VoltJockey sounds like a power you'd get in one of the Bioshock games.
Intel might want to reconsider the G part of SGX – because it's been plunderstruck
Intel on Tuesday plans to release 11 security advisories, including a microcode firmware update to patch a vulnerability in its Software Guard Extensions (SGX) on recent Core microprocessors that allows a privileged attacker to corrupt SGX enclave computations. The SGX flaw has been dubbed Plundervolt by the computer …
COMMENTS
-
Tuesday 10th December 2019 23:02 GMT DCFusor
Hard and crunchy on the outside,
Soft and chewy on the inside. That's what we used to call a then-deprecated security model, as many of us thought there should be quite a lot more defense in depth. (we were talking about Windows at the time, of course)
But with the current complexity built right in - in a way we can't leave it out or avoid it, it seems that if "they" can get in at all, they own the world no matter what. I suppose that's a complex way to say "simpler times were simpler". ;~) This just didn't happen on my Z80 (or PDP 8, 11, or in fact, earlier X 86).
My guess is that this CRAP - and that's what it is, rides along on capabilities otherwise required (but not documented) to make the new chips work "at all".
It does make a point that building in things the end owner can't really remove isn't so smart or desirable, especially since it appears mostly to be an attempt at lock in.
-
-
Wednesday 11th December 2019 21:56 GMT NetBlackOps
Re: Hard and crunchy on the outside,
Really doesn't matter if they are a division or not. They, Microsoft, Adobe, Cisco, SAP, the list is rather long are quite capable of fucking up by the numbers all on their own. The agencies need only have bright enough people to see the opportunities that abound out there.
-
-
Wednesday 11th December 2019 02:48 GMT Anonymous Coward
Look on the Bright Side and the Dark Side
On the bright side, the problem can be, sort of, fixed (do you actually look at the attestation? Oh, you hope someone who knows what they are doing does, but maybe they don't bother, or maybe that code is perverted...).
On the dark side, when the cracker kit version appears for the equivalent biological hardware which our brains run on, well... good luck going to your local &deity abode and asking for a patch. Prayers are wishful thinking; sacrificing script kiddies on the peak of Aztec temples sometimes helps (those Aztecs, Toltecs, Mayans... way ahead of their times).
-
-
Tuesday 24th December 2019 13:05 GMT Anonymous Coward
Sponsored by Intel®
Wtf?
https://www.theregister.co.uk/2019/12/24/intel_data_security_hybrid_cloud/
Sponsored by Intel®
" Security
To protect data and code in the age of hybrid cloud, you can always turn to Intel SGX
A gentle guide to enclaves and trusted execution environments
By Rene Millman 24 Dec 2019 at 07:00
Data and code are the lifeblood of digital organisations, and increasingly these are shared with others in order to achieve specific business goals. As such, data and code must be protected no matter where the workloads run, be they in on-premises data centers, remote cloud servers, or edge-of-the-network."
[Comments not permitted on that sponsored article? Anyone imagine why?]
See also other SGX-related articles here and elsewhere e.g.
https://www.theregister.co.uk/2018/08/15/foreshadow_sgx_software_attestations_collateral_damage/
""Marina [Minkin] had worked with SGX, we talked about it a bit, and she mentioned a scenario which in SGX caused an access violation exception, instead of falling into 'abort page semantics'. Because Meltdown is related to access violation exceptions we decided to give it a try."
Once you know where to look for a vulnerability, he said, "most of the hard part is done".
* The researchers have called two related vulns – CVE-2018-3620 and CVE-2018-3646 – "Foreshadow-NG" (next generation). Intel refers to the three flaws collectively as "L1 terminal fault".
-
-
Wednesday 8th January 2020 14:38 GMT Anonymous Coward
Re: Sponsored by Intel®
And now El Reg has an article on Intel's latest attempt to relaunch the NUC concept/product. For most of the addressable market, the NUC has always been and will always be largely irrelevant. Commercial signage? Industrialised computers? Much better options exist, typically not centred around Windows-dependent IT departments and retail networks, and therefore the x86 world is irrelevant to them.
-
-