New side channel attack exploiting dynamic frequency changes in the CPU:
https://www.hertzbleed.com/
Affects both Intel & AMD. Intel embargoed the CVE for several months but won't be releasing µcode to fix it. Twats.
It can be mitigated by disabling frequency boost for the CPU. And then asking for a refund from the manufacturer to account for the reduced performance, presumably. Bollocks.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Hertzbleed vulnerability
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
- Hallvor
- Global Moderator
- Posts: 2042
- Joined: 2009-04-16 18:35
- Location: Kristiansand, Norway
- Has thanked: 149 times
- Been thanked: 212 times
Re: Hertzbleed vulnerability
https://www.tomshardware.com/news/intel ... rypto-keysIntel says that it doesn't think this attack is practical outside of a lab environment, partially because it takes "hours to days" to steal a cryptographic key. Additionally, an exploit based on this attack would require sophisticated high-resolution power monitoring capabilities.
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Hertzbleed vulnerability
Not according to the authors of the paper:
Hertzbleed shows that on modern x86 CPUs, power side-channel attacks can be turned into (even remote!) timing attacks—lifting the need for any power measurement interface.
deadbang
-
- Posts: 932
- Joined: 2020-05-03 14:16
- Has thanked: 7 times
- Been thanked: 68 times
Re: Hertzbleed vulnerability
I agree - it's a complete bullshit.
The method is practically the same as this one:
viewtopic.php?f=3&t=109982
The only difference is that instead of listening to power inverter chokes, the software is collecting stats of CPU clocking changes.
Expect new, expensive "security products" which will advertise protection against this *new* "vulnerability"
Business is business - a hunt for idiots with thick wallets.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
The_full_story and Nothing_have_changed
Re: Hertzbleed vulnerability
It's no real coincidence that you saw this raft of vulnerabilities in Intel and AMD chips, only 4 years ago and then with the release of Windows 11 MS announced that earlier chips with those vulnerabilities would not be supported (and then announced that they would be supported unofficially... but that first statement is what counted, as it was meant to in fact).
MS, the OEMs and Intel and AMD are really part of the same big cabal that controls the laptop/desktop/server x86 market. In that unique position, overseeing a monopoly of zero choice (that is except the choice not to buy/use any of it) they can conspire to do pretty much anything. If Intel reveals flaws in it's own products, in order to sell... more of it's own products, the rest of the cabal will back it up regardless. If it means that the OEMs will sell more servers, desktops and laptops - they will back it. If it means MS can force users onto a new OS, riddled with surveillance and telemetry tools - it sounds like a plan.
MS, the OEMs and Intel and AMD are really part of the same big cabal that controls the laptop/desktop/server x86 market. In that unique position, overseeing a monopoly of zero choice (that is except the choice not to buy/use any of it) they can conspire to do pretty much anything. If Intel reveals flaws in it's own products, in order to sell... more of it's own products, the rest of the cabal will back it up regardless. If it means that the OEMs will sell more servers, desktops and laptops - they will back it. If it means MS can force users onto a new OS, riddled with surveillance and telemetry tools - it sounds like a plan.