[PLUG] Vulnerable Hardware (was: Internet of Exploitable Things (was Seagate NAS))
Paul Heinlein
heinlein at madboa.com
Mon Mar 9 20:40:29 UTC 2015
On Mon, 9 Mar 2015, Tim wrote:
> Here's a related issue, but far far worse than Seagate/TLS issues:
> http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
>
> Thanks hardware companies for making it impossible to provide local
> security on any PC with any OS!
TFA said the results all came from laptops: "We also tested some
desktop machines, but did not see any bit flips on those. That could
be because they were all relatively high-end machines with ECC memory.
The ECC could be hiding bit flips."
So all you need to do is carry around an ECC-equipped desktop or
server (along with cables, monitor, keyboard, pointing device) and
you're secure. Simple fix!
--
Paul Heinlein
heinlein at madboa.com
45°38' N, 122°6' W
More information about the PLUG
mailing list