Re: [PLUG] Vulnerable Hardware (was: Internet of Exploitable Things (was Seagate NAS))

2015-03-16 Thread Keith Lofstrom
On Mon, Mar 09, 2015 at 01:15:50PM -0700, Tim wrote: > > Here's a related issue, but far far worse than Seagate/TLS issues: > > http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html The problem is row-to-row disturb - and that will depend on how the chips are

Re: [PLUG] Vulnerable Hardware

2015-03-13 Thread Louis Kowolowski
On Mar 9, 2015, at 2:43 PM, Fred James wrote: > > Paul Heinlein wrote: >> On Mon, 9 Mar 2015, Tim wrote: >> >>> Here's a related issue, but far far worse than Seagate/TLS issues: >>> http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html >>> >>> >>> Thanks har

Re: [PLUG] Vulnerable Hardware

2015-03-09 Thread Fred James
Paul Heinlein wrote: > On Mon, 9 Mar 2015, Tim wrote: > >> Here's a related issue, but far far worse than Seagate/TLS issues: >> >> http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html >> >> >> >> Thanks hardware companies for making it impossible to provide

Re: [PLUG] Vulnerable Hardware (was: Internet of Exploitable Things (was Seagate NAS))

2015-03-09 Thread Tim
> So all you need to do is carry around an ECC-equipped desktop or server > (along with cables, monitor, keyboard, pointing device) and you're secure. > Simple fix! =) Well... Not quite. ECC helps, for sure. But if you read the first security-oriented paper on row hammer (linked to in the on

Re: [PLUG] Vulnerable Hardware (was: Internet of Exploitable Things (was Seagate NAS))

2015-03-09 Thread Paul Heinlein
On Mon, 9 Mar 2015, Tim wrote: Here's a related issue, but far far worse than Seagate/TLS issues: http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html Thanks hardware companies for making it impossible to provide local security on any PC with any OS! TFA

[PLUG] Vulnerable Hardware (was: Internet of Exploitable Things (was Seagate NAS))

2015-03-09 Thread Tim
Here's a related issue, but far far worse than Seagate/TLS issues: http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html Thanks hardware companies for making it impossible to provide local security on any PC with any OS! tim _