Fwd: Re: [Cryptography] "Flip Feng Shui: Hammering a Needle in the Software Stack"
John
jnn at synfin.org
Sat Sep 3 16:52:26 PDT 2016
I need to upgrade to an actual 1U instead of my current VPS solution, heh ;)
Then again... I wonder who I'm sharing a hypervisor with...
John
On September 3, 2016 2:19:38 AM EDT, Georgi Guninski <guninski at guninski.com> wrote:
>----- Forwarded message from Georgi Guninski <guninski at guninski.com>
>-----
>
>Date: Sat, 3 Sep 2016 08:49:34 +0300
>From: Georgi Guninski <guninski at guninski.com>
>To: Jerry Leichter <leichter at lrw.com>
>Cc: Florian Weimer <fw at deneb.enyo.de>, Cryptography List
><cryptography at metzdowd.com>
>Subject: Re: [Cryptography] "Flip Feng Shui: Hammering a Needle in the
>Software Stack"
>
>On Fri, Sep 02, 2016 at 10:56:10AM -0400, Jerry Leichter wrote:
>> > Why bother with patching public keys, making them amenable to
>> > factorization, if you can patch executable code instead?
>> >
>> > If you can target executable code (and I see why not, it's all the
>> > same to KSM), it is very clear that there cannot be a software-only
>> > defense....
>> The technique cannot be aimed exactly: You can flip some
>unpredictable, uncontrollable subset of the bits in a word. (The
>vulnerability of particular bits is dependent on physical variations in
>the memory cells.)
>>
>...
>> Attacks against the executable code are certainly the worst case, and
>you might be able to find security-sensitive but very rarely executed
>code to attack. But this is likely much harder to pull off than the
>attack outlined here.
>>
>
>Flipping random bits in a word at chosen location is very powerful
>primitive.
>
>I am taking bets that it is moderately easy to exploit via many
>vectors.
>
>Flipping random bits of zero word make it nonzero.
>
>In a boolean context, this flips False and True, screwing the logic.
>
>eg in:
>
>if(is_root || is_authorized) give_em_power();
>else drop_em();
>
>
>
>----- End forwarded message -----
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2740 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20160903/088721b5/attachment.txt>
More information about the cypherpunks
mailing list