If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
New NetSpectre Attack Can Steal CPU Secrets via NetworkConnections
On 28/07/18 18:45, Anonymous wrote:
Nomen Nescio laid this down on his screen : In article William Unruh wrote: On 2018-07-27, Anonymous wrote: https://www.bleepingcomputer.com/news/security/new-netspectre-attack-can-steal-cpu-secrets-via-network-connections/ Except it can't. (or rather at the rate of about 1 bit per hour, which of course is useless if the cache actually changes in that time.. And if you have defened yoursef against spectre, this is useless. I love scary computer stories at bedtime. I love the sell of infected computers in the morning. ^^^^ Thats no way to talk about Windows! -- Renewable energy: Expensive solutions that don't work to a problem that doesn't exist instituted by self legalising protection rackets that don't protect, masquerading as public servants who don't serve the public. |
Ads |
#17
|
|||
|
|||
New NetSpectre Attack Can Steal CPU Secrets via NetworkConnections
On 29/07/18 06:19, Nomen Nescio wrote:
In article The Natural Philosopher wrote: On 28/07/18 11:43, Melzzzzz wrote: On 2018-07-28, Richard Kettlewell wrote: Melzzzzz writes: I still can't see how anything related to network can be used to conclude that some data is from cache or memory. Care to explain how that can be concluded from eg communication with web server? The paper is not hard to find: https://misc0110.net/web/files/netspectre.pdf I have skimmed over paper, yet I see they need server side application... Nope, they dont. That's incorrect. Without a network listener, i.e. "app" in this new world of minimalistic linguisticism, the attack can't even begin. Ah. semantics. They dont need a *special* 'app' to be installed. The standard stuff will do. (apache etc) -- "When a true genius appears in the world, you may know him by this sign, that the dunces are all in confederacy against him." Jonathan Swift. |
#18
|
|||
|
|||
New NetSpectre Attack Can Steal CPU Secrets via Network Connections
Nomen Nescio expressed precisely :
In article Melzzzzz wrote: On 2018-07-28, Richard Kettlewell wrote: Melzzzzz writes: I still can't see how anything related to network can be used to conclude that some data is from cache or memory. Care to explain how that can be concluded from eg communication with web server? The paper is not hard to find: https://misc0110.net/web/files/netspectre.pdf I have skimmed over paper, yet I see they need server side application... All they have to do is run linux and let the leakage begin. This simply doesn't make sense. Linux for years has proven to be the safest servers out there. |
#19
|
|||
|
|||
New NetSpectre Attack Can Steal CPU Secrets via NetworkConnections
On 29/07/18 11:03, Anonymous wrote:
Nomen Nescio expressed precisely : In article Melzzzzz wrote: On 2018-07-28, Richard Kettlewell wrote: Melzzzzz writes: I still can't see how anything related to network can be used to conclude that some data is from cache or memory. Care to explain how that can be concluded from eg communication with web server? The paper is not hard to find: https://misc0110.net/web/files/netspectre.pdf I have skimmed over paper, yet I see they need server side application... All they have to do is run linux and let the leakage begin. Â*This simply doesn't make sense.Â* Linux for years has proven to be the safest servers out there. Well if you know what they are running, and on what CPU, thats all AIUI you need to know. Performance of known code on known hardware allows inferences about its internal data to be made. -- In a Time of Universal Deceit, Telling the Truth Is a Revolutionary Act. - George Orwell |
#20
|
|||
|
|||
New NetSpectre Attack Can Steal CPU Secrets via NetworkConnections
On 29/07/18 20:40, Andreas Kohlbach wrote:
On Sun, 29 Jul 2018 05:03:50 -0500, Anonymous wrote: Nomen Nescio expressed precisely : All they have to do is run linux and let the leakage begin. This simply doesn't make sense. Linux for years has proven to be the safest servers out there. Servers have nothing to do with Linux. You can probably have bad (or not patched) servers on Linux as good ones. So you can on Windows, Mac... AIUI all you need to know is what processor and what code is running on the server and then the fine details of network timings in reponse to a probing attack reveal something about what should be secret. That its probably a lot simpler to hand the sysdamin a USB drive and $1,000,000 to get the pentagon's passwords is noted. But all those foreign intelligence agnencies have to do SOMETHING for a living -- In a Time of Universal Deceit, Telling the Truth Is a Revolutionary Act. - George Orwell |
