※ 引述《inthepeace (peace)》之銘言:
: 原文在此
: https://www.tomshardware.com/news/new-amd-side-channel-attacks-discovered-impa
: cts-zen-architecture
: Google 翻譯
: 格拉茨技術大學發布的一篇新論文詳細介紹了兩種新的“ Take A Way”攻擊,即Collide
: + Probe和Load + Reload,它們可以通過操縱L1D緩存預測變量來洩漏AMD處理器的秘密
: 數據。 研究人員聲稱,該漏洞從2011年到2019年影響所有AMD處理器,這意味著Zen微體
: 系結構也受到影響。
: 好啦,這下開心啦
: 開放c52 723來留言
AMD 回復於此
https://www.amd.com/en/corporate/product-security
Take A Way
3/7/20
We are aware of a new white paper that claims potential security exploits in
AMD CPUs, whereby a malicious actor could manipulate a cache-related feature
to potentially transmit user data in an unintended way. The researchers then
pair this data path with known and mitigated software or speculative
execution side channel vulnerabilities. AMD believes these are not new
speculation-based attacks.
AMD continues to recommend the following best practices to help mitigate
against side-channel issues:
‧Keeping your operating system up-to-date by operating at the latest version
revisions of platform software and firmware, which include existing
mitigations for speculation-based vulnerabilities
‧Following secure coding methodologies
Implementing the latest patched versions of critical libraries, including
those susceptible to side channel attacks
‧Utilizing safe computer practices and running antivirus software
亂翻一通:
Take a way
3/7/20
我們知道最近有一篇論文聲稱AMD的CPU有潛在的安全漏洞。惡意攻擊者有可能藉由操作某
個和快取相關的功能來經由非正規管道傳輸使用者資料。接著,該研究人員將此資料傳輸
路徑和已知且已被修復的軟體或理論式執行端通道弱點(speculative execution side
channel vulnerabilities)搭配在一起。AMD相信這些並不是新的speculation-based
attacks。
AMD持續建議採用以下best practice保護電腦 bla bla bla....