Most prominently, security researcher Anders Fogh, a malware analyst for German firm GData, in July wrote on his blog that he had been exploring a curious feature of modern microprocessors called speculative execution. While some elements of Meltdown and Spectre's four-way bug collision-a bug pile-up may be a better description-remain inexplicable, some of the researchers followed the same public breadcrumbs to their discoveries. More than a sense of achievement, he felt shock and dismay. His code, designed to steal information from the deepest, most protected part of a computer's operating system, known as the kernel, no longer spat out random characters but what appeared to be real data siphoned from the sensitive guts of his machine: snippets from his web browsing history, text from private email conversations. That evening, Gruss informed the other two researchers that he'd succeeded. After a Saturday night drinking with friends, they got to work the next day, each independently writing code to test a theoretical attack on the suspected vulnerability, sharing their progress via instant message. Two days earlier, in their lab at Graz's University of Technology, Moritz Lipp, Daniel Gruss, and Michael Schwarz had determined to tease out an idea that had nagged at them for weeks, a loose thread in the safeguards underpinning how processors defend the most sensitive memory of billions of computers. On a cold Sunday early last month in the small Austrian city of Graz, three young researchers sat down in front of the computers in their homes and tried to break their most fundamental security protections.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |