bloomberg on supermicro: sky is falling
Pete Carah
pete at altadena.net
Sun Oct 7 06:17:01 UTC 2018
On 10/04/2018 03:13 PM, Scott Weeks wrote:
>
> --- eric.kuhnke at gmail.com wrote:
> From: Eric Kuhnke <eric.kuhnke at gmail.com>
>
> many contractors *do* have sensitive data on their
> networks with a gateway out to the public Internet.
> ----------------------------------------
>
> I could definitely imagine that happening.
>
> scott
>
I always loved the early "HIPPA" systems at the doctor's office where
the web browser was not restricted, nor the email client, and they ran
XP. These didn't even need a hardware feature to exploit...
Even in a server, though, given spectre or an equivalent (remember this
could be exploited from javascript in a browser or php or...) if apps
were present on a machine with both kinds of info/connections, we don't
even need custom chips, the path is there in
cache-management/pipeline-management bugs. I once ran into a cute bug
in a power-pc chip (405ep, used in some older switches as the management
processor) where I had to mark all I/O buffers non-cachable (yes, this
is a good idea anyhow, but the chip documentation said that an
invalidate/flush in the right places took care of that, and I really
needed the speed later during packet parsing. And no, copying the
packets was prohibitive...) Anyhow, with an 30 (or so) mbit stream
coming into ram, about every 30 seconds, the ethertype byte came in 0
instead of 0800 (the responsible bug was in cache management, and the
errata item describing it required 5 separate steps involving both
processor and I/O access to that address or one in that cache line. At
least this system wasn't multiuser... A friend who read the errata item
said (and I agree) it looks like a Rube Goldberg sequence. (yes, I'm
dating myself.) As far as I know, 10 years later, the bug has never
been fixed in the masks (of course, most ppc (and embedded mips) designs
are now going to ARM chips. Don't know how much better that is; some of
the speed-demon versions of that have a version of spectre.)
-- Pete
More information about the NANOG
mailing list