#21
|
|||
|
|||
New NetSpectre Attack Can Steal CPU Secrets via NetworkConnections
On 2018-07-28, Nomen Nescio wrote:
The paper is not hard to find: https://misc0110.net/web/files/netspectre.pdf At the rate it produces results, I'll be dead, buried and won't give a ****. I'm in charge of several servers on three different 1Gb/s (or faster) connections to the public internet, so I'm a bit more worried, I'd better make sure I've rebooted them with a recent (ie presumed safe) kernel before the SSL key can be exfiltrated. -- ت |
#22
|
|||
|
|||
New NetSpectre Attack Can Steal CPU Secrets via Network Connections
Nomen Nescio formulated the question :
In article Anonymous wrote: Nomen Nescio expressed precisely : In article Melzzzzz wrote: On 2018-07-28, Richard Kettlewell wrote: Melzzzzz writes: I still can't see how anything related to network can be used to conclude that some data is from cache or memory. Care to explain how that can be concluded from eg communication with web server? The paper is not hard to find: https://misc0110.net/web/files/netspectre.pdf I have skimmed over paper, yet I see they need server side application... All they have to do is run linux and let the leakage begin. This simply doesn't make sense. Linux for years has proven to be the safest servers out there. Wrong. OpenVMS and OS/400 both put linux to shame. OS/400 must really be good. I have never heard of it. |
#23
|
|||
|
|||
New NetSpectre Attack Can Steal CPU Secrets via NetworkConnections
On 30/07/18 15:06, Anonymous wrote:
Nomen Nescio formulated the question : In article Anonymous wrote: Nomen Nescio expressed precisely : In article Melzzzzz wrote: On 2018-07-28, Richard Kettlewell wrote: Melzzzzz writes: I still can't see how anything related to network can be used to conclude that some data is from cache or memory. Care to explain how that can be concluded from eg communication with web server? The paper is not hard to find: https://misc0110.net/web/files/netspectre.pdf I have skimmed over paper, yet I see they need server side application... All they have to do is run linux and let the leakage begin. Â* This simply doesn't make sense.Â* Linux for years has proven to be the safest servers out there. Wrong. OpenVMS and OS/400 both put linux to shame. Â*OS/400 must really be good.Â* I have never heard of it. Wasn't/isn't that IBM mainframe? -- In a Time of Universal Deceit, Telling the Truth Is a Revolutionary Act. - George Orwell |
#24
|
|||
|
|||
New NetSpectre Attack Can Steal CPU Secrets via Network Connections
In comp.os.linux.misc The Natural Philosopher wrote:
On 30/07/18 15:06, Anonymous wrote: Nomen Nescio formulated the question : In article Anonymous wrote: Nomen Nescio expressed precisely : In article Melzzzzz wrote: On 2018-07-28, Richard Kettlewell wrote: Melzzzzz writes: I still can't see how anything related to network can be used to conclude that some data is from cache or memory. Care to explain how that can be concluded from eg communication with web server? The paper is not hard to find: https://misc0110.net/web/files/netspectre.pdf I have skimmed over paper, yet I see they need server side application... All they have to do is run linux and let the leakage begin. * This simply doesn't make sense.* Linux for years has proven to be the safest servers out there. Wrong. OpenVMS and OS/400 both put linux to shame. *OS/400 must really be good.* I have never heard of it. Wasn't/isn't that IBM mainframe? No IBM m/f is Z/OS or Z/VM. OS/400 runs on the AS-400 system which is more like an old-time mini-computer. It's designed for a small to mid-range shop that couldn't support a m/f. |
#25
|
|||
|
|||
New NetSpectre Attack Can Steal CPU Secrets via NetworkConnections
Jerry Peters wrote:
