| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACqxkWKymXeRNT0fwbV20ffoy_4VPw1Bop_G2Nh_=HhnguvB=Q@mail.gmail.com> Date: Fri, 13 Mar 2015 01:07:11 +0000 From: Nick Boyce <nick.boyce@...il.com> To: fulldisclosure@...lists.org Subject: Re: [FD] 'Rowhammer' - Software-triggered DRAM corruption On 12 March 2015 at 20:31, Aris Adamantiadis <aris@...code.be> wrote: > Le 12/03/15 17:00, Nick Boyce a écrit : > >> ... Google was only able to make the attack >> work on laptops - desktop machines so far >> remaining unaffected. >> >> [I *knew* it was a good idea to hang on to >> that old Athlon XP desktop :-)] >> > There are countless reports of the attack > working on desktops. It worked on one of > the two non-ecc desktops I've tried it on. > It's an AMD FX 8150. Damn - that's disappointing :-/ I see you're right - there's a lot of activity: https://groups.google.com/group/rowhammer-discuss/ >> The authors state that ECC does not help, >> which is puzzling. This post: http://blog.erratasec.com/2015/03/some-notes-on-dram-rowhammer.html explains that ECC is only going to correct single bit fails, and likely crash the machine on double-bit fails, but that multi-bit fails (which the Google tool achieves) may evade the ECC and achieve the goal. https://github.com/google/rowhammer-test I'm off to find some machines to test. Nick -- Coding is easy; All you do is sit staring at a terminal until the drops of blood form on your forehead. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists