※ 引述《inthepeace (peace)》之铭言:
: 原文在此
: https://www.tomshardware.com/news/new-amd-side-channel-attacks-discovered-impa
: cts-zen-architecture
: Google 翻译
: 格拉茨技术大学发布的一篇新论文详细介绍了两种新的“ Take A Way”攻击,即Collide
: + Probe和Load + Reload,它们可以通过操纵L1D缓存预测变量来泄漏AMD处理器的秘密
: 数据。 研究人员声称,该漏洞从2011年到2019年影响所有AMD处理器,这意味着Zen微体
: 系结构也受到影响。
: 好啦,这下开心啦
: 开放c52 723来留言
AMD 回复于此
https://www.amd.com/en/corporate/product-security
Take A Way
3/7/20
We are aware of a new white paper that claims potential security exploits in
AMD CPUs, whereby a malicious actor could manipulate a cache-related feature
to potentially transmit user data in an unintended way. The researchers then
pair this data path with known and mitigated software or speculative
execution side channel vulnerabilities. AMD believes these are not new
speculation-based attacks.
AMD continues to recommend the following best practices to help mitigate
against side-channel issues:
‧Keeping your operating system up-to-date by operating at the latest version
revisions of platform software and firmware, which include existing
mitigations for speculation-based vulnerabilities
‧Following secure coding methodologies
Implementing the latest patched versions of critical libraries, including
those susceptible to side channel attacks
‧Utilizing safe computer practices and running antivirus software
乱翻一通:
Take a way
3/7/20
我们知道最近有一篇论文声称AMD的CPU有潜在的安全漏洞。恶意攻击者有可能借由操作某
个和快取相关的功能来经由非正规管道传输使用者资料。接着,该研究人员将此资料传输
路径和已知且已被修复的软件或理论式执行端通道弱点(speculative execution side
channel vulnerabilities)搭配在一起。AMD相信这些并不是新的speculation-based
attacks。
AMD持续建议采用以下best practice保护电脑 bla bla bla....