From 7d80648d885afde48965aff2ba3514641fe6911c Mon Sep 17 00:00:00 2001 From: pterocles Date: Sun, 14 Aug 2022 09:57:07 -0400 Subject: [PATCH 1/7] Doc: Microarchitecture bugs in Intel and AMD CPUs Add information about microarchitecture bugs It's been a very busy year for Intel and AMD CPUs. Researchers have discovered bugs left and right. One of them was revealed recently and I felt compelled to add not only it but also information regarding other types of attacks that aren't yet in the guide. Signed-off-by: pterocles --- guide.md | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/guide.md b/guide.md index f1ce0b9..99d7a43 100644 --- a/guide.md +++ b/guide.md @@ -106,6 +106,7 @@ Finally note that this guide does mention and even recommends various commercial - [Your Wi-Fi or Ethernet MAC address:] - [Your Bluetooth MAC address:] - [Your CPU:] + - [Types of Attacks:] - [Your Operating Systems and Apps telemetry services:] - [Your Smart devices in general:] - [Yourself:] @@ -861,18 +862,36 @@ These have already been affected by several security vulnerabilities in the past There are some not so straightforward ways[^107] to disable the Intel IME on some CPUs and you should do so if you can. For some AMD laptops, you can disable it within the BIOS settings by disabling PSP. -Note that to AMD's defense, so far and AFAIK, there were no security vulnerabilities found for ASP and no backdoors either: See [[Invidious]][77]. In addition, AMD PSP does not provide any remote management capabilities contrary to Intel IME. +Note that, to AMD's defense, there were no security vulnerabilities found for ASP and no backdoors either. See [[Invidious]][77]. In addition, AMD PSP does not provide any remote management capabilities contrary to Intel IME. If you are feeling a bit more adventurous, you could install your own BIOS using Libreboot or Coreboot [^108] if your laptop supports it (be aware that Coreboot does contain some propriety code unlike its fork Libreboot). -In addition, some CPUs have unfixable flaws (especially Intel CPUs) that could be exploited by various malware. Here is a good current list of such vulnerabilities affecting recent widespread CPUs: [[Wikiless]][78] [[Archive.org]][79] - Check yourself: -- If you are using Linux you can check the vulnerability status of your CPU to Spectre/Meltdown attacks by using [[Archive.org]][80] which is available as a package for most Linux distros including Whonix. +- If you are using Linux you can check the vulnerability status of your CPU to Spectre/Meltdown attacks by using [[Archive.org]][80] which is available as a package for most Linux distros including Whonix. Spectre is a transient execution attack. There is also PoC code for Spectre v1 and v2 on iPhone devices here: [[Archive.org]](https://web.archive.org/web/20220814122148/https://github.com/cispa/BranchDifferent) and here [[Archive.org]](https://web.archive.org/web/20220814122652/https://misc0110.net/files/applespectre_dimva22.pdf) - If you are using Windows, you can check the vulnerability status of your CPU using inSpectre [[Archive.org]][81] +### Types of Attacks: + +Some CPUs have unfixable flaws (especially Intel CPUs) that could be exploited by various malware. Here is a good current list of such vulnerabilities affecting recent widespread CPUs: [[Wikiless]](https://wikiless.org/wiki/Transient_execution_CPU_vulnerability) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability) + +Transient execution attacks (formerly called speculative execution side channel methods) and select security issues plague many Intel CPUs. Here you can check your CPU against affected micro-processors [[Archive.org]](https://web.archive.org/web/20220814123250/https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html). + +The Advanced Programmable Interrupt Controller (APIC) is an integrated CPU component responsible for accepting, prioritizing, and dispatching interrupts to logical processors (LPs). The APIC can operate in xAPIC mode, also known as legacy mode, in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page. + +Enter AEPIC (stylized ÆPIC), the first architectural CPU bug that leaks stale data from the microarchitecture without using a side channel. It architecturally leaks stale data incorrectly returned by reading undefined APIC-register ranges. This novel method was revealed in the paper *ÆPIC Leak: Architecturally Leaking Uninitialized Data from the +Microarchitecture* which you can read here: [Borrello2022AEPIC](https://aepicleak.com/aepicleak.pdf) [[Archive.org]](https://web.archive.org/web/20220812101719/https://aepicleak.com/aepicleak.pdf) + +Model-specific registers (MSRs) and their configuration bits can also be detected automatically on Intel and AMD CPUs: [Kogler2022](https://github.com/IAIK/msrevelio) [[Archive.org]](https://web.archive.org/web/20220814125349/https://andreaskogler.com/papers/msrtemplating.pdf). This allows an attacker (with heavy knowledge of CPU functionality) to view information about the MSRs, which are essentially special CPU registers allowing interaction with low-level CPU features and advanced configuration of the CPU's behavior. Modern x86 CPUs have hundreds of these, which are usually documented very little and in increasingly less verbosity over the past few years. + +#### Some other microarchitecture bugs: + +- [PLATYPUS](https://platypusattack.com/) [[Archive.org]](https://web.archive.org/web/20220814132343/https://platypusattack.com/) - Software-based Power Side-Channel Attacks on x86, which shows how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel and break kernel address-space layout randomization (KASLR). +- [SQUIP](https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) [[Archive.org]](https://web.archive.org/web/20220812082548/https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) - Scheduler Queue Usage via Interface Probing. All of AMD's Zen CPUs are vulnerable to a medium-severity flaw which can allow threat actors to run side-channel attacks. + +This guide won't go too deep into side-channel and microarchitecture attacks but we will highlight some issues with both Intel and AMD CPU architectures that will be mitigated throughout. It's important to recognize hardware is just as susceptible to bugs, and therefore exploitation, regardless of manufacturer. + Some of these can be avoided using Virtualization Software settings that can mitigate such exploits. See this guide for more information [[Archive.org]][82] (warning: these can severely impact the performance of your VMs). We will therefore mitigate some of these issues in this guide by recommending the use of virtual machines on a dedicated anonymous laptop for your sensitive activities that will only be used from an anonymous public network. @@ -13444,6 +13463,7 @@ See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some t [Your Wi-Fi or Ethernet MAC address:]: #your-wi-fi-or-ethernet-mac-address [Your Bluetooth MAC address:]: #your-bluetooth-mac-address [Your CPU:]: #your-cpu + [Types of Attacks:]: #types-of-attacks [Your Operating Systems and Apps telemetry services:]: #your-operating-systems-and-apps-telemetry-services [Your Smart devices in general:]: #your-smart-devices-in-general [Yourself:]: #yourself @@ -13776,8 +13796,6 @@ See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some t [75]: https://yewtu.be/watch?v=siCk4pGGcqA [76]: https://yewtu.be/watch?v=mYsTBPqbya8 [77]: https://yewtu.be/watch?v=bKH5nGLgi08&t=2834s - [78]: https://wikiless.org/wiki/Transient_execution_CPU_vulnerability - [79]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability [80]: https://web.archive.org/web/https://github.com/speed47/spectre-meltdown-checker [81]: https://web.archive.org/web/https://www.grc.com/inspectre.htm [82]: https://web.archive.org/web/https://www.whonix.org/wiki/Spectre_Meltdown From 7736c42bd7fd4dc009405034ab77296a5f13f53c Mon Sep 17 00:00:00 2001 From: pterocles Date: Sun, 14 Aug 2022 11:01:18 -0400 Subject: [PATCH 2/7] a Signed-off-by: pterocles --- guide.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/guide.md b/guide.md index 99d7a43..e1633a8 100644 --- a/guide.md +++ b/guide.md @@ -889,6 +889,8 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte - [PLATYPUS](https://platypusattack.com/) [[Archive.org]](https://web.archive.org/web/20220814132343/https://platypusattack.com/) - Software-based Power Side-Channel Attacks on x86, which shows how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel and break kernel address-space layout randomization (KASLR). - [SQUIP](https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) [[Archive.org]](https://web.archive.org/web/20220812082548/https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) - Scheduler Queue Usage via Interface Probing. All of AMD's Zen CPUs are vulnerable to a medium-severity flaw which can allow threat actors to run side-channel attacks. +- [Hertzbleed](https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) [[Archive.org]](https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) - Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit. +- [Retbleed](https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) [[Archive.org]](https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) - Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre. This guide won't go too deep into side-channel and microarchitecture attacks but we will highlight some issues with both Intel and AMD CPU architectures that will be mitigated throughout. It's important to recognize hardware is just as susceptible to bugs, and therefore exploitation, regardless of manufacturer. From 93c6825db845f4ac8719db55c0b62c099afa9716 Mon Sep 17 00:00:00 2001 From: pterocles Date: Sun, 14 Aug 2022 11:01:18 -0400 Subject: [PATCH 3/7] Microarchitecture bugs in Intel and AMD CPUs Add more information about microarchitecture bugs Signed-off-by: pterocles --- guide.