Servers running on proprietary software not affected. Windows wins again.
 It's All Fucked Shirt $22.14 |
 |
It's All Fucked Shirt $22.14 |
ALL open source software is vulnerable to Rowhammer
Servers running on proprietary software not affected. Windows wins again.
It's All Fucked Shirt $22.14 |
|
It's All Fucked Shirt $22.14 |
Does that mean anyone can l33t h4x my public servers?
>software mitigation that effectively reduces performance
just get ECC memory you moron
This is false. Row hammer was partially mitigated, but not completely. That's true across all machines (well, all modern ones) and is not an open source vs proprietary issue.
Actual midwits spouting the approved reddit consensus with zero critical thinking.
You CAN'T know how to exploit rowhammer on a closed source system. An open source system gives you the exact memory layout of the secrets and flags.
That's not how PIC or KLSR wokr
You don't know how rowhammer (very simple concept) works.
There is no consistent way to get access to physical memory physically located near other physical memory on any modern system. Period.
I'm running Alpine Linux and have NSD exposed. When will someone rowhammer me? Sounds so dirty.
If you are going to develop a row hammer attack on some software, you are going to be analyzing compiled binaries that you have reverse engineered, regardless of whether they are open source or closed source. Source code won't tell you the exact locations of a lot of data in memory, since the compiler is free to optimize this.
>another midwit
I'm not even going to bother with this one. I'll let you find all the 3 errors yourself.
You are making no arguments in this thread other than the baseless claim that understanding memory layout is only possible in an open source system. Protip: there are numerous other memory-related vulnerabilities that are regularly discovered in proprietary software using techniques that do not involve analyzing the source code. Compiled binaries aren't a black box. They're more difficult to analyze than source code, but not impossible. And security researchers have the time and money to analyze compiled binaries.
What binaries you moron? It's on a server.
If the server is running commercial software, it can still be analyzed. Additionally, I would note that there are limitations to performing rowhammer remotely. If you are capable of obtaining execution permissions to execute rowhammer locally on the server, you are also capable of exfiltrating the binary for analysis.
This doesn't happen with DDR5 and never happened if you actually ran your memory inside its Intel spec (which nobody ever did because gaymer motherboard had a button to make it go faster).
>This doesn't happen with DDR5
wrong
>never happened if you actually ran your memory inside its Intel spec (which nobody ever did because gaymer motherboard had a button to make it go faster).
>making stuff up
Yeah I definitely trust you a random freetard on the internet over the NSA.
>over the NSA
what
The National Security Administration. The only good source of security information not because they are a government agency but because they employ every competent hacker that isn't in jail and half that are.
And what do they have to say on this issue, pray tell? Because I doubt it is anything remotely similar to the nonsense in OP.
No you moron, I meant that NSA didn't ever claim that DDR5 RAM is unaffected by rowhammer
yeah they did
Did you forget to take your meds? It didn't happen
also the make-believe Intel RAM specs and mobo speed up button
Intel validates their platforms to support a certain RAM speed specifically to go as fast as possible without bit flips. Hardware OEMs and BIOS vendors market and use a number 40-100% higher than that. This isn't new.
But it's not users' fault nor can they do anything about it
Here:
https://learn.microsoft.com/en-us/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity
but it effectively slows down memory access
>it's not users' fault nor can they do anything about it
All they have to do is not enable XMP/DOCP. In all but the worst chinkshit it's off by default because they don't want to get sued by businesses. But every Y*uT*ber has spent a decade telling everyone to turn it on so "good with computers" midwits are enabling global Chinese botnets.
Seriously, exactly how many people do you think ever access BIOS settings?
Everyone with a "smart grandson" that watches linus tech tips
I don't care about these exploits.
Maybe all this rowhammer stuff is just made up. Nobody has ever rowhammered my servers and obtained any of my deep dark secrets.
qrd?
Works on my c2d ddr2 machine.
This is a hardware exploit, all software is vulnerable to it.
>Vulnerability L1tf: Mitigation; PTE Inversion
>Vulnerability Mds: Vulnerable; SMT Host state unknown
>Vulnerability Meltdown: Vulnerable
>Vulnerability Mmio stale data: Vulnerable
>Vulnerability Retbleed: Vulnerable
>Vulnerability Spec store bypass: >Vulnerable
Vulnerability Spectre v1: Vulnerable
How long until someone pops my DNS server?
Imagine if they were grouped like the first spot lmao
Row hammer is a hardware vulnerability. Proprietary software is no more secure against it than any other software.
>buzzword spam
This is how you know it's a pajeet.