Dad of two; Java and web developer.
120 stories

A link is a promise.

1 Share

A few years ago, I came across a "content curation" service that billed itself as the easiest way to share your "thought leadership." You'd enter a few search terms, hook up your Twitter account, and start sharing articles.

It was a very generous definition of "content curation." But describing it as thought leadership was laughable.

That said, leadership communications can absolutely include sharing and commenting on useful resources and thought-provoking perspectives you find. That's especially true when you share with care (and due attribution!) and offer your own reflections on what you're linking to.

But a lot of people don't. There's a school of thought out there that stresses post frequency, clicks likes and shares over things that may be less easy to measure but have far greater impact — like attention, trust and authority.

And some folks I would have thought would know better are churning out links to the most shameless clickbait in the name of "thought leadership." I wrote about this a few years ago — but if anything, the problem just seems to be getting worse.

So let's be clear about something: a link is a promise.

When you share a link, we're taking your word for it on what we'll find when we get there.

Share a link that turns out to be clickbait… or a mediocre regurgitation of advice we've all read a thousand times before… and you're breaking that promise.

Share a headline that promises an exciting story about one thing… but only deals with that one thing in passing… and you're breaking that promise.

Share a story that turns out to be a hoax, or wildly exaggerated, or just plain not worth a reader's time… and you're breaking that promise.

Break enough promises, and you'll start breaking relationships. And no number of clicks, likes or shares is worth that.

?Photo by JJ Ying on Unsplash

The post A link is a promise. appeared first on Rob Cottingham.

Read the whole story
43 days ago
Christchurch, New Zealand
Share this story

Memcrashed - Major amplification attacks from UDP port 11211

1 Share
Memcrashed - Major amplification attacks from UDP port 11211

Memcrashed - Major amplification attacks from UDP port 11211CC BY-SA 2.0 image by David Trawin

Over last couple of days we've seen a big increase in an obscure amplification attack vector - using the memcached protocol, coming from UDP port 11211.

In the past, we have talked a lot about amplification attacks happening on the internet. Our most recent two blog posts on this subject were:

The general idea behind all amplification attacks is the same. An IP-spoofing capable attacker sends forged requests to a vulnerable UDP server. The UDP server, not knowing the request is forged, politely prepares the response. The problem happens when thousands of responses are delivered to an unsuspecting target host, overwhelming its resources - most typically the network itself.

Memcrashed - Major amplification attacks from UDP port 11211

Amplification attacks are effective, because often the response packets are much larger than the request packets. A carefully prepared technique allows an attacker with limited IP spoofing capacity (such as 1Gbps) to launch very large attacks (reaching 100s Gbps) "amplifying" the attacker's bandwidth.


Obscure amplification attacks happen all the time. We often see "chargen" or "call of duty" packets hitting our servers.

A discovery of a new amplification vector though, allowing very great amplification, happens rarely. This new memcached UDP DDoS is definitely in this category.

The DDosMon from Qihoo 360 monitors amplification attack vectors and this chart shows recent memcached/11211 attacks:

Memcrashed - Major amplification attacks from UDP port 11211

The number of memcached attacks was relatively flat, until it started spiking just a couple days ago. Our charts also confirm this, here are attacks in packets per second over the last four days:

Memcrashed - Major amplification attacks from UDP port 11211

While the packets per second count is not that impressive, the bandwidth generated is:

Memcrashed - Major amplification attacks from UDP port 11211

At peak we've seen 260Gbps of inbound UDP memcached traffic. This is massive for a new amplification vector. But the numbers don't lie. It's possible because all the reflected packets are very large. This is how it looks in tcpdump:

$ tcpdump -n -t -r memcrashed.pcap udp and port 11211 -c 10
IP > UDP, length 13
IP > UDP, length 1400
IP > UDP, length 1400
IP > UDP, length 1400
IP > UDP, length 1400
IP > UDP, length 1400
IP > UDP, length 1400
IP > UDP, length 1400
IP > UDP, length 1400
IP > UDP, length 13

The majority of packets are 1400 bytes in size. Doing the math 23Mpps x 1400 bytes gives 257Gbps of bandwidth, exactly what the chart shows.

Memcached does UDP?

I was surprised to learn that memcached does UDP, but there you go! The protocol specification shows that it's one of the best protocols to use for amplification ever! There are absolutely zero checks, and the data WILL be delivered to the client, with blazing speed! Furthermore, the request can be tiny and the response huge (up to 1MB).

Launching such an attack is easy. First let's implant a large payload on an exposed memcached server, let's call the key y. Then, just request this key with UDP:

$ echo -en "\x00\x00\x00\x00\x00\x01\x00\x00get y\r\n" | nc -q1 -u 11211 | wc -c

Tcpdump shows the traffic:

$ sudo tcpdump -ni eth0 port 11211 -t
IP > UDP, length 15
IP > UDP, length 1400
IP > UDP, length 1400
...(repeated hundreds times)...

15 bytes of request triggered 134KB of response. This is amplification factor of 10,000x! In practice we've seen a 15 byte request result in a 750kB response (that's a 51,200x amplification).

Source IPs

The vulnerable memcached servers are all around the globe, with higher concentration in North America and Europe. Here is a map of the source IPs we've seen in each of our 120+ points of presence:

Memcrashed - Major amplification attacks from UDP port 11211

Interestingly our datacenters in EWR, HAM and HKG see disproportionally large numbers of attacking IPs. This is because most of the vulnerable servers are located in major hosting providers. The AS numbers of the IPs that we've seen:

│ 578 │ AS16276 │ OVH                                          │
│ 468 │ AS14061 │ DIGITALOCEAN-ASN - DigitalOcean, LLC         │
│ 231 │ AS7684  │ SAKURA-A SAKURA Internet Inc.                │
│ 199 │ AS9370  │ SAKURA-B SAKURA Internet Inc.                │
│ 165 │ AS12876 │ AS12876                                      │
│ 119 │ AS9371  │ SAKURA-C SAKURA Internet Inc.                │
│ 104 │ AS16509 │ AMAZON-02 -, Inc.                 │
│ 102 │ AS24940 │ HETZNER-AS                                   │
│  81 │ AS26496 │ AS-26496-GO-DADDY-COM-LLC -, LLC │
│  74 │ AS36351 │ SOFTLAYER - SoftLayer Technologies Inc.      │
│  65 │ AS20473 │ AS-CHOOPA - Choopa, LLC                      │
│  49 │ AS49981 │ WORLDSTREAM                                  │
│  48 │ AS51167 │ CONTABO                                      │
│  48 │ AS33070 │ RMH-14 - Rackspace Hosting                   │
│  45 │ AS19994 │ RACKSPACE - Rackspace Hosting                │
│  44 │ AS60781 │ LEASEWEB-NL-AMS-01 Netherlands               │
│  42 │ AS45899 │ VNPT-AS-VN VNPT Corp                         │
│  41 │ AS2510  │ INFOWEB FUJITSU LIMITED                      │
│  40 │ AS7506  │ INTERQ GMO Internet,Inc                      │
│  35 │ AS62567 │ DIGITALOCEAN-ASN-NY2 - DigitalOcean, LLC     │
│  31 │ AS8100  │ ASN-QUADRANET-GLOBAL - QuadraNet, Inc        │
│  30 │ AS14618 │ AMAZON-AES -, Inc.                │
│  30 │ AS31034 │ ARUBA-ASN                                    │

Most of the memcached servers we've seen were coming from AS16276 - OVH, AS14061 - Digital Ocean and AS7684 - Sakura.

In total we've seen only 5,729 unique source IPs of memcached servers. We're expecting to see much larger attacks in future, as Shodan reports 88,000 open memcached servers:

Memcrashed - Major amplification attacks from UDP port 11211

Let's fix it up

It's necessary to fix this and prevent further attacks. Here is a list of things that should be done.

Memcached Users

If you are using memcached, please disable UDP support if you are not using it. On memcached startup you can specify --listen to listen only to localhost and -U 0 to disable UDP completely. By default memcached listens on INADDR_ANY and runs with UDP support ENABLED. Documentation:

You can easily test if your server is vulnerable by running:

$ echo -en "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n" | nc -q1 -u 11211
STAT pid 21357
STAT uptime 41557034
STAT time 1519734962

If you see non-empty response (like the one above), your server is vulnerable.

