Hertzbleed - it's over for x86lets

Question

Hertzbleed - it's over for x86lets

Blake Hughes

fresh new vuln just dropped!
hertzbleed.com/
github.com/FPSG-UIUC/hertzbleed
M1/M2 users need not worry, amd-pajeets and incels on suicide watch.
Enjoy your locked 3GHZ CPU's KEK

Attached: 1628013666819.png (2048x2048, 158.08K)

June 14, 2022 - 19:38

Andrew Reed

Joke's on you, my CPU runs at 2.8GHz.

June 14, 2022 - 19:40

Jaxson Martinez

don;t care, not patching and not updating anything

June 14, 2022 - 19:41

Tyler Nelson

If it's not doable through browser JS, it doesn't matter for end users.
And all major browsers gimped timing attacks after Spectre.

June 14, 2022 - 19:52

Liam Rodriguez

mitigations=off

June 14, 2022 - 19:56

Adrian Young

>physical access
not my problem, mitigations=off

June 14, 2022 - 20:00

Eli Williams

HAHAHA I know it's just i'm not going to mitigate

June 14, 2022 - 20:03

Adrian Lopez

>force CPU to run at max frequency all the time
:^)

June 14, 2022 - 20:07

Colton Bennett

so what does it do and how am i affected?

June 14, 2022 - 20:10

James Barnes

M1/M2 is vulnerable as well since it downclocks for power management.
This entire "vulnerability" affects every modern CPU and most not-so-modern ones.
It is literally impossible to exploit since even when running at locked frequency you will be deviating by mHz due to spread spectrum needed for EMI certification.

June 14, 2022 - 20:11

Jose Hernandez

>M1/M2 users
>What is pacman
>:^)
Go back.

June 14, 2022 - 20:12

Julian Mitchell

>>:^)
>Go back.
outed yourself as the one needing to go back

June 14, 2022 - 20:20

Benjamin Lewis

>turbo and powersaving are now security vulnerabilities
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

June 14, 2022 - 20:20

Colton Gutierrez

>can't read
literally can be used as a remote oracle, which the authors claimed could be used to break SIKE over the network.

June 14, 2022 - 20:22

Jose Brooks

how does this affect me though?

June 14, 2022 - 20:23

James Rogers

>downclocks for power management.
apparently the downclock doesn't seem to be useful oracle, only the CPUs going into their "turbo" frequencies, hitting thermal limits and throttling back that is useful.

June 14, 2022 - 20:26

Jaxon Morgan

>rockstar vulnerability with its own website
>needs read access to root only MSR and RAPL interfaces
omg all your datas are belong to us!!

Attached: index.gif (466x498, 57.56K)

June 14, 2022 - 20:33

Xavier Morris

>Is Hertzbleed a bug?
>No. [It's a] feature
kek

June 14, 2022 - 20:37

Alexander Diaz

see

June 14, 2022 - 20:41

Andrew Cruz

Only if the attacked service is running alone on a physical core, which literally doesn't happen.
It doesn't. It's a PR smoke screen for Intel's other vulnerability that got released at the same time. A cherry on top is that this "affects" ARM and AMD.

June 14, 2022 - 20:46

Blake Lewis

This is why I don't store any important information on computers.

June 14, 2022 - 20:46

Daniel Cooper

Then don't use a "post-quantum" rockstar security technology enabling pre-quantum security holes.

June 14, 2022 - 20:47

1 2 3 Next

Hertzbleed - it's over for x86lets

Last threads