher <[email protected]d> writes:

On 24/05/2025 11:08, Richard Kettlewell wrote:

That’s rather naive. Domestic users are absolutely a target. For
example when building a botnet the ownership of the endpoints is
totally irrelevant - it’s all about quantity, not quality.

Ah. Do you think this is the easiest way to build a botnet?

Indeed not; BPRC would be one step in a more complex attack, in this
case probably one of several steps between an initial compromise and establishing a persistent foothold.

My impression is that the technical lack of sophistication of most
ratware apps is only exceeded by the complete disregard of basic
security on internet connected hosts.

Attacks get added to collections like Metasploit, not much
sophistication is really required to use them.

All that said I’m sure you’re right that real-life botnets don’t need to bother with anything much smarter than trying common passwords, but they
are just an example: the point is that domestic users are in general
terms targets, even when not reading on the toes of the rich, powerful
or criminal.

Meanwhile, unless you’re a developer on a compiler, hypervisor, kernel
or browser then all you can do about is keep up to date with updates...

--
https://www.greenend.org.uk/rjk/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)