System administrators

Please ensure that your memcached servers are firewalled from the internet! To test whether they can be accessed using UDP I recommend the nc example above, to verify if TCP is closed run nmap:

$ nmap TARGET -p 11211 -sU -sS --script memcached-info
Starting Nmap 7.30 ( ) at 2018-02-27 12:44 UTC
Nmap scan report for xxxx
Host is up (0.011s latency).
11211/tcp open          memcache
| memcached-info:
|   Process ID           21357
|   Uptime               41557524 seconds
|   Server time          2018-02-27T12:44:12
|   Architecture         64 bit
|   Used CPU (user)      36235.480390
|   Used CPU (system)    285883.194512
|   Current connections  11
|   Total connections    107986559
|   Maximum connections  1024
|   TCP Port             11211
|   UDP Port             11211
|_  Authentication       no
11211/udp open|filtered memcache

Internet Service Providers

Memcrashed - Major amplification attacks from UDP port 11211

In order to defeat such attacks in future, we need to fix vulnerable protocols and also IP spoofing. As long as IP spoofing is permissible on the internet, we'll be in trouble.

Help us out by tracking who is behind these attacks. We must know not who has problematic memcached servers, but who sent them queries in the first place. We can't do this without your help!


Please please please: Stop using UDP. If you must, please don't enable it by default. If you do not know what an amplification attack is I hereby forbid you from ever typing SOCK_DGRAM into your editor.

We've been down this road so many times. DNS, NTP, Chargen, SSDP and now memcached. If you use UDP, you must always respond with strictly a smaller packet size then the request. Otherwise your protocol will be abused. Also remember that people do forget to set up a firewall. Be a nice citizen. Don't invent a UDP-based protocol that lacks authentication of any kind.

That's all

It's anyone's guess how large the memcached attacks will become before we clean the vulnerable servers up. There were already rumors of 0.5Tbps amplifications in the last few days, and this is just a start.

Finally, you are OK if you are a Cloudflare customer. Cloudflare's Anycast architecture works well to distribute the load in case of large amplification attacks, and unless your origin IP is exposed, you are safe behind Cloudflare.

Dealing with DDoS attacks sound interesting? Join our world famous team in London, Austin, San Francisco and our elite office in Warsaw, Poland.

Read the whole story
52 days ago
Christchurch, New Zealand
Share this story

RPGS, Veblen, and Isms

1 Share
Go read Theory of Leisure Class, though it may depress you

Back when I was working on my masters, I had to take some PhD classes in econometrics. To do that I had to go to the economics department, fill out paperwork and ask them to let me into the classes (Since I wasn’t a PhD student, the department was rightly worried I might find the classes highly challenging. I did eek out a passing grade though.) While waiting to be seen, one of the professors walking by struck up a conversation with me. After about 5 minutes, he said to me (I paraphrase): “I like you. You should read Veblen’s Theory of the Leisure Class. You’re just the right type of weird to enjoy it.” Turns out he was the professor I was going to have daily 6 hour long classes with that summer. He was pretty weird himself, but in a good way.

Wanting to be more into economics than I really was, and wanting to impress the professor, I picked up a copy of the book. (by the way, it’s public domain and you can find it for free online if you care to read it. PDF EPUB and other formats). Published in 1899, it’s a bit of a slog full of unfamiliar words and archaic structure, but that professor was right, I was just the type of weird to enjoy it. Oddly enough, for an economic treatise written seventy years before the creation of role playing games, it provides an interesting lens to view them through and insights into the nature of them.

(Veblen can also be used to explain a lot of human behavior both on the personal and macro scale. As this is not a political site, I leave you to draw your own conclusions on that front. I’m 100% certain that you can find multiple sites on the topic elsewhere on the internet if you want to read up on it.)

Veblen’s main thesis is that despite the complaints of the economists of his day, and non-economists still today, human behavior is more or less rational despite appearances to the contrary. Of course, keep in mind that humans are notoriously bad at evaluating small short term vs larger long term gains, and are often self benefit driven, both a legacy from when life was nasty, brutish, and short.  To explain seeming lapses in rationality, Veblen explains the concept of agency and status and posits that all so called irrational behavior are attempts to gather one or the other:

  • Agency: Veblen’s concept of agency is related to but distinct from the commonly discussed gaming concept of player agency. It consists of two parts- the ability to take powerful actions which hold the appearance of consciousness (appearance of consciousness means things like powerful storms have agency even though we now know they’re not conscious) and the ability to impose your will on others with agency. Thus the farmer does not have agency, or has very little, because he imposes his will on plants, which do not have agency; but the hunter, shaman, and warrior do because they impose their will on beasts, storms, and other warriors. Note that how one imposes this will is irrelevant. The warrior who imposes his will through brute violence and the rogue who imposes his will through clever action both have equal agency.
    In your typical game, there is a ladder of agency. PCs, foes and important NPCs have agency, players and GM influence them with their agency, and above all of that, playing the part of the capricious whimsical gods are the dice which, much like the storms of our ancestors, seem to have a will all their own.
  • Status: Status is the acknowledgement, deference, and special treatment we give to those with greater agency. In early or brutal civilizations it’s not mouthing off to the warriors because if you do they might just run you through. In more abstract examples, it’s not mouthing off to the king because even though you’re pretty sure you could take him in a fight, his soldiers will run you through and his bureaucrats will see to it that your taxes are doubled.

