Re: Security Flaw in Microchips Discovered?

[Carl Jongsma <info () skiifwrald com>]

On 21/11/2006, at 3:04 AM, Valdis.Kletnieks () vt edu wrote:

> On Sat, 18 Nov 2006 19:50:38 GMT, Fergie said:
>
> > Researchers have discovered a fundamental flaw in microprocessor  
> > technology
> > that could allow hackers to obtain computer users' secret  
> > information,
> > French daily Le Monde reported.
>
> This is probably right up there with the "cache timing attack"  
> against HT
> chips to steal an RSA key.  I wonder if their technique works while  
> the
> system is taking timer and I/O interrupts to fill up slots in the  
> branch
> prediction table....

It is an extension of that timing attack - it is by the same group of  
researchers.  Apparently they have found that there is a second cache  
that lends itself to being used in the branch prediction and thus  
allows a more rapid recovery of the private key in use (or any other  
data of interest passing through the cache).

Of course, a strange process that suddenly appears on a system and  
starts capturing 100% CPU time should be picked up long before an  
attacker (local) can make off with the data.

Sincerely,

Carl Jongsma
info () beskerming com
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: 0410 707 444 / 08 8283 1154

Sûnnet Beskerming Pty. Ltd.

Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister  
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and  
commercialise advanced Information Security research. Sûnnet  
Beskerming Pty. Ltd. is an Information Security specialist and, in  
conjunction with the tools developed in house, provides total  
security solutions and services, from the perimeter to internal data  
stores, including web application security and security testing and  
analysis.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.