* Henry Baker <hbaker1@pipeline.com> [Aug 05. 2015 19:29]:
[...]
BTW, it's only a matter of time before DRAM modules incorporate built-in caches/malware that can be triggered by a precise sequence of memory addresses and/or contents.
We are WAY past that already. [the following just quickly from the top of my head] You can install a full O/S on your hard disk's built-in adaptor. So that one can wait for any event (like a certain file being copied to the disk), triggering _all_ kinds of nasties: file corruption/hiding/disappearing/creation of incriminating files... . The new "BIOS" (efi/secure boot) and the possible trickeries with it win over your O/S (and anything on top of that) hands down. Essentially all non-trivial circuitry comes with backdoors these days. Some known (e.g., your telephone does have mechanisms to eavesdropping/tracking/shutdown), most not. I assume that most network gear is back-doored, anything CISCO (for example) most certainly.
It makes one seriously wonder about the safety and availability of computers, most of whose components come from offshore vendors with uncertain loyalties.
The US made gear surely has the most sophisticated of that.
The next war might well be fought using mechanical typewriters and slide rules.
Typewriters may sound like a good start, but each leaves a rather unique pattern, though not as precise as those unique patterns of yellow dots your color printer makes (use a magnifying glass to see them). Keyboards: some people actually use wireless keyboards in what they fantasize to be a reasonably secure setup...
http://arxiv.org/abs/1507.06955
Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript
As DRAM has been scaling to increase in density, the cells are less isolated from each other. Recent studies have found that repeated accesses to DRAM rows can cause random bit flips in an adjacent row, resulting in the so called Rowhammer bug. This bug has already been exploited to gain root privileges and to evade a sandbox, showing the severity of faulting single bits for security. However, these exploits are written in native code and use special instructions to flush data from the cache.
If you can flush cache you are in ring zero (try CFLUSH as root, no fish). When in ring zero you own the kernel already, no point in indirect hacks.
In this paper we present Rowhammer.js, a JavaScript-based implementation of the Rowhammer attack.
I have to say I was surprised this is possible, but security/privacy wise this is a VERY minor concern for me.
[...]
End of tinfoil hattery. Best regards, jj