Hertzbleed vulnerability

[Head_on_a_Stick]

New side channel attack exploiting dynamic frequency changes in the CPU:

https://www.hertzbleed.com/

Affects both Intel & AMD. Intel embargoed the CVE for several months but won't be releasing µcode to fix it. Twats.

It can be mitigated by disabling frequency boost for the CPU. And then asking for a refund from the manufacturer to account for the reduced performance, presumably. Bollocks.

[Hallvor]

Intel says that it doesn't think this attack is practical outside of a lab environment, partially because it takes "hours to days" to steal a cryptographic key. Additionally, an exploit based on this attack would require sophisticated high-resolution power monitoring capabilities.

https://www.tomshardware.com/news/intel ... rypto-keys

[Head_on_a_Stick]

Additionally, an exploit based on this attack would require sophisticated high-resolution power monitoring capabilities.

Not according to the authors of the paper:

Hertzbleed shows that on modern x86 CPUs, power side-channel attacks can be turned into (even remote!) timing attacks—lifting the need for any power measurement interface.

[CwF]

Wake me up when it escapes the zoo.

[LE_746F6D617A7A69]

Wake me up when it escapes the zoo.

I agree - it's a complete bullshit.

The method is practically the same as this one:
viewtopic.php?f=3&t=109982

The only difference is that instead of listening to power inverter chokes, the software is collecting stats of CPU clocking changes.

Expect new, expensive "security products" which will advertise protection against this *new* "vulnerability"

Business is business - a hunt for idiots with thick wallets.

[cynwulf]

It's no real coincidence that you saw this raft of vulnerabilities in Intel and AMD chips, only 4 years ago and then with the release of Windows 11 MS announced that earlier chips with those vulnerabilities would not be supported (and then announced that they would be supported unofficially... but that first statement is what counted, as it was meant to in fact).

MS, the OEMs and Intel and AMD are really part of the same big cabal that controls the laptop/desktop/server x86 market. In that unique position, overseeing a monopoly of zero choice (that is except the choice not to buy/use any of it) they can conspire to do pretty much anything. If Intel reveals flaws in it's own products, in order to sell... more of it's own products, the rest of the cabal will back it up regardless. If it means that the OEMs will sell more servers, desktops and laptops - they will back it. If it means MS can force users onto a new OS, riddled with surveillance and telemetry tools - it sounds like a plan.