In comp.os.linux.misc The Natural Philosopher wrote: On 30/07/18 15:06, Anonymous wrote: Nomen Nescio formulated the question : In article Anonymous wrote: Nomen Nescio expressed precisely : In article Melzzzzz wrote: On 2018-07-28, Richard Kettlewell wrote: Melzzzzz writes: I still can't see how anything related to network can be used to conclude that some data is from cache or memory. Care to explain how that can be concluded from eg communication with web server? The paper is not hard to find: https://misc0110.net/web/files/netspectre.pdf I have skimmed over paper, yet I see they need server side application... All they have to do is run linux and let the leakage begin. Â* This simply doesn't make sense.Â* Linux for years has proven to be the safest servers out there. Wrong. OpenVMS and OS/400 both put linux to shame. Â*OS/400 must really be good.Â* I have never heard of it. Wasn't/isn't that IBM mainframe? No IBM m/f is Z/OS or Z/VM. OS/400 runs on the AS-400 system which is more like an old-time mini-computer. It's designed for a small to mid-range shop that couldn't support a m/f. It's called IBM i nowadays. https://en.m.wikipedia.org/wiki/IBM_i -- Neodome |
#26
|
|||
|
|||
New NetSpectre Attack Can Steal CPU Secrets via Network Connections
After serious thinking Nomen Nescio wrote :
In article Anonymous wrote: Nomen Nescio formulated the question : In article Anonymous wrote: Nomen Nescio expressed precisely : In article Melzzzzz wrote: On 2018-07-28, Richard Kettlewell wrote: Melzzzzz writes: I still can't see how anything related to network can be used to conclude that some data is from cache or memory. Care to explain how that can be concluded from eg communication with web server? The paper is not hard to find: https://misc0110.net/web/files/netspectre.pdf I have skimmed over paper, yet I see they need server side application... All they have to do is run linux and let the leakage begin. This simply doesn't make sense. Linux for years has proven to be the safest servers out there. Wrong. OpenVMS and OS/400 both put linux to shame. OS/400 must really be good. I have never heard of it. probably because you're never operated or worked on a real computer. IBM main frame software engineer. |
#27
|
|||
|
|||
New NetSpectre Attack Can Steal CPU Secrets via Network Connections
Nomen Nescio expressed precisely :
In article Anonymous wrote: After serious thinking Nomen Nescio wrote : In article Anonymous wrote: Nomen Nescio formulated the question : In article Anonymous wrote: Nomen Nescio expressed precisely : In article Melzzzzz wrote: On 2018-07-28, Richard Kettlewell wrote: Melzzzzz writes: I still can't see how anything related to network can be used to conclude that some data is from cache or memory. Care to explain how that can be concluded from eg communication with web server? The paper is not hard to find: https://misc0110.net/web/files/netspectre.pdf I have skimmed over paper, yet I see they need server side application... All they have to do is run linux and let the leakage begin. This simply doesn't make sense. Linux for years has proven to be the safest servers out there. Wrong. OpenVMS and OS/400 both put linux to shame. OS/400 must really be good. I have never heard of it. probably because you're never operated or worked on a real computer. IBM main frame software engineer. I'm familiar with you IBM guys. I had to give a bunch of "IBM Software Engineers" classes on TCP/IP and SMTP because as a group, you couldn't figure out how to format email messages and drop them in a pickup folder to be sent. TCP/IP routing and DNS was a mystery that sent some of you to retirement because you couldn't make the transition from SNA. Like a liberal democrat, you lump everyone into a corporate bundle. As for me, I was an IBM main frame software engineer, not an IBM enployee. |
#28
|
|||
|
|||
New NetSpectre Attack Can Steal CPU Secrets via Network Connections
Nomen Nescio writes:
In article Anonymous wrote: After serious thinking Nomen Nescio wrote : In article Anonymous wrote: Nomen Nescio formulated the question : In article Anonymous wrote: Nomen Nescio expressed precisely : In article Melzzzzz wrote: On 2018-07-28, Richard Kettlewell wrote: Melzzzzz writes: I still can't see how anything related to network can be used to conclude that some data is from cache or memory. Care to explain how that can be concluded from eg communication with web server? The paper is not hard to find: https://misc0110.net/web/files/netspectre.pdf I have skimmed over paper, yet I see they need server side application... All they have to do is run linux and let the leakage begin. This simply doesn't make sense. Linux for years has proven to be the safest servers out there. Wrong. OpenVMS and OS/400 both put linux to shame. OS/400 must really be good. I have never heard of it. probably because you're never operated or worked on a real computer. IBM main frame software engineer. I'm familiar with you IBM guys. I had to give a bunch of "IBM Software Engineers" classes on TCP/IP and SMTP because as a group, you couldn't figure out how to format email messages and drop them in a pickup folder to be sent. TCP/IP routing and DNS was a mystery that sent some of you to retirement because you couldn't make the transition from SNA. Really, you know us all? Retired MVS maven _and_ Linux expert. Lots of other stuff too numerous to list. Software developer since 1964. How do I know you are an idiot? -- Dan Espen |
