New NetSpectre Attack Can Steal CPU Secrets via Network Connections

https://www.bleepingcomputer.com/news/security/new-netspectre-attack-can-steal-cpu-secrets-via-network-connections/

On 2018-07-27, Anonymous wrote:
https://www.bleepingcomputer.com/news/security/new-netspectre-attack-can-steal-cpu-secrets-via-network-connections/

Except it can't. (or rather at the rate of about 1 bit per hour, which of
course is useless if the cache actually changes in that time.. And if you have
defened yoursef against spectre, this is useless.

On 2018-07-27, Anonymous wrote:
https://www.bleepingcomputer.com/news/security/new-netspectre-attack-can-steal-cpu-secrets-via-network-connections/
I can't see from paper how they can get data without application being
on victim machine?

--
press any key to continue or any other to quit...

On 28/07/18 05:59, Melzzzzz wrote:
On 2018-07-27, Anonymous wrote:
https://www.bleepingcomputer.com/news/security/new-netspectre-attack-can-steal-cpu-secrets-via-network-connections/
I can't see from paper how they can get data without application being
on victim machine?

They infer from visible net performance.



--
There is nothing a fleet of dispatchable nuclear power plants cannot do
that cannot be done worse and more expensively and with higher carbon
emissions and more adverse environmental impact by adding intermittent
renewable energy.

On 2018-07-28, The Natural Philosopher wrote:
On 28/07/18 05:59, Melzzzzz wrote:
On 2018-07-27, Anonymous wrote:
https://www.bleepingcomputer.com/news/security/new-netspectre-attack-can-steal-cpu-secrets-via-network-connections/
I can't see from paper how they can get data without application being
on victim machine?

They infer from visible net performance.


Hm, net performance have many factors, besides I can't see how they can
conclude anything from that.





--
press any key to continue or any other to quit...

On 28/07/18 06:45, Melzzzzz wrote:
On 2018-07-28, The Natural Philosopher wrote:
On 28/07/18 05:59, Melzzzzz wrote:
On 2018-07-27, Anonymous wrote:
https://www.bleepingcomputer.com/news/security/new-netspectre-attack-can-steal-cpu-secrets-via-network-connections/
I can't see from paper how they can get data without application being
on victim machine?

They infer from visible net performance.


Hm, net performance have many factors, besides I can't see how they can
conclude anything from that.


Thats why you are a user and they are hackers

Did you ever read of the famouys case of the German WWII captured tank
gearboxes?

Examination of the serial numbers led them to conclude that the
productuion rate was far more limited than they believed at the time.

This turned out to be the case.



--
Climate Change: Socialism wearing a lab coat.

William Unruh writes:
Anonymous wrote:
https://www.bleepingcomputer.com/news/security/new-netspectre-attack-can-steal-cpu-secrets-via-network-connections/

Except it can't. (or rather at the rate of about 1 bit per hour, which
of course is useless if the cache actually changes in that time..

I think you should at least skim the paper before commenting.

1) The reason it takes so long is that the network introduces a lot of
noise, so it requires many iterations of the attack to get a clear
signal.

2) Each iteration is fast and independent of the others; there is no
need for the cache to remain unmodified for an extended period.

3) They introduce a novel microarchitectural side channel which does not
use the cache.

And if you have defened yoursef against spectre, this is useless.

They specifically address this point; the existing Spectre mitigations
do not close the AVX side channel.

--
https://www.greenend.org.uk/rjk/

On 2018-07-28, The Natural Philosopher wrote:
On 28/07/18 06:45, Melzzzzz wrote:
On 2018-07-28, The Natural Philosopher wrote:
On 28/07/18 05:59, Melzzzzz wrote:
On 2018-07-27, Anonymous wrote:
https://www.bleepingcomputer.com/news/security/new-netspectre-attack-can-steal-cpu-secrets-via-network-connections/
I can't see from paper how they can get data without application being
on victim machine?

They infer from visible net performance.


Hm, net performance have many factors, besides I can't see how they can
conclude anything from that.


Thats why you are a user and they are hackers

Did you ever read of the famouys case of the German WWII captured tank
gearboxes?

Examination of the serial numbers led them to conclude that the
productuion rate was far more limited than they believed at the time.

This turned out to be the case.

I still can't see how anything related to network can be used to
conclude that some data is from cache or memory.
Care to explain how that can be concluded from eg communication with web
server?






--
press any key to continue or any other to quit...

Melzzzzz writes:
I still can't see how anything related to network can be used to
conclude that some data is from cache or memory.
Care to explain how that can be concluded from eg communication with web
server?

The paper is not hard to find:
https://misc0110.net/web/files/netspectre.pdf

--
https://www.greenend.org.uk/rjk/

On 2018-07-28, Richard Kettlewell wrote:
Melzzzzz writes:
I still can't see how anything related to network can be used to
conclude that some data is from cache or memory.
Care to explain how that can be concluded from eg communication with web
server?

