Re: Uh Oh - NEW Data Leak Found in Intel Processors

On 24/05/2025 11:08, Richard Kettlewell wrote:

c186282 <c186282@nnada.net> writes:

On 5/22/25 4:16 PM, Richard Kettlewell wrote:

I don’t think that’s correct. The BPRC attack breaches user/kernel,
guest/host and application-internal boundaries (i.e. it undermines
IBPB). Much wider impact than cloud service providers.
https://comsec.ethz.ch/wp-content/files/bprc_sec25.pdf
is the full paper.

>
   Theoretically true. In PRACTICE however, it's a kinda
   difficult breech technique - so expect it to be almost
   entirely confined to "big"/"important" targets.

 Read the paper. The user/kernel version of the exploit is not
theoretical; they built it. The data leakage rate quoted is based on
measurement, not analysis.
 

   "Home", "smaller biz", nope.

 That’s rather naive. Domestic users are absolutely a target. For example
when building a botnet the ownership of the endpoints is totally
irrelevant - it’s all about quantity, not quality.
 

Ah. Do you think this is the easiest way to build a botnet?
My impression is that the technical lack of sophistication of most ratware apps is only exceeded by the complete disregard of basic security on internet connected hosts.
How many bots knocking on my doors trying to ssh in as 'root' Or login to a pop or SMTP server using 'user@domain' identities?

   STILL needs to be fixed ... but can EXISTING
   chips be fixed without trashing performance ?

 Read the paper, they quote the performance cost of mitigations.
 

Its technically a very interesting flaw. How serious in real life is unknown.
--
Truth welcomes investigation because truth knows investigation will lead to converts. It is deception that uses all the other techniques.