https://community.isc2.org/t5/Industry-News/Foreshadowing-the-end-of-computing-as-we-know-it/m-p/13822#M1456 <P>Like I told you, it's all about having <A href="https://community.isc2.org/t5/Industry-News/The-Spectre-of-multi-core-CPUs/m-p/10827#M1002" target="_blank">multi-core CPUs and race conditions</A>.</P><P>&nbsp;</P><P>First came Spectre and Meltdown.</P><P>&nbsp;</P><P>Now we've got <A href="https://foreshadowattack.eu/" target="_blank">Foreshadow</A>, which can grab protected information even under virtual machine and hypervisor situations.&nbsp; (That is a good overview paper, but you can also get some <A href="https://twitter.com/yuvalyarom/status/1029413004000088066" target="_blank">random discussion from Twitter</A>.)</P><P>&nbsp;</P><P>But this stuff isn't new.&nbsp; Apparently someone found a <A href="https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html" target="_blank">four byte jump from ring 3 (user space) to ring 0 (the root kernel) in old x86s</A>.&nbsp; (Don't know why they bothered, since almost everyone ran everything in root mode anyway, but ...)</P> Mon, 09 Oct 2023 08:54:31 GMT rslade 2023-10-09T08:54:31Z https://community.isc2.org/t5/Industry-News/Foreshadowing-the-end-of-computing-as-we-know-it/m-p/13822#M1456 <P>Like I told you, it's all about having <A href="https://community.isc2.org/t5/Industry-News/The-Spectre-of-multi-core-CPUs/m-p/10827#M1002" target="_blank">multi-core CPUs and race conditions</A>.</P><P>&nbsp;</P><P>First came Spectre and Meltdown.</P><P>&nbsp;</P><P>Now we've got <A href="https://foreshadowattack.eu/" target="_blank">Foreshadow</A>, which can grab protected information even under virtual machine and hypervisor situations.&nbsp; (That is a good overview paper, but you can also get some <A href="https://twitter.com/yuvalyarom/status/1029413004000088066" target="_blank">random discussion from Twitter</A>.)</P><P>&nbsp;</P><P>But this stuff isn't new.&nbsp; Apparently someone found a <A href="https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html" target="_blank">four byte jump from ring 3 (user space) to ring 0 (the root kernel) in old x86s</A>.&nbsp; (Don't know why they bothered, since almost everyone ran everything in root mode anyway, but ...)</P> Mon, 09 Oct 2023 08:54:31 GMT https://community.isc2.org/t5/Industry-News/Foreshadowing-the-end-of-computing-as-we-know-it/m-p/13822#M1456 rslade 2023-10-09T08:54:31Z https://community.isc2.org/t5/Industry-News/Foreshadowing-the-end-of-computing-as-we-know-it/m-p/13849#M1464 <P>VMWare poke one of my admins this morning with just such a warning or to be more succinct a corporate CYA moment.&nbsp;</P><P>&nbsp;</P><P>Since following this vulnerability since last week and see the natural progression from theory to NMap to some exploit code but nothing wide spread yet or is this actually being exploited under our noses without notice?</P><P>Thus far it appears that you'd have to be near the hypervisor itself while reading a vulnerable machine through a tunnel while conversing with a free range unicorn under cover of darkness.</P><P>&nbsp;</P><P>Thus far I am not seeing the opportunity to win this trifecta several times in a row or at least in this environment.</P><P>&nbsp;</P><P>Could someone give me a reasonable scenario or example of exploitation, please?</P><P>&nbsp;</P><P>B/Eads</P> Mon, 20 Aug 2018 20:42:00 GMT https://community.isc2.org/t5/Industry-News/Foreshadowing-the-end-of-computing-as-we-know-it/m-p/13849#M1464 Beads 2018-08-20T20:42:00Z https://community.isc2.org/t5/Industry-News/Foreshadowing-the-end-of-computing-as-we-know-it/m-p/13856#M1468 &gt; Beads (Contributor II) posted a new reply in Industry News on 08-20-2018 04:42<BR /><BR />&gt; &nbsp; &nbsp; Since following this vulnerability since<BR />&gt; last week and see the natural progression from theory to NMap to some exploit<BR />&gt; code but nothing wide spread yet or is this actually being exploited under our<BR />&gt; noses without notice?<BR /><BR />Nope, no exploit yet.<BR /><BR />Yeah, I figure you're right: it'd be pretty specialized. However, it does indicate<BR />how bad and complicated the race condition problems are, and that it needs ot be<BR />fixed.<BR /><BR />I remember reviewing a book on optimization, with a great quote on the topic:<BR />"Optimizations always bust things, because all optimizations are, in the long haul,<BR />a form of cheating, and cheaters eventually get caught."<BR />- Larry Wall<BR /><BR />====================== (quote inserted randomly by Pegasus Mailer)<BR />rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org<BR />A: Yes.<BR />&gt; Q: Are you sure?<BR />&gt;&gt; A: Because it reverses the logical flow of conversation.<BR />&gt;&gt;&gt; Q: Why is top posting frowned upon?<BR />victoria.tc.ca/techrev/rms.htm <A href="http://www.infosecbc.org/links" target="_blank">http://www.infosecbc.org/links</A><BR /><A href="http://blogs.securiteam.com/index.php/archives/author/p1/" target="_blank">http://blogs.securiteam.com/index.php/archives/author/p1/</A><BR /><A href="http://twitter.com/rslade" target="_blank">http://twitter.com/rslade</A> Mon, 20 Aug 2018 23:54:05 GMT https://community.isc2.org/t5/Industry-News/Foreshadowing-the-end-of-computing-as-we-know-it/m-p/13856#M1468 rslade 2018-08-20T23:54:05Z