You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
CPU bug wars update: the latest attack against AMD CPUs just leaks memory access patterns. This is basically inherent in how caches work. It's not even a speculation attack. Intel still has the lead in designing CPUs that give up all their secrets *by design* in speculation.
You can only leak memory access patterns with this, not data (all the Intel insanity directly leaks data). We already know data-dependent memory access are unsafe, this has been a problem for decades and any sane crypto code avoids it.
This attack can be used together with Spectre v1 (which is unpatchable in CPUs). The fix here is to add barriers to software where this matters. You can always use memory addressing as a side channel whenever you share memory; this is just one (efficient) way of doing it.
AFAICT the main thing this new attack hurts is ASLR, but honestly, ASLR is becoming less and less relevant in the "you can run code on the target machine" scenario. Way too many side channels to choose from. This is just one of them. ASLR is just a mitigation, not security.
ty for explaining, from what I read it looked like the bog-standard cache timing attack but I'm also not super versed in this area to know for sure
You can eliminate information about *which* cache lines are getting loaded if you tag every cache line with the ASID that was responsible for loading it and refusing to fill cross-ASID requests. Basically emulate a split cache across address spaces / priv boundaries.
The AMD attack leaks *which* lines are getting loaded, which is worse than just leaking that *a* line was getting loaded. But I agree it doesn't appear nearly as grave as some of the Intel bugs.
Yeah, apparently the researchers said it was.
from what i understand, the pathway to be able to do this is non existent without a prior exploit, and at that point its pretty much pointless since you would already have access to kernel land... Right??
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
