Beside Downfall, read https://www.theregister.com/2023/08/08/microsoft_intel_august_patch_tuesday/?td=rt-3a and then your PC feels like a little schoolgirl lost by night in a jungle forest populated by legendary monsters 🙂
- Status
I mentioned SGX because INTEL mentions it in its technical papers (see URLs above) in the context of Downfall a.k.a. Gather Data Sampling (GDS)(*).
This being said, I don't think SGX even needs GDS to leak data through the enclaves boundaries
. INTEL has dropped SGX anyway. It's only in maintenance mode now. It replaced it with TDX.(*) <<...
Impact Summary
Malicious software may be able to infer data previously stored in vector registers1 used by either the same thread, or the sibling thread on the same physical core. These registers may have been used by other security domains such as other virtual machine (VM) guests, the operating system (OS) kernel, or Intel® Software Guard Extensions (Intel® SGX) enclaves. Note that no processors that support Intel® Trust Domain Extension (Intel® TDX) are affected by GDS.
...>>
"Intel's dominance in the server market means that everyone on the internet is affected, and that "in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer".
How straightforward would it be to determine whether this exploit is via government sanctioned covert backdoors? Or can't you tell those from your common garden variety security holes?
How straightforward would it be to determine whether this exploit is via government sanctioned covert backdoors? Or can't you tell those from your common garden variety security holes?
- Jan 20, 2010
- 18,987
- 10,090
- 79,540
Very unlikely to be a planted backdoor.
First, it's not very easy to use in a predictable manner. Using it is a little like a fishing expedition, in that the data you capture is a somewhat random sampling, and then you have the problem of trying to figure out what you got.
More importantly, a key principle of security (whether physical or "cyber") is to maintain asymmetry of access between yourself and anyone else. In other words, you want backdoors to be extremely hard to find & exploit for your adversaries, criminals, and anyone else. While this is obscure, it doesn't meet that test.
I'm no security expert, but I think these side-channel attacks all have very plausible engineering-related causes and don't "smell" like backdoors.
It occurred to me after posting on this that maybe it would be even illegal to report on government mandated backdoors (in some countries where they do this). In that case, you'd never find out and maybe only a few people with deep knowledge of the product would know about it.
The other thought that occurred to me later was that you would think that backdoors would inevitably be discovered by criminals and/or hackers, then exploited beyond the intentions of governments etc (which goes to your "test" of asymmetry. In other words, whilst recognising your goal of such backdoors, I don't think that that is possible in practice). In that case, you could say that the benefit of the backdoor to governments is outweighed by the detriment of criminal abuse of the backdoor, hence the need to expose "security holes" of compromised products in order to end criminal abuse of them.
- Jan 20, 2010
- 18,987
- 10,090
- 79,540
In the USA, it's generally legal to report on something related to national security that's independently discovered. What would be illegal is to obtain or disseminate classified documents. Even then, there's a "public interest" defense in doing so, but I don't know how well-tested it's been, in court.
Even if it were the case that it couldn't be reported in one country, the information could be passed to another country and reported from there. So, as long as we're talking about independent discovery, it'd be pretty difficult to keep the information from getting out.
FWIW, some of the highest-profile cases in recent history, where classified information was disseminated by US journalists were the Wikileaks and Snowden cases. In neither instance were the reporters, themselves, actually prosecuted.
This sort of conjecture isn't very constructive. It's really the stuff of conspiracy theories. Let's please focus on facts.
- Backdoors can be used against the government, its contractors, suppliers, etc. Therefore, collateral damage cannot simply be limited to civilians unaffiliated and not affecting the operation and functioning of the government.
- Because you cannot bound the amount of damage that could be wrought if an adversary or criminals discovered a backdoor, that supposed calculus is effectively impossible.
- The NSA has both an offensive and defensive mandate. Wikipedia states: "The NSA is also tasked with the protection of U.S. communications networks and information systems.[8][9]"
- Status
TRENDING THREADS
-
-
-
-
News Nvidia may release the RTX 5080 and 5070 Super with boosted memory configurations according to leaker- Started by Admin
- Replies: 34
-
Discussion What's your favourite video game you've been playing?- Started by amdfangirl
- Replies: 4K
-
Latest posts
-
-
Info Certification Introduction - An In-depth Introduction to RED Network Security!! Coming Soon!
- Latest: Testing and Certif-Xavier
-
-
-
-
Facebook
Twitter
Instagram