RAMBleed attack can steal sensitive data from computer memory
-
Researchers found a new vulnerability that impacts the confidentiality of data stored in a computer's memory. Using it, they were successfully able to extract a signing key from an OpenSSH server using normal user privileges.
That's it - no one gets to connect to any server any more
-
Researchers found a new vulnerability that impacts the confidentiality of data stored in a computer's memory. Using it, they were successfully able to extract a signing key from an OpenSSH server using normal user privileges.
That's it - no one gets to connect to any server any more
I'm still really skeptical of these types of claims (including Meltdown and Spectre). These reports tend to be long on claims and short on details of their actual experimental setup. If I pointed them to a loaded up server actively running several processes and OpenSSH, would they be able to do what they claim to have done?
-
Researchers found a new vulnerability that impacts the confidentiality of data stored in a computer's memory. Using it, they were successfully able to extract a signing key from an OpenSSH server using normal user privileges.
That's it - no one gets to connect to any server any more
The success measured a rate of 0.3 bits per second and an accuracy of 82%. To obtain the full data, the researchers used a variant of the Heninger-Shacham algorithm that can recover RSA keys from partial information.
A method to reduce the risk of this type of read-side attack is to flush encryption keys from memory immediately after using them. This lowers the chances of learning the secret data because RAMBleed needs it to stay in memory for at least one refresh interval, which is 64ms by default.
I'm not saying that this vulnerability is not real but the article is a bit "click-baity" at least. Yes, they were able to read memory from out of process space, but if an attacker can get access to the server with enough knowledge of memory mapping and ability to run own programs in address space physically aligned to victim's for so long that 0.3 bits per second will hopefully get them enough portion of the key to figure out the rest… I would say there are definitely easier ways to compromise the server.
-- "My software never has bugs. It just develops random features."
-
Researchers found a new vulnerability that impacts the confidentiality of data stored in a computer's memory. Using it, they were successfully able to extract a signing key from an OpenSSH server using normal user privileges.
That's it - no one gets to connect to any server any more
-
The success measured a rate of 0.3 bits per second and an accuracy of 82%. To obtain the full data, the researchers used a variant of the Heninger-Shacham algorithm that can recover RSA keys from partial information.
A method to reduce the risk of this type of read-side attack is to flush encryption keys from memory immediately after using them. This lowers the chances of learning the secret data because RAMBleed needs it to stay in memory for at least one refresh interval, which is 64ms by default.
I'm not saying that this vulnerability is not real but the article is a bit "click-baity" at least. Yes, they were able to read memory from out of process space, but if an attacker can get access to the server with enough knowledge of memory mapping and ability to run own programs in address space physically aligned to victim's for so long that 0.3 bits per second will hopefully get them enough portion of the key to figure out the rest… I would say there are definitely easier ways to compromise the server.
-- "My software never has bugs. It just develops random features."
I agree. In my opinion, the worst part about these things is how they are responded to. The mitigation tactics slow the processor down measurably. I think it would be far better to improve front-end security and prevent malicious code from being launched in the first place.
"They have a consciousness, they have a life, they have a soul! Damn you! Let the rabbits wear glasses! Save our brothers! Can I get an amen?"