#29
|
|||
|
|||
New NetSpectre Attack Can Steal CPU Secrets via Network Connections
Anonymous writes:
Nomen Nescio expressed precisely : In article Anonymous wrote: After serious thinking Nomen Nescio wrote : In article Anonymous wrote: Nomen Nescio formulated the question : In article Anonymous wrote: Nomen Nescio expressed precisely : In article Melzzzzz wrote: On 2018-07-28, Richard Kettlewell wrote: Melzzzzz writes: I still can't see how anything related to network can be used to conclude that some data is from cache or memory. Care to explain how that can be concluded from eg communication with web server? The paper is not hard to find: https://misc0110.net/web/files/netspectre.pdf I have skimmed over paper, yet I see they need server side application... All they have to do is run linux and let the leakage begin. This simply doesn't make sense. Linux for years has proven to be the safest servers out there. Wrong. OpenVMS and OS/400 both put linux to shame. OS/400 must really be good. I have never heard of it. probably because you're never operated or worked on a real computer. IBM main frame software engineer. I'm familiar with you IBM guys. I had to give a bunch of "IBM Software Engineers" classes on TCP/IP and SMTP because as a group, you couldn't figure out how to format email messages and drop them in a pickup folder to be sent. TCP/IP routing and DNS was a mystery that sent some of you to retirement because you couldn't make the transition from SNA. Like a liberal democrat, you lump everyone into a corporate bundle. As for me, I was an IBM main frame software engineer, not an IBM enployee. Still early, but stupidest thing I've read so far today. -- Dan Espen |
#30
|
|||
|
|||
New NetSpectre Attack Can Steal CPU Secrets via NetworkConnections
In article
Nomen Nescio wrote: In article Dan Espen wrote: Nomen Nescio writes: In article Anonymous wrote: After serious thinking Nomen Nescio wrote : In article Anonymous wrote: Nomen Nescio formulated the question : In article Anonymous wrote: Nomen Nescio expressed precisely : In article Melzzzzz wrote: On 2018-07-28, Richard Kettlewell wrote: Melzzzzz writes: I still can't see how anything related to network can be used to conclude that some data is from cache or memory. Care to explain how that can be concluded from eg communication with web server? The paper is not hard to find: https://misc0110.net/web/files/netspectre.pdf I have skimmed over paper, yet I see they need server side application... All they have to do is run linux and let the leakage begin. This simply doesn't make sense. Linux for years has proven to be the safest servers out there. Wrong. OpenVMS and OS/400 both put linux to shame. OS/400 must really be good. I have never heard of it. probably because you're never operated or worked on a real computer. IBM main frame software engineer. I'm familiar with you IBM guys. I had to give a bunch of "IBM Software Engineers" classes on TCP/IP and SMTP because as a group, you couldn't figure out how to format email messages and drop them in a pickup folder to be sent. TCP/IP routing and DNS was a mystery that sent some of you to retirement because you couldn't make the transition from SNA. Really, you know us all? Retired MVS maven _and_ Linux expert. Lots of other stuff too numerous to list. Software developer since 1964. How do I know you are an idiot? Retired means not gifted enough to continue. -- Ex-Banyan/Novell/Citrix/CiscoUCS/EMC/Extreme, currently 3PAR engineer happily rolling IBM products to the scrapyard because they are too complicated, too expensive, and designed from the start to be nothing but over-complicated lifetime revenue traps for hardware and software services. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|