[Info-vax] Throwhammer, remote Rowhammer via RDMA (was Re: CVE-2018-8897 Privilege Escalation due to widespread misunderstanding of x86-64 privileged instruction semantics)

[Simon Clubley]

On 2018-05-10, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>
> More security fun, a remote rowhammer via RDMA.
>
> "Throwhammer: Rowhammer Attacks over the Network and Defenses"
>
> https://arstechnica.com/information-technology/2018/05/attackers-trigger-rowhammer-bit-flips-by-sending-network-packets-over-a-lan/ 
>
>
> Which means memory-level rowhammer detection, or faster or smarter 
> (TRR/pTRR) refresh support.  ECC alone isn't quite enough.
>
> DDR-related hardware updates for Itanium and Alpha systems are just not 
> going to happen.
>

At the rate things are developing, we are all going to be going back
to using 32/64/128MB EDO/FPM memory based systems if we want a reasonably
secure hardware platform.

Of course, that means you won't be able to autogenerate GB of code
to add a few numbers together and will have to actually know how
all the layers in a computer work. :-)

I say the above in jest, but I wouldn't mind betting that some
people are seriously wondering if returning to much older technology
is one way to get a more secure hardware platform.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world