[ home ] [ pony / rp / canterlot / rules ] [ arch ]

/pony/ - Pony

Ponies and General Posting
Password (For file deletion.)

[Return][Go to bottom]


File: 1557969290639.png (275.21 KB, 1080x1080, 1:1, 1522065211264.png) ImgOps Google

>mfw speculative execution is behind yet another vulnerability                                                                                 


File: 1557976341554.jpeg (30.63 KB, 700x976, 175:244, D39Fs_cUEAAR3oQ.jpeg) ImgOps Google

The kinds of attacks we see nowadays are truly spectacular. I understand how it works and yet I still can't wrap my head around these kinds of side channel attacks. Really very fascination stuff.


File: 1557976828497.jpg (19.32 KB, 289x296, 289:296, Awww Flutter.jpg) ImgOps Exif Google

...what does this mean? is it big trouble?


Was any of that English?


File: 1557979481240.png (19.61 KB, 318x395, 318:395, Oh no! A disturbance!.png) ImgOps Google


No, I think he's speaking in Hacker.


File: 1557980456243.jpg (91.82 KB, 640x896, 5:7, 1430594723378.jpg) ImgOps Exif Google

Suppose that you have two websites open in your browser, a friendly website and a malicious website.  The malicious website's JavaScript is not supposed to be able to read sensitive data that you enter into the friendly website.  But it turns out that the malicious code can time how long it takes the CPU to do certain operations, and this timing can reveal your sensitive data.  It is a slow and noisy channel, but it really can be exploited in practice.  Recent versions of Chrome and Firefox have mitigations against this.  But for extra sensitive information (e.g., Bitcoin private keys), it's still best to power-cycle your machine (and perhaps even leave it powered off for a few seconds to let your DRAM charges dissipate) before visiting any potentially hostile websites.

For cloud hosting where you share the same physical resources as a potentially hostile client -- well, you're well and truly fucked, especially considering that there are probably additional yet-to-be-discovered vulnerabilities of this type.  Physical isolation is the only way to go to really secure your sensitive data.

Retpoline thunks!


File: 1557983058520.png (976.12 KB, 1280x720, 16:9, 1490416352212.png) ImgOps Google

I wonder how long it will take for Intel and AMD to fix the underlying hardware vulnerabilities.  It seems like a difficult fix without degrading performance a lot.


Chain's having a stroke! Someone stuff their wallet in his mouth!


File: 1557983495983.png (80.95 KB, 484x327, 484:327, 133411698921.png) ImgOps Google

Gee... But that sounds like such a primitive technique. Surely the information a hacker gets from that could only be the most cursory, vague information?


IIRC, they had a proof-of-concept that was able to read out credit-card numbers in under a minute of attacking.  Each individual microarchitectural leak is very noisy, but if you combine thousands of them, you can read arbitrary bytes of the application's memory with very high confidence.


File: 1557986731911.jpg (46.55 KB, 640x508, 160:127, tumblr_mtoyhbLMUR1rwbtdpo1….jpg) ImgOps Exif Google

>Physical isolation is the only way to go to really secure your sensitive data.

I'm retreating to the mountains to hide in a cave.  Wish me luck.


This, but unironically.
I'm going to buy myself an old quarry, build a bunch of concrete bunkers inside, and bury the whole thing.


File: 1558060653880.png (8.92 KB, 240x200, 6:5, cowe-such-milk.png) ImgOps Google

Would you keep any livestock?


File: 1558061168753.png (648.84 KB, 1280x720, 16:9, Silverstream 81.png) ImgOps Google

Find an old mine and reinforce a few tunnels. Just don't get lost inside like the meth heads did a couple months back.


File: 1558067523233.jpg (164.62 KB, 1355x1961, 1355:1961, DZOhrD3U8AEVfa3.jpg large.jpg) ImgOps Exif Google

Definitely some chickens. Eggs fresh are always amazing.


The problem with mines is that things tend to be long and narrow.
Quarries are just flat holes in the ground, already. Makes them a tad easier for planning things out, I think.
Bonus points for being able to build upwards.

Mines do get bonus points for already being underground, meaning it's a fair ways cheaper, though.
But, that's also a slight bit of the problem. Already underground makes proper, full supports, a tad more difficult.
Caveins are likely to be an inevitability.


I'm all for hardware security features.

But they also sometimes piss me off. All the designers come up with their own weird solutions.

[Return] [Go to top]
[ home ] [ pony / rp / canterlot / rules ] [ arch ]