Intel CPUs Vulnerable to New 'BranchScop

Wyatt Thomas
Wyatt Thomas

Researchers have discovered a new side-channel attack method that can be launched against devices with Intel processors, and the patches released in response to the Spectre and Meltdown vulnerabilities might not prevent these types of attacks.
The new attack, dubbed BranchScope, has been identified and demonstrated by a team of researchers from the College of William & Mary, University of California Riverside, Carnegie Mellon University in Qatar, and Binghamton University.
[https://archive.fo/zCbUG] securityweek.com/intel-cpus-vulnerable-new-branchscope-attack
[https://archive.fo/5i2S3] arstechnica.com/gadgets/2018/03/its-not-just-spectre-researchers-reveal-more-branch-prediction-attacks/

Attached: just.png (115.73 KB, 1800x1200)

All urls found in this thread:

securityweek.com/intel-cpus-vulnerable-new-branchscope-attack
arstechnica.com/gadgets/2018/03/its-not-just-spectre-researchers-reveal-more-branch-prediction-attacks/
en.wikipedia.org/wiki/Comparison_of_single-board_computers

Jace Nelson
Jace Nelson

Intel CPUs could be Facebook on a chip levels of giving your data away, and Intel PR could make it all go away.

Levi Carter
Levi Carter

From the Arse article, Intel says
We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers.
I read it as
We can't be bothered to spend any of our billions on actual security so thanks guyz

Leo Walker
Leo Walker

I read it as “The goyim know!!!”

Elijah Carter
Elijah Carter

Garbage OP. You didn't even explain what it is.
To say it simply, this attack allows you to determine if a path (branch, if statement, etc) is taken or not in the victim program.
You can think of this as vaguely similar to a power analysis attack where you can see the processor using more power when it takes a branch.
Unlike spectre which extracted memory contents, this only extracts the knowledge if a branch is taken or not. This could be used further in a more complicated attack similar to how spectre used the cache as its side channel.

Jason Diaz
Jason Diaz

So it sounds like an easy fix that can be patched in microcode without any issues

Attached: all-smiles.png (78.01 KB, 308x320)

Asher Johnson
Asher Johnson

it doesn't matter anymore. the goyim are now desensitized to these security problems.

Alexander Allen
Alexander Allen

Just as long as every motherboard manufacturer puts out a firmware update for all their products

Jaxson Jackson
Jaxson Jackson

tfw Asrock

Colton Hall
Colton Hall

We can't be bothered to spend any of our billions on actual security so thanks guyz
That's exactly how open source was sold to corporates, so what did you expect.

Cameron Smith
Cameron Smith

I got my nazi arm patch. All the cool kids are getting them.

Attached: 2014062610350266319.jpg (82.87 KB, 615x540)

Kevin Wright
Kevin Wright

nonstop coverage of security issues with all the ree ree ree panic everyone can bring to bear
none of them effect anyone other than people who use hypervisors and sandboxes

Levi Roberts
Levi Roberts

for all their products

Released only in the last year. There is no support for "old" hardware.

Adam Foster
Adam Foster

loading proprietary (((microcode)))

Christopher Brown
Christopher Brown

he doesn't use hypervisors or sanboxes
What are you doing on /g/

Jaxon Mitchell
Jaxon Mitchell

not getting hacked apparently

James Young
James Young

CPU microcode is further patched by the OS early during boot. As long as Intel puts out a patched µcode, normalfags will get it through Winjews Update.

Jacob Hall
Jacob Hall

You say this ironically, but Allwinner chink ARM sbcs are a thousand times more trustworthy than IIsraeltel.

Blake Edwards
Blake Edwards

Noooo goy!

They're vulnerable to Spectre and have more devices like the (((Ethernet))) and (((Wifi))) on the bus.

Jacob Torres
Jacob Torres

Spectre depends on the chip. And some boards send SATA over USB2, in which case there's no DMA. Some boards do the same with Ethernet. It's probably for cost-cutting reasons, but the side-effect is firmware has to do memory ops through the CPU, instead of having full access to everything.

Christian Adams
Christian Adams

/g/

Luke Carter
Luke Carter

hand waving ensues
So which boards are immune to Spectre and also don't have the botnet devices on the bus again? You sound very learned on the subject.

Ethan Nguyen
Ethan Nguyen

Look for boards with Cortex-A7, there's tons of them. There's at least one Banana Pi with such CPU that has SATA isolated via USB2. And there was a thread on 4chan yesterday where some dude was talking about his ODROID that has Ethernet on USB2. He said it was slow, but good enough to run as a basic NAS/backup server. I don't know if you can find a board with both devices isolated on the stock model, but it's easy enough to add your own USB device for SATA or Ethernet. Here's a basic comparison list (doens't have full details, but it's a start):
en.wikipedia.org/wiki/Comparison_of_single-board_computers

Disable AdBlock to view this page

Disable AdBlock to view this page

Confirm your age

This website may contain content of an adult nature. If you are under the age of 18, if such content offends you or if it is illegal to view such content in your community, please EXIT.

Enter Exit

About Privacy

We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about your use of our site with our advertising and analytics partners.

Accept Exit