Veblen explains that the primary way of gathering agency is the heroic exploit, and that the primary currency used is courage and cunning. Enter the typical archetype of the warrior, hunter, and trickster. But over time he argues it becomes more difficult to show off just how heroic you are. Trophies and treasure gained in exploit can only take you so far. Enter two more ways to show how much agency you have: conspicuous consumption and conspicuous leisure. Eventually heroes have so much accumulated riches from exploit that they can afford to blow those resources on ever more extravagant goods and services and on long periods doing nothing of value. Remember back to the carousing rules from the early Conan RPG and the early DnD rules for building your own keep, crafting magic items and doing spell research. All these things signal to the rest of the world just how formidable you are. Different RPG archetypes focus on different mixes of these four building blocks of agency and status.

  • Courage: imposing agency via force of arms and brute strength
  • Cunning: imposing agency via cleverness or guile
  • Conspicuous Consumption: showing status via display of resources gathered in heroic exploit
  • Conspicuous Leisure: showing status via not performing otherwise productive work when not involved in exploit

Veblen says that the expression of these qualities has social value in that you get special treatment for having or displaying them. They are largely expressed in the form of what Veblen terms invidious comparison. I am stronger than that person, I am smarter than this other person, more moral than this person, etc. More abstractly, they can be expressed through trophies of exploits, what resources you have, what groups you associate with, who you work for etc. In the extreme, one who successfully gathers large amounts of resources via exploit can’t spend it all themselves, and may even hire retainers whose only job is to spend their lord’s money.  Interestingly, some of these expressions are cultural and change over time. Recent studies have shown that modern Americans are less inclined to give others status for having lots of leisure time and lots of expensive possessions, which were major status symbols in Veblen’s time and are still (apparently) status symbols in other places. (article 1 and article 2).

What in particular struck me while reading through the book was that a large part of RPGs was an attempt to emulate characters with far more agency, and thus status, than players generally have. That’s of course an oversimplification. Different people play RPGs for lots of different reasons, and you can probably find some that don’t hinge on playing with agency, but I can’t think of any . Feel free to correct me if you like. What this means is that in theory RPG experiences featuring the right balance of character agency (enough agency to impose their will on others but not so much that opponents don’t appear to have agency of their own) should be a more satisfying play experience, and giving the characters markers of agency and status should also lead to satisfying play. In fact, one could write an entire book digging through Theory Of The Leisure Class and pulling out elements to enhance games*.

As a side note, plenty of playstyles and even problem playstyles can be chalked up to Veblen’s agency. On the innocuous side is pushing for more PC vs NPC agency. On the destructive side is outright player vs player or player vs GM agency. If you’ve ever wondered what the player who enjoys making everyone else’s experience miserable is getting out of it, this is it: imposing their agency over that of the other players and GM, and if they can’t be convinced to pick a more suitable target, they should be shown the door before it gets worse.

However, even though Veblen explains RPG motivations very well it turns out that taken to extremes, pursuing agency and status also explains a variety of the more unsavory elements of humanity: Slavery, discrimination, sexism, racism etc. are all big markers for agency and status. Some of them, like slavery, are a direct application of agency. One person has the agency to literally own another. Isms are a little more abstract but boil down to an imbalance of status between two groups. If you belong to the group an imbalance favors, you benefit from that status boost. You can see the evidence of this in plenty of the fiction that inspired the RPG hobby. Conan, for example has a scene in at least every other story where he forces himself on a woman and halfway through the act, she stops struggling to get him off her and starts struggling to get her panties off, because he’s just so manly and good at kissing it changes her mind, and Robert E Howard doesn’t even hold a candle to John Norman in that regard. A lot of early space opera sci-fi was heroic American vs evil communist Asians . . . innnn spaaaaace! There are still plenty of vestiges of this era sticking around too. All dwarves are racist against elves, elves are racist against . . . mostly dwarves, but also everyone. Lots of sentient species are kill on sight morally repugnant, and every half-orc gets the one good half orc treatment.

So, TLDR: RPGs are big power fantasies about imposing your will on others and everyone fawning all over you for doing it, and taken too far the natural extension of this is some of the worst parts of the human experience. Lovely.

Let me put on my devil’s advocate hat for a moment and just take things too far. If the above is true, wouldn’t featuring all of those uncomfortable bits of bad human behavior and allowing PCs to wallow in them make your game a more powerful expression of what RPGs are all about, and wouldn’t your game be better for it? Shouldn’t I be saying: “All this stuff adds to the fantasy that is explicitly the entire point of the game, so put it in your game, lots of it!”

That would be an awfully weird position to take, wouldn’t it? Turns out it’s a tempting position, but not necessarily a good one. First, there’s more than enough opportunity for heroic exploit, agency and status in your average game. Dipping into the more problematic aspects of agency just isn’t necessary. Even if you wanted to, most are very sensitive subjects and should be handled with care and only with complete group buy-in. And of course if you don’t take sensitive issues seriously, like other problem play styles, you run the very real risk of trading in game status for out of game status (i.e.: you get labeled a jerk and no one wants to play with you because you don’t respect others’ boundaries.)

But, can dealing with these difficult extremes of agency and status in your game be done without issues? Yes, but it’s nothing groundbreaking. On the extreme end, with player buy-in you can absolutely play an evil game with PCs that push the envelope. In a more traditional game, you can include these issues but reserve them for villainous NPCs that heroic PCs put a stop to. You can include lesser versions of them (the faux racism of all dwarves and elves). You can reserve involuntary traits indicating a lesser status for non sentient or irredeemably evil beings (golems and demons are OK to pick on because even though their status is linked to race one is a mindless automaton, the other is literally made of evil. If your golems and demons don’t follow that mold, things get hazier. This is where the “all orcs are evil” problems come from. Are orcs inherently evil like in Lord of the Rings, or do they fall in a spectrum like most fantasy races?) In fact, these could lead to some interesting introspective role playing moments. Nothing groundbreaking. All common enough that this is not the first time you’ve heard of them.

So that’s it. That’s the short version of viewing role playing games through the lens of Veblen’s Theory Of The Leisure Class, and the problems that come with it. Hopefully it’s an interesting perspective.



Writing said book has been on my “someday projects” list for quite some time. Also feel free to let me know if that sounds lame and I should let it languish or if it sounds awesome and I should move it up the list

Read the whole story
93 days ago
Christchurch, New Zealand
Share this story

Histamine and Goblet Cells

1 Share
Read the whole story
97 days ago
Christchurch, New Zealand
Share this story

2016 Election Map

I like the idea of cartograms (distorted population maps), but I feel like in practice they often end up being the worst of both worlds—not great for showing geography OR counting people. And on top of that, they have all the problems of a chloro... chorophl... chloropet... map with areas colored in.
Read the whole story
102 days ago
Christchurch, New Zealand
Share this story

More details about mitigations for the CPU Speculative Execution issue

1 Share

Yesterday, Google’s Project Zero team posted detailed technical information on three variants of a new security issue involving speculative execution on many modern CPUs. Today, we’d like to share some more information about our mitigations and performance.

In response to the vulnerabilities that were discovered we developed a novel mitigation called “Retpoline” -- a binary modification technique that protects against “branch target injection” attacks. We shared Retpoline with our industry partners and have deployed it on Google’s systems, where we have observed negligible impact on performance.

In addition, we have deployed Kernel Page Table Isolation (KPTI) -- a general purpose technique for better protecting sensitive information in memory from other software running on a machine -- to the entire fleet of Google Linux production servers that support all of our products, including Search, Gmail, YouTube, and Google Cloud Platform.

There has been speculation that the deployment of KPTI causes significant performance slowdowns. Performance can vary, as the impact of the KPTI mitigations depends on the rate of system calls made by an application. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.

In our own testing, we have found that microbenchmarks can show an exaggerated impact. Of course, Google recommends thorough testing in your environment before deployment; we cannot guarantee any particular performance or operational impact.

Speculative Execution and the Three Methods of Attack

In addition, to follow up on yesterday’s post, today we’re providing a summary of speculative execution and how each of the three variants work.

In order to improve performance, many CPUs may choose to speculatively execute instructions based on assumptions that are considered likely to be true. During speculative execution, the processor is verifying these assumptions; if they are valid, then the execution continues. If they are invalid, then the execution is unwound, and the correct execution path can be started based on the actual conditions. It is possible for this speculative execution to have side effects which are not restored when the CPU state is unwound, and can lead to information disclosure.

Project Zero discussed three variants of speculative execution attack. There is no single fix for all three attack variants; each requires protection independently.

  • Variant 1 (CVE-2017-5753), “bounds check bypass.” This vulnerability affects specific sequences within compiled applications, which must be addressed on a per-binary basis.
  • Variant 2 (CVE-2017-5715), “branch target injection”. This variant may either be fixed by a CPU microcode update from the CPU vendor, or by applying a software mitigation technique called “Retpoline” to binaries where concern about information leakage is present. This mitigation may be applied to the operating system kernel, system programs and libraries, and individual software programs, as needed.
  • Variant 3 (CVE-2017-5754), “rogue data cache load.” This may require patching the system’s operating system. For Linux there is a patchset called KPTI (Kernel Page Table Isolation) that helps mitigate Variant 3. Other operating systems may implement similar protections - check with your vendor for specifics.

Variant 1: bounds check bypass (CVE-2017-5753)
This attack variant allows malicious code to circumvent bounds checking features built into most binaries. Even though the bounds checks will still fail, the CPU will speculatively execute instructions after the bounds checks, which can access memory that the code could not normally access. When the CPU determines the bounds check has failed, it discards any work that was done speculatively; however, some changes to the system can be still observed (in particular, changes to the state of the CPU caches). The malicious code can detect these changes and read the data that was speculatively accessed.

The primary ramification of Variant 1 is that it is difficult for a system to run untrusted code within a process and restrict what memory within the process the untrusted code can access.

In the kernel, this has implications for systems such as the extended Berkeley Packet Filter (eBPF) that takes packet filterers from user space code, just-in-time (JIT) compiles the packet filter code, and runs the packet filter within the context of kernel. The JIT compiler uses bounds checking to limit the memory the packet filter can access, however, Variant 1 allows an attacker to use speculation to circumvent these limitations.

Mitigation requires analysis and recompilation so that vulnerable binary code is not emitted. Examples of targets which may require patching include the operating system and applications which execute untrusted code.
Variant 2: branch target injection (CVE-2017-5715)
This attack variant uses the ability of one process to influence the speculative execution behavior of code in another security context (i.e., guest/host mode, CPU ring, or process) running on the same physical CPU core.

Modern processors predict the destination for indirect jumps and calls that a program may take and start speculatively executing code at the predicted location. The tables used to drive prediction are shared between processes running on a physical CPU core, and it is possible for one process to pollute the branch prediction tables to influence the branch prediction of another process or kernel code.

In this way, an attacker can cause speculative execution of any mapped code in another process, in the hypervisor, or in the kernel, and potentially read data from the other protection domain using techniques like Variant 1. This variant is difficult to use, but has great potential power as it crosses arbitrary protection domains.
Mitigating this attack variant requires either installing and enabling a CPU microcode update from the CPU vendor (e.g., Intel's IBRS microcode), or applying a software mitigation (e.g., Google's Retpoline) to the hypervisor, operating system kernel, system programs and libraries, and user applications.
Variant 3: rogue data cache load (CVE-2017-5754)
This attack variant allows a user mode process to access virtual memory as if the process was in kernel mode. On some processors, the speculative execution of code can access memory that is not typically visible to the current execution mode of the processor; i.e., a user mode program may speculatively access memory as if it were running in kernel mode.

Using the techniques of Variant 1, a process can observe the memory that was accessed speculatively. On most operating systems today, the page table that a process uses includes access to most physical memory on the system, however access to such memory is limited to when the process is running in kernel mode. Variant 3 enables access to such memory even in user mode, violating the protections of the hardware.
Mitigating this attack variant requires patching the operating system. For Linux, the patchset that mitigates Variant 3 is called Kernel Page Table Isolation (KPTI). Other operating systems/providers should implement similar mitigations.

Mitigations for Google products

You can learn more about mitigations that have been applied to Google’s infrastructure, products, and services here.
Read the whole story
106 days ago
Christchurch, New Zealand
Share this story
Next Page of Stories