arrow_upward

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
RAMBleed - Reading Bits in Memory Without Accessing Them
#1
[Image: WOu5qUS.png]
RAMBleed - Reading Bits in Memory Without Accessing Them


A new security hole affects millions of devices such as mainly computers and servers. The research team that found the hole has dubbed it "RAMBleed". The reason for this name is quit a simple one. The security hole causes information leaks from physical RAM, allowing access to information without actually having direct access to the memory addresses and their content. An attacker can read the memory content of another process and steal information this way.

The research team has setup a information site for the security hole like many other research teams did before. They have published all information on the site. As a proof for the paper they used the attack to leak a RSA-2048 SSH key from a server with OpenSSH. Thus ripping a hole into the SSH public key authentication that is outside of the control of the SSH server.


URL to the site: https://rambleed.com/

More information, a FAQ and the paper are to be found on the homepage Smile .
[Image: zHHqO5Q.png]
#2
If I am not wrong, isn't these one of the new issues found with the Intel processors, or is this unrelated to that?
Thanks to ShadowHosting and Post4VPS for my VPS 5!
#3
Thanks to HR for posting this news. I read about rowhammer and thought about use of probability based attacks to not write but read. Now this confirms that that was possible all along. I am even more worried cause ECC rams give better signals to enable this reading method.

Here I note down the main points according to me...

1) It can read the bits above and below your own allowed bits. They used special softwares/techniques to place the ssh key exactly where they needed it to be to read the key using this attack. That is in the adjacent rows.

"So don't worry that any data can be easily read using this from your ram."

They also mention that they don't think it is being used in the wild.

2) "Use DDR4 with TRR enabled to make it much harder" to pull it off even if one uses those special methods to place target data wherever they need it to be.

Lastly,
this is unrelated to those new vulnerabilities found in Intel processors. Here 'those' means 'meltdown' and 'spectre'.

Some relevant info on Meltdown and spectre.

1) Meltdown & Spectre is not confined to Intel cpus or x86 architecture.

2) Meltdown can be used on most processors using out-of-order code execution and Spectre on CPUs using branch prediction.

Hence many intel, amd, power pc and arm systems are left vulnerable.

3) Meltdown is easier to tackle by improving methods of access permission check and hardening boundaries. But some versions of spectre will haunt us longer. Cause branch prediction is a much more important and heavily used method to enhance processor speed with no alternatives in sight.

4) There are many software pathches for the aboves which i guess will be easier to circumvent.
So my approach would be to buy latest processors and harden the best you can and keep track of all that and revisit it often when doung security reviews of your systems.
Sincere Thanks to VirMach for my VPS9. Also many thanks to Shadow Hosting and cubedata for the experiences I had with their VPSs.


person_pin_circle Users browsing this thread: 1 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting