ASLR, again.
-
The news just came out today on ArsTechnica: they have discovered a vulnerability related to ASLR (Address Space Layout Randomization) that allows bypassing this protection and makes Intel processors (the news exposes Haswell) potential victims of malware.
Despite the date of the news, the issue is not new, and since its implementation in the SSOO, (if we move with the Linux calendar, since 2001, if we use the Microsoft calendar, since Windows Vista) vulnerabilities have been discovered.
We will see what happens with all this.
-
That's the bad thing about implementing hardware-based security measures: you can't just download a processor update to fix it.
Toda la actualidad en la portada de Hardlimit
Mis cacharros -
@cobito said in ASLR, again.:
That's the bad thing about implementing hardware security measures: you can't download a processor update to fix it.
You can always disable/correct via bios update. It's done many times with bugs in processors.
-
@kynes Yes, but software can only fix hardware functionality issues, not security issues. If ASLR is not secure, there is no solution: it ceases to be a hardware security measure.
Toda la actualidad en la portada de Hardlimit
Mis cacharros -
@cobito true, I hadn't thought of that. Is this what AMD includes an ARM processor for in their new micros? In that case it would be a "programmable hardware solution"
-
@kynes Well, as far as I know, AMD's Platform Security Processor checks the firmware signature at each startup to see if it has been modified. The key is "burned" into the hardware so it can't be modified. So, if there is a modification to the firmware that controls the PSP through the ARM micro, the system will be in a permanent reset state, making it unusable.
So a security flaw there has no solution either.
There are some entries on the front page about these systems:
· AMD's security problems
· Intel Management Engine, the well-known "backdoor" of Intel
· Unfixable security problems in the x86 platform
· Intel's x86 platform, considered harmful by a security expertAnd here, one of the people responsible for bringing these issues to light.
Toda la actualidad en la portada de Hardlimit
Mis cacharros
