Re: 'Rowhammer' - Software-triggered DRAM corruption

[Dirk-Willem van Gulik <dirkx () webweaving org>]

> On 13 Mar 2015, at 11:32, fulldisclosure <fulldisclosure () evolution-hosting eu> wrote:
>
> Am 12.03.2015 um 21:31 schrieb Aris Adamantiadis:
> > Le 12/03/15 17:00, Nick Boyce a écrit :
> >
> > > Also, this may only affect SODIMMs, not DIMMs, as Google was only able
> > > to make the attack work on laptops - desktop machines so far remaining
> > > unaffected.
> > >
> > > [I *knew* it was a good idea to hang on to that old Athlon XP desktop :-)]
> > There are countless reports of the attack working on desktops. It worked
> > on one of the two non-ecc desktops I've tried it on. It's an AMD FX 8150.
> It's not dependend on the processor, it's the ram-design thats vulnerable.
>
> If you use ECC chips, you should be safe, thats why cheap hw hosters are
> now in trouble, and professionsal server hw hosters not.

Until we find solid evidence of two bit-flips introduced in the same board; which is, 
given the ease of 1 bit ‘squared’ certainly in the lab within reach.

Over time - attacks always get stronger, never less potent.

Dw. 

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/