Aaron Poffenberger is a user on bsd.network. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Aaron Poffenberger @akpoff

Not good. o_0. mudge posted this on birdsite.

On stage today, during the Cyber-ITL talk at ShmooCon, Patrick dropped a little 0day that speculative execution executed data (ignoring non-execute markings).

That’s r-x... for those keeping track.

(rowhammer for the write anyone?)

twitter.com/dotMudge/status/95

· Web · 18 · 12

@akpoff this is not exactly surprising: within Intel processors it seems now safe to assume that all protection of any kind is ignored once speculative execution is initiated.

I suspect that, in the rush to get x86_64 out /and/ with better performance than AMD's amd64, several corners were cut. It is worthwhile remembering that the first x86_64 was, basically, 64-bit emulation on a 32-bit core written in microcode…

@cynicalsecurity Agreed. It was only a matter of time. Within days of the initial public disclosure I saw quite a bit of, er, speculation about the possibility of rowhammer attacks.

Looks like consumer groups, US states' AGs and perhaps in will have some serious opportunities to go after .

@akpoff This is the end of this era of computing. period... what comes next will be a setback, and a new way of processing data.

@thegibson I don't know. I hope you're wrong. At a minimum it appears to be a setback to performance levels.

Though perhaps there are other dragons lurking in AMD's implementation as well. :(

@akpoff every architecture is affected... Spectre is here to stay.

I am sure we will find more in the coming months...

I'm not even sure that behavioral detection can really do anything with this either... although i'm trying.

@akpoff Consider that this is the largest threat, and mitigation task (by volume) we have ever faced.

And now this...

theverge.com/2018/1/22/1691942

It is not world ending, but it is world-changing.