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/guide.md b/guide.md index 99d7a43..e1633a8 100644 --- a/guide.md +++ b/guide.md @@ -889,6 +889,8 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte - [PLATYPUS](https://platypusattack.com/) [[Archive.org]](https://web.archive.org/web/20220814132343/https://platypusattack.com/) - Software-based Power Side-Channel Attacks on x86, which shows how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel and break kernel address-space layout randomization (KASLR). - [SQUIP](https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) [[Archive.org]](https://web.archive.org/web/20220812082548/https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) - Scheduler Queue Usage via Interface Probing. All of AMD's Zen CPUs are vulnerable to a medium-severity flaw which can allow threat actors to run side-channel attacks. +- [Hertzbleed](https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) [[Archive.org]](https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) - Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit. +- [Retbleed](https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) [[Archive.org]](https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) - Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre. This guide won't go too deep into side-channel and microarchitecture attacks but we will highlight some issues with both Intel and AMD CPU architectures that will be mitigated throughout. It's important to recognize hardware is just as susceptible to bugs, and therefore exploitation, regardless of manufacturer. From 6b5b8e5656162c20cd58d61acb736f20c175a243 Mon Sep 17 00:00:00 2001 From: pterocles Date: Sun, 14 Aug 2022 19:35:38 -0400 Subject: [PATCH 4/7] Fix pointer to Appendix B4 while adding Appendix B5 Signed-off-by: pterocles --- guide.md | 1 + 1 file changed, 1 insertion(+) diff --git a/guide.md b/guide.md index e1633a8..8be2770 100644 --- a/guide.md +++ b/guide.md @@ -384,6 +384,7 @@ Finally note that this guide does mention and even recommends various commercial - [Appendix B1: Checklist of things to verify before sharing information:] - [Appendix B2: Monero Disclaimer] - [Appendix B3: Threat modeling resources] +- [Appendix B4: Important notes about evil-maid and tampering] - [References:] # Pre-requisites and limitations: From 5cca117aa10ff60d5f263acdb49dbb28bb12f167 Mon Sep 17 00:00:00 2001 From: pterocles Date: Sun, 14 Aug 2022 19:39:37 -0400 Subject: [PATCH 5/7] Move content to Appendix B5: Types of CPU attacks Signed-off-by: pterocles --- guide.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/guide.md b/guide.md index 8be2770..9fb7c0e 100644 --- a/guide.md +++ b/guide.md @@ -106,7 +106,6 @@ Finally note that this guide does mention and even recommends various commercial - [Your Wi-Fi or Ethernet MAC address:] - [Your Bluetooth MAC address:] - [Your CPU:] - - [Types of Attacks:] - [Your Operating Systems and Apps telemetry services:] - [Your Smart devices in general:] - [Yourself:] @@ -385,6 +384,7 @@ Finally note that this guide does mention and even recommends various commercial - [Appendix B2: Monero Disclaimer] - [Appendix B3: Threat modeling resources] - [Appendix B4: Important notes about evil-maid and tampering] +- [Appendix B5: Types of CPU attacks:] - [References:] # Pre-requisites and limitations: @@ -873,8 +873,6 @@ Check yourself: - If you are using Windows, you can check the vulnerability status of your CPU using inSpectre [[Archive.org]][81] -### Types of Attacks: - Some CPUs have unfixable flaws (especially Intel CPUs) that could be exploited by various malware. Here is a good current list of such vulnerabilities affecting recent widespread CPUs: [[Wikiless]](https://wikiless.org/wiki/Transient_execution_CPU_vulnerability) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability) Transient execution attacks (formerly called speculative execution side channel methods) and select security issues plague many Intel CPUs. Here you can check your CPU against affected micro-processors [[Archive.org]](https://web.archive.org/web/20220814123250/https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html). @@ -13745,6 +13743,7 @@ See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some t [Appendix B2: Monero Disclaimer]: #appendix-b2-monero-disclaimer [Appendix B3: Threat modeling resources]: #appendix-b3-threat-modeling-resources [Appendix B4: Important notes about evil-maid and tampering]: #appendix-b4-important-notes-about-evil-maid-and-tampering + [Appendix B5: Types of CPU attacks:]: #appendix-b5-types-of-cpu-attacks [References:]: #references [cc-by-nc-4.0]: https://creativecommons.org/licenses/by-nc/4.0/ [27]: https://web.archive.org/web/https://creativecommons.org/licenses/by-nc/4.0/ From 870347b784d306a2a45e25543ccbd13c44bdb967 Mon Sep 17 00:00:00 2001 From: pterocles Date: Sun, 14 Aug 2022 19:41:04 -0400 Subject: [PATCH 6/7] Add microarchitecture bugs and related research to Appendix B5 Signed-off-by: pterocles --- guide.md | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/guide.md b/guide.md index 9fb7c0e..7906c6c 100644 --- a/guide.md +++ b/guide.md @@ -875,27 +875,11 @@ Check yourself: Some CPUs have unfixable flaws (especially Intel CPUs) that could be exploited by various malware. Here is a good current list of such vulnerabilities affecting recent widespread CPUs: [[Wikiless]](https://wikiless.org/wiki/Transient_execution_CPU_vulnerability) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability) -Transient execution attacks (formerly called speculative execution side channel methods) and select security issues plague many Intel CPUs. Here you can check your CPU against affected micro-processors [[Archive.org]](https://web.archive.org/web/20220814123250/https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html). - -The Advanced Programmable Interrupt Controller (APIC) is an integrated CPU component responsible for accepting, prioritizing, and dispatching interrupts to logical processors (LPs). The APIC can operate in xAPIC mode, also known as legacy mode, in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page. - -Enter AEPIC (stylized ÆPIC), the first architectural CPU bug that leaks stale data from the microarchitecture without using a side channel. It architecturally leaks stale data incorrectly returned by reading undefined APIC-register ranges. This novel method was revealed in the paper *ÆPIC Leak: Architecturally Leaking Uninitialized Data from the -Microarchitecture* which you can read here: [Borrello2022AEPIC](https://aepicleak.com/aepicleak.pdf) [[Archive.org]](https://web.archive.org/web/20220812101719/https://aepicleak.com/aepicleak.pdf) - -Model-specific registers (MSRs) and their configuration bits can also be detected automatically on Intel and AMD CPUs: [Kogler2022](https://github.com/IAIK/msrevelio) [[Archive.org]](https://web.archive.org/web/20220814125349/https://andreaskogler.com/papers/msrtemplating.pdf). This allows an attacker (with heavy knowledge of CPU functionality) to view information about the MSRs, which are essentially special CPU registers allowing interaction with low-level CPU features and advanced configuration of the CPU's behavior. Modern x86 CPUs have hundreds of these, which are usually documented very little and in increasingly less verbosity over the past few years. - -#### Some other microarchitecture bugs: - -- [PLATYPUS](https://platypusattack.com/) [[Archive.org]](https://web.archive.org/web/20220814132343/https://platypusattack.com/) - Software-based Power Side-Channel Attacks on x86, which shows how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel and break kernel address-space layout randomization (KASLR). -- [SQUIP](https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) [[Archive.org]](https://web.archive.org/web/20220812082548/https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) - Scheduler Queue Usage via Interface Probing. All of AMD's Zen CPUs are vulnerable to a medium-severity flaw which can allow threat actors to run side-channel attacks. -- [Hertzbleed](https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) [[Archive.org]](https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) - Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit. -- [Retbleed](https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) [[Archive.org]](https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) - Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre. +Some of these can be avoided using Virtualization Software settings that can mitigate such exploits. See this guide for more information [[Archive.org]][82] (warning: these can severely impact the performance of your VMs). This guide won't go too deep into side-channel and microarchitecture attacks but we will highlight some issues with both Intel and AMD CPU architectures that will be mitigated throughout. It's important to recognize hardware is just as susceptible to bugs, and therefore exploitation, regardless of manufacturer. -Some of these can be avoided using Virtualization Software settings that can mitigate such exploits. See this guide for more information [[Archive.org]][82] (warning: these can severely impact the performance of your VMs). - -We will therefore mitigate some of these issues in this guide by recommending the use of virtual machines on a dedicated anonymous laptop for your sensitive activities that will only be used from an anonymous public network. +We will mitigate some of these issues in this guide by recommending the use of virtual machines on a dedicated anonymous laptop for your sensitive activities that will only be used from an anonymous public network. **In addition, we recommend the use of AMD CPUs instead of Intel CPUs.** @@ -12375,6 +12359,24 @@ On the other hand, allowing the attack but detecting it will not let your advers See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some tips. +# Appendix B5: Types of CPU attacks: + +Select security issues plague many Intel CPUs, such as transient execution attacks (formerly called speculative execution side channel methods). Here you can check your CPU against affected micro-processors with known bugs [[Archive.org]](https://web.archive.org/web/20220814123250/https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html). + +The Advanced Programmable Interrupt Controller (APIC) is an integrated CPU component responsible for accepting, prioritizing, and dispatching interrupts to logical processors (LPs). The APIC can operate in xAPIC mode, also known as legacy mode, in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page. + +Enter AEPIC (stylized ÆPIC), the first architectural CPU bug that leaks stale data from the microarchitecture without using a side channel. It architecturally leaks stale data incorrectly returned by reading undefined APIC-register ranges. This novel method was revealed in the paper *ÆPIC Leak: Architecturally Leaking Uninitialized Data from the +Microarchitecture* which you can read here: [Borrello2022AEPIC](https://aepicleak.com/aepicleak.pdf) [[Archive.org]](https://web.archive.org/web/20220812101719/https://aepicleak.com/aepicleak.pdf) + +Model-specific registers (MSRs) and their configuration bits can also be detected automatically on Intel and AMD CPUs: [Kogler2022](https://github.com/IAIK/msrevelio) [[Archive.org]](https://web.archive.org/web/20220814125349/https://andreaskogler.com/papers/msrtemplating.pdf). This allows an attacker (with heavy knowledge of CPU functionality) to view information about the MSRs, which are essentially special CPU registers allowing interaction with low-level CPU features and advanced configuration of the CPU's behavior. Modern x86 CPUs have hundreds of these, which are usually documented very little and in increasingly less verbosity over the past few years. + +#### Some other microarchitecture bugs: + +- [PLATYPUS](https://platypusattack.com/) [[Archive.org]](https://web.archive.org/web/20220814132343/https://platypusattack.com/) - Software-based Power Side-Channel Attacks on x86, which shows how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel and break kernel address-space layout randomization (KASLR). +- [SQUIP](https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) [[Archive.org]](https://web.archive.org/web/20220812082548/https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) - Scheduler Queue Usage via Interface Probing. All of AMD's Zen CPUs are vulnerable to a medium-severity flaw which can allow threat actors to run side-channel attacks. +- [Hertzbleed](https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) [[Archive.org]](https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) - Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit. +- [Retbleed](https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) [[Archive.org]](https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) - Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre. + --- # References: From cbb3c49666ceed284b09a2725e5a73ed44306ec5 Mon Sep 17 00:00:00 2001 From: "T. H" Date: Sun, 14 Aug 2022 19:51:36 -0400 Subject: [PATCH 7/7] Revert a commit and cleanup a pointer This reverts commit 7736c42bd7fd4dc009405034ab77296a5f13f53c. Signed-off-by: pterocles --- guide.md | 1 - 1 file changed, 1 deletion(-) diff --git a/guide.md b/guide.md index 7906c6c..3723818 100644 --- a/guide.md +++ b/guide.md @@ -13466,7 +13466,6 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte [Your Wi-Fi or Ethernet MAC address:]: #your-wi-fi-or-ethernet-mac-address [Your Bluetooth MAC address:]: #your-bluetooth-mac-address [Your CPU:]: #your-cpu - [Types of Attacks:]: #types-of-attacks [Your Operating Systems and Apps telemetry services:]: #your-operating-systems-and-apps-telemetry-services [Your Smart devices in general:]: #your-smart-devices-in-general [Yourself:]: #yourself