Jeep, Specter, Mozilla discussed on Security Now

Security Now


Attack with jeep with gp you because the jeep you has a much shallower cash than the cpu does in order to compromise the device within about two minutes so what's not clear is whether there has been some fuzzy being in the web gl support on those browsers they're all there had been some fussing in timing in in response to melt down and specter earlier this year under the the cert dot org page i went looking to see specifically whether mozilla and and google chrome had responded and nothing was there although in digging around i saw some reference to perhaps this already having been taken advantage of but nothing yet posted publicly so it's not clear certainly both companies no and i'm sure they will be make they will be arranging to limit the the timing accuracy a web g l at essentially that's the that's the crucial thing as we have been seeing a lot lately to determine whether to to for essentially for row hammer to be used to to penetrate cashing is you have to be able to sense whether a particular access was was cashed or not and for that you need to no with very good accuracy what the what the timing was so anyway we do have as gin another instance of are famously often quoted i think it was bruce schneier who said attacks never get worse they only get better and so here's row hammer which you know continues to cause trouble and hopefully downstream we will see some some improvements at the hardware level what we what we know is that it's it's possible to more intelligently refresh de ram either increase the refresh rate which lowers the bandwidth that we can use the ram sort of sensually slows the d ram down but hardens it against attack or probably in the future we're going to see row hammer resistant.

Coming up next