Re: "HyperThreading considered harmful"

Forums » Up and Running » Security » Security » "HyperThreading considered harmful"


Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

Email scam »
« I have an internet problem, what could be wrong??

novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH

Re: "HyperThreading considered harmful"

wel steve it may also be possible for a remopte user to do the same. Example run a java app on web site that stays active. Then you might be able to exploit the flaw remotly. And take your pick of other threads. It would be hard as hell but probably doable. Ive never delt with a hardware securit flaw before. But getting a buffer over run is similar to a hardware security flaw realy. Essentialy what your doing is putting things in to ram area from one programs area to another programs area of ram. So it should be at least possible to do the same with a cpus cache.
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channelopen source dns server for *nix and windows »powerdns.com

permalink · 2005-05-13 13:23:18 · Print ·

Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA

Re: "HyperThreading considered harmful"

said by novaflare

:

Example run a java app on web site that stays active.

No way.

I think this is beyond the pale of what one can do. I think it's going to be impossible for a Java application to do this, because aside from the fact that it doesn't have access to the CPU instructions required to do this kind of hyper-highresolution timing, Java has so much overhead that it's going to confound any efforts at measuring these timing differences.

But getting a buffer over run is similar to a hardware security flaw realy.

Hmmm, did you actually read the paper?

There is no circumstance where thread #1 can read or write data cached by thread #2 - it can only make some guesses about which memory thread #2 is accessing. This revolves around subtle timing issues, not modifying memory.

Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site

permalink · 2005-05-13 13:32:00 · Print ·

novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH

Re: "HyperThreading considered harmful"

just used as a example. It how ever is probably possible to do so with spyware torjans or other apps you could trick the user in to downloading. And i only read part of it. Before posting reading more now. Ither way intel needs to take serious action to correct it.
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channelopen source dns server for *nix and windows »powerdns.com

permalink · 2005-05-13 13:36:35 ·

BeesTea Network Janitor Premium,VIP join:2003-03-08 00000	said by Steve : No way. I think this is beyond the pale of what one can do. I think it's going to be impossible for a Java application to do this, Ditto. -- $ /bin/whoami nobody
	permalink · 2005-05-13 13:37:02 ·

Marilla I Am My Own Arbiter Premium join:2002-12-06 Belpre, OH	said by Steve : There is no circumstance where thread #1 can read or write data cached by thread #2 - it can only make some guesses about which memory thread #2 is accessing. This revolves around subtle timing issues, not modifying memory. Hence, my interest, and my headache! -- Windows, Mac, Linux, BSD - just use the right tool for the right job... end the OS Politics!
	permalink · 2005-05-13 23:42:42 · Print ·

your comment..

Forums » Up and Running » Security » Security	Email scam » « I have an internet problem, what could be wrong??


Thursday, 26-Nov 21:40:51	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF