bloomberg on supermicro: sky is falling

Pete Carah pete at altadena.net
Sun Oct 7 06:17:01 UTC 2018


On 10/04/2018 03:13 PM, Scott Weeks wrote:
>
> --- eric.kuhnke at gmail.com wrote:
> From: Eric Kuhnke <eric.kuhnke at gmail.com>
>
>   many contractors *do* have sensitive data on their
> networks with a gateway out to the public Internet.
> ----------------------------------------
>
> I could definitely imagine that happening.
>
> scott
>
I always loved the early "HIPPA" systems at the doctor's office where 
the web browser was not restricted, nor the email client, and they ran 
XP.  These didn't even need a hardware feature to exploit...

Even in a server, though, given spectre or an equivalent (remember this 
could be exploited from javascript in a browser or php or...) if apps 
were present on a machine with both kinds of info/connections, we don't 
even need custom chips, the path is there in 
cache-management/pipeline-management bugs.  I once ran into a cute bug 
in a power-pc chip (405ep, used in some older switches as the management 
processor) where I had to mark all I/O buffers non-cachable (yes, this 
is a good idea anyhow, but the chip documentation said that an 
invalidate/flush in the right places took care of that, and I really 
needed the speed later during packet parsing.  And no, copying the 
packets was prohibitive...)  Anyhow, with an 30 (or so) mbit stream 
coming into ram, about every 30 seconds, the ethertype byte came in 0 
instead of 0800 (the responsible bug was in cache management, and the 
errata item describing it required 5 separate steps involving both 
processor and I/O access to that address or one in that cache line.  At 
least this system wasn't multiuser...  A friend who read the errata item 
said (and I agree) it looks like a Rube Goldberg sequence. (yes, I'm 
dating myself.)  As far as I know, 10 years later, the bug has never 
been fixed in the masks (of course, most ppc (and embedded mips) designs 
are now going to ARM chips.  Don't know how much better that is; some of 
the speed-demon versions of that have a version of spectre.)

-- Pete




More information about the NANOG mailing list