“The newly developed Rowhammer- attack TRRespass can crack the RAM-a security mechanism by many DDR4-DRAM-modules as well as LPDDR4 Chips. Until now, these were considered to be almost immune to Rowhammer attacks.”
Zombieload is back.
“This time a new variant (v2) of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants (RIDL and Fallout).” (src: thehackernews.com)
“In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAMs, like Rowhammer, RAMBleed, Spectre, and Meltdown.
“Have you ever noticed they all had at least one thing in common?”
Attacks against RAM stored private keys of OpenSSH!
everyone makes mistakes – but Intel i really start to hate you now.
Intel should ship all their customers with fixed CPUs (it is not an implementation flaw, it is a design flaw, so modifications to the architecture needs to be made) for free or be demolished forever by ARM or even better: RISC-V
Intel’s 11th-generation ‘Ice Lake’ CPUs will have fixes for Meltdown, Spectre(?) (src)
it comes with Thunderbold 3 and Wifi 6 on board.
Mai 2019: first waver chips shown on stage.
you can not buy them yet in July 2019.
„The RISC-V Foundation says that no currently announced RISC-V CPU is vulnerable to Meltdown and Spectre“ (src: tomshardware.com)
this is by far the biggest fail in CPU history – it is not an implementation error – it is an design error – it’s like when the architect designs a house to be super efficient – but the house’s design has a weak spot – and if you use a small hammer on it – the front door will collapse and any thief can enter and steal.
“As a proof-of-concept, many researchers demonstrated their side-channel attacks against OpenSSH application installed on a targeted computer, where an unprivileged attacker-owned process exploits memory read vulnerabilities to steal secret SSH private keys from the restricted memory regions of the system.”
Module name: src Modified files: usr.bin/ssh : authfd.c authfd.h krl.c krl.h ssh-agent.c ssh-keygen.c sshconnect.c sshconnect.h sshd.c sshkey.c sshkey.h Log message: Add protection for private keys at rest in RAM against speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB).
more info: marc.info
where are the sources?
Normal OpenSSH development produces a very small, secure, and easy to maintain version for the OpenBSD project. The OpenSSH Portability Team takes that pure version and adds portability code so that OpenSSH can run on many other operating systems (Unfortunately, in particular since OpenSSH does authentication, it runs into a *lot* of differences between Unix operating systems).
The OpenSSH provided here is designed to run on the following Unix operating systems:
- SNI/Reliant Unix
- Digital Unix/Tru64/OSF
- Mac OS X
- … and more are being added all the time.
what to do?
install the latest version of OpenSSH and apply all patches.
# check your installed version of ssh ssh -V