The paper is not hard to find:
https://misc0110.net/web/files/netspectre.pdf

I have skimmed over paper, yet I see they need server side
application...

--
press any key to continue or any other to quit...

Melzzzzz writes:
On 2018-07-28, Richard Kettlewell wrote:
Melzzzzz writes:
I still can't see how anything related to network can be used to
conclude that some data is from cache or memory.
Care to explain how that can be concluded from eg communication with web
server?

The paper is not hard to find:
https://misc0110.net/web/files/netspectre.pdf

I have skimmed over paper, yet I see they need server side
application...

Sure. It’s a perfectly good proof of concept though. Doesn’t mean you
can’t find suitable gadgets in production code. (& unverifiable rumour
suggests they already they have, in which case they may well be waiting
for mitigations to be available before going public.)

--
https://www.greenend.org.uk/rjk/

On 28/07/18 11:43, Melzzzzz wrote:
On 2018-07-28, Richard Kettlewell wrote:
Melzzzzz writes:
I still can't see how anything related to network can be used to
conclude that some data is from cache or memory.
Care to explain how that can be concluded from eg communication with web
server?

The paper is not hard to find:
https://misc0110.net/web/files/netspectre.pdf

I have skimmed over paper, yet I see they need server side
application...

Nope, they dont.


--
Of what good are dead warriors? … Warriors are those who desire battle
more than peace. Those who seek battle despite peace. Those who thump
their spears on the ground and talk of honor. Those who leap high the
battle dance and dream of glory … The good of dead warriors, Mother, is
that they are dead.
Sheri S Tepper: The Awakeners.

"Melzzzzz" wrote

| I have skimmed over paper, yet I see they need server side
| application...
|

Yes. Not even really server-side. They only tested
what apparently was a trusted connection over a network.
With a 1 Gb connection they get 4 bytes/hour, from a
machine that has reason to let them in. On my cable
connection that would be about 4 bytes per day; presumably
4 arbitrary bytes.

It wasn't clear to me what protocol they're using to
get into the other computer, but with networked
computers there's already no security to speak of.
Who needs a byte-thief when you've got DCOM, file
sharing, Remote Desktop, and Remote Registry?

What they didn't do was to test an actual situation:
Trying to grab enough arbitrary RAM data, while you
load their webpage, to figure out your credit card number,
assuming they've been able to take control of a website
that you visit.

What always gets me about these things is that the
people who get most worked up are typically running
without a firewall, have networking functions enabled,
allow javascript and iframes on webpages, bank online,
and shop online using credit cards. So they have lots
of data worth stealing and no security to protect it.

They're leaving the front door wide open while they
worry that an ant might crawl through a hole behind
the 2nd floor gutter, make it to the kitchen, and steal a
grain of rice that's fallen on the floor there.... which
seems to be pretty much what this attack is.

But there is a perverse kind of logic to that: If you
concentrate on patching holes behind your gutter then
you don't have to deal with the "hassle" of locking
and unlocking your front door. The trick is to feel
secure without any inconvenience.

On 2018-07-28, Melzzzzz wrote:
On 2018-07-28, Richard Kettlewell wrote:
Melzzzzz writes:
I still can't see how anything related to network can be used to
conclude that some data is from cache or memory.
Care to explain how that can be concluded from eg communication with web
server?

The paper is not hard to find:
https://misc0110.net/web/files/netspectre.pdf

I have skimmed over paper, yet I see they need server side
application...

Yes, but the point is that they may well already be there in the code that the
server runs to do what it needs to do. Ie, the writer of say ssh, or of the
network stack, or.... needs to code in such a way that none of the resultant
code gives the attacker the means to determine that bit via the attack. He
sends a bunch of packets to the server. These are crafted to trigger the
speculative execution or not, and the timing of the return packets can give
him information. You could call these software bugs, but they are not bugs in
any traditional sense, and not in any sense that the coder knows how to avoid.
The software works exactly as expected. It is just that with the right
trigger, it takes slightly longer to perform or not depending on the value of
the bit the attacker wants to determine. Thus, if the ssh code has one of
these "bugs" the attacker may be able to determine the bits in the ssh
password. Do not ask me how. I have not idea, but the above is what I have
gleaned from a quick reading of the paper.
So their "gagets" are code which is already on the system in the operating
system/kernel software. The attacker just has to identify them. So yes, it can
be mitigated in software, but how in the hell do you analyse the code to
identify all of the possible ways in which every snippet of code could be used
in such an attack?

Nomen Nescio laid this down on his screen :
In article
William Unruh wrote:

On 2018-07-27, Anonymous wrote:
https://www.bleepingcomputer.com/news/security/new-netspectre-attack-can-steal-cpu-secrets-via-network-connections/

Except it can't. (or rather at the rate of about 1 bit per hour,
which of course is useless if the cache actually changes in that
time.. And if you have defened yoursef against spectre, this is
useless.

I love scary computer stories at bedtime.

I love the sell of infected computers in the morning.