InfoQ Homepage Side channel vulnerabilities Content on InfoQ
News
RSS Feed-
New Exploit Breaks Current Spectre Defenses; Fixes Hard without Performance Impact
Researchers from the University of Virginia School of Engineering recently disclosed a new Spectre hardware exploit that can steal secrets via Intel/AMD micro-op caches and circumvents current Spectre defenses. Intel and AMD say no new guidance is needed. Researchers say suggested fixes are inconvenient to deploy or have performance drawbacks.
-
New COOP and COEP Cross-Origin Policies for Increased Security in Chrome and Firefox
Eiji Kitamura recently addressed in a talk at Google’s web.dev live the new COOP and COEP policies that dictate how browsers handle cross-origin resources. The new opener (COOP) and embedded (COEP) policies set up a cross-origin isolated environment that protects against Spectre attacks while restoring powerful, previously disabled features (SharedArrayMemoryBuffer and more).
-
Google Researchers Say Spectre Will Haunt Us for Years
According to a paper by several Google researchers, speculative vulnerabilities currently defeat all programming-language-level means of enforcing information confidentiality. This would not be just an incidental property of how we build our systems, but rather the result of wrong mental models that led us to trade security for performance without knowing it.
-
GPUs Found Vulnerable to Side-Channel Attacks
Since Spectre and Meltdown were demonstrated at the beginning of 2018, researchers have been discovering many variants of side-channel vulnerabilities affecting both Intel and AMD CPUs. GPUs seemed instead to be immune to such attacks. Until now, that is.
-
PortSmash is the Latest Side-Channel Attack Affecting Intel CPUs
Researchers have devised a new kind of timing attack to steal information from a different process running on the same core with SMT/hyper-threading enabled. By carefully measuring port contention delays when sending instructions to a shared core, the researchers could recover a private key from a different process. Intel CPUs are probably not the only ones affected.
-
Intel Discloses New Speculative Execution Vulnerability L1 Terminal Fault
Intel has disclosed a new speculative execution side channel vulnerability, dubbed L1 Terminal Fault, that could potentially leak information residing in the processor L1 data cache. Mitigations are already available, according to Intel, based on its latest Microcode Updates and corresponding updates to operating systems and hypervisor stacks.
-
NetBSD 8.0 Brings Spectre V2/V4, Meltdown, and Lazy FPU Mitigations, and More
NetBSD 8.0, a major release of the BSD-based OS providing portability across many architectures, brings mitigations for the Spectre V2/V4, Meltdown, and Lazy FPU vulnerabilities, along with many new features and bug fixes.
-
TLBleed Can Leak Cryptographic Keys from CPUs Snooping on TLBs
A new side-channel vulnerability affecting Intel processors, known as TLBleed, can leak information by snooping on Translation Look-aside Buffers (TLBs), writes VUsec security researcher Ben Gras.