[The Exiled]

Intel CPUs fall to new hyperthreading exploit that pilfers crypto keys

Citiraj:

PortSmash, as the new attack is being called, exploits a largely overlooked side-channel in Intel’s hyperthreading technology. Utilizing this attack, researchers were able to steal the private decryption key from an OpenSSL thread running in the same core as their exploit. While the researchers have only tested this vulnerability against Intel Skylake and KabyLake processors, they also expect it to work on AMD Ryzen processors. The only way to mitigate this attack is to disable SMT/Hyper-threading on a computer, which OpenBSD has already done by default since this summer when another timing attack was released called TLBleed. Intel has already removed hyper-threading from their new 9th generation gaming CPUs in order to offer hardware protection from Meltdown v3 and the L1 Terminal Fault vulnerabilities.

Izvor: ArsTechnica i BleepingComputer

• The Intel Microcode Boot Loader Protects Older CPUs From Spectre
  
  
• Spectre, Meltdown researchers unveil 7 more speculative execution attacks
  
  
• The Spectre/Meltdown Performance Impact On Linux 4.20, Decimating Benchmarks With New STIBP Overhead