| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <3EFAE7B3-A9B0-4EB8-8A81-7B30E4C84285@webweaving.org> Date: Mon, 16 Mar 2015 10:32:03 +0100 From: Dirk-Willem van Gulik <dirkx@...weaving.org> To: fulldisclosure <fulldisclosure@...lution-hosting.eu> Cc: fulldisclosure@...lists.org Subject: Re: [FD] 'Rowhammer' - Software-triggered DRAM corruption > On 13 Mar 2015, at 11:32, fulldisclosure <fulldisclosure@...lution-hosting.eu> wrote: > > Am 12.03.2015 um 21:31 schrieb Aris Adamantiadis: >> Le 12/03/15 17:00, Nick Boyce a écrit : >> >>> Also, this may only affect SODIMMs, not DIMMs, as Google was only able >>> to make the attack work on laptops - desktop machines so far remaining >>> unaffected. >>> >>> [I *knew* it was a good idea to hang on to that old Athlon XP desktop :-)] >>> >> There are countless reports of the attack working on desktops. It worked >> on one of the two non-ecc desktops I've tried it on. It's an AMD FX 8150. >> > It's not dependend on the processor, it's the ram-design thats vulnerable. > > If you use ECC chips, you should be safe, thats why cheap hw hosters are > now in trouble, and professionsal server hw hosters not. Until we find solid evidence of two bit-flips introduced in the same board; which is, given the ease of 1 bit ‘squared’ certainly in the lab within reach. Over time - attacks always get stronger, never less potent. Dw. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists