203
AMD’s trusted execution environment blown wide open by new BadRAM attack (arstechnica.com)
submitted 1 week ago by gedaliyah@lemmy.world to c/technology@lemmy.world
15 comments fedilink hide all child comments

On Tuesday, an international team of researchers unveiled BadRAM, a proof-of-concept attack that completely undermines security assurances that chipmaker AMD makes to users of one of its most expensive and well-fortified microprocessor product lines. Starting with the AMD Epyc 7003 processor, a feature known as SEV-SNP—short for Secure Encrypted Virtualization and Secure Nested Paging—has provided the cryptographic means for certifying that a VM hasn’t been compromised by any sort of backdoor installed by someone with access to the physical machine running it.

top 15 comments
sorted by: hot top controversial new old
[-] WagnasT@lemmy.world 98 points 1 week ago

Looks like AMD has already patched it, also appears to affect older Intel versions of the same tech concept but not current generations.

Only really affects guests in multi tenant hypervisor environments, requires physical access to the hypervisor, requires external physical hardware, requires booting the host with said hardware attached, at some point this level of compromise is already absurd. This kind of research is important and shows that we still need to limit out level of trust with host providers but I don't think anyone needs to panic.

[-] Dark_Arc@social.packetloss.gg 46 points 1 week ago

Kinda annoyed with Ars for perpetuating this trend of dramatized security vulnerability names and descriptions.

[-] Bakkoda@sh.itjust.works 8 points 1 week ago* (last edited 1 week ago)

Ars went the way of Toms a while ago for me. There's some decent stuff to be found but most of it is click/rage bait.

[-] Dark_Arc@social.packetloss.gg 4 points 1 week ago

I still think it's generally more good than bad and I appreciate they provide an authenticated ad free RSS feed for subscribers, but I think this was one of their worst headlines.

[-] Tangent5280@lemmy.world 17 points 1 week ago

If someone breaks into your home and shits your pants then they might be able to make you smell like shit.

[-] undefined@lemmy.hogru.ch 5 points 1 week ago

Legit question: is the “he/she shits your pants” expression and generally shit verbiage own vogue or something?

I have to ask because I keep seeing it and I’m pretty sheltered from corporate social media (and probably larger Internet cultural trends overall).

[-] Tangent5280@lemmy.world 3 points 6 days ago

It's been a meme for a while I think. If I had to guess I'd say it started with some Tumblr thread. Obviously not entirely suitable for normal-speak, which is why it's on lemmy instead of a workplace slack channel.

[-] Tangent5280@lemmy.world 47 points 1 week ago

My favorite computer vulnerability is when a state actor kidnaps me and attaches high voltage jumpers to my ballsack with the threat of frying them if I don't give up my NFT seed phrase.

My second favorite vulnerability is when a common robber steals my Daddy Tate Tokens from my shadow encrypted, quantum hardened disk by breaking my kneecaps with a $5 wrench.

[-] mPony@lemmy.world 17 points 1 week ago

My favorite computer vulnerability is when a state actor kidnaps me and attaches high voltage jumpers to my ballsack with the threat of frying them if I don’t give up my NFT seed phrase

There's no need to bring your OnlyFans subscriptions into this discussion. You do you.

[-] serenade@lemmy.blahaj.zone 14 points 1 week ago

There's an XKCD reference in there, I'm sure of it

[-] LostXOR@fedia.io 26 points 1 week ago

I'm not really surprised, common wisdom is if someone malicious has hardware access to a machine it's compromised. And if you don't trust your hosting provider to not tamper with your machine, you should really find a new provider (or buy your own server).

[-] nyan@lemmy.cafe 4 points 1 week ago

The "trusted execution environment" thing was an attempt to make the system less vulnerable to exploitation through physical access. As we can see, it works about as well as expected.

[-] just_another_person@lemmy.world 7 points 1 week ago

Well, fuck.

[-] Grass@sh.itjust.works 5 points 1 week ago

not my favourite use of a pi pico

this post was submitted on 10 Dec 2024
203 points (95.9% liked)

Technology

59982 readers
2298 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world