On 10/04/2018 03:13 PM, Scott Weeks wrote:
--- eric.kuhnke@gmail.com wrote: From: Eric Kuhnke <eric.kuhnke@gmail.com>
many contractors *do* have sensitive data on their networks with a gateway out to the public Internet. ----------------------------------------
I could definitely imagine that happening.
scott
I always loved the early "HIPPA" systems at the doctor's office where the web browser was not restricted, nor the email client, and they ran XP. These didn't even need a hardware feature to exploit... Even in a server, though, given spectre or an equivalent (remember this could be exploited from javascript in a browser or php or...) if apps were present on a machine with both kinds of info/connections, we don't even need custom chips, the path is there in cache-management/pipeline-management bugs. I once ran into a cute bug in a power-pc chip (405ep, used in some older switches as the management processor) where I had to mark all I/O buffers non-cachable (yes, this is a good idea anyhow, but the chip documentation said that an invalidate/flush in the right places took care of that, and I really needed the speed later during packet parsing. And no, copying the packets was prohibitive...) Anyhow, with an 30 (or so) mbit stream coming into ram, about every 30 seconds, the ethertype byte came in 0 instead of 0800 (the responsible bug was in cache management, and the errata item describing it required 5 separate steps involving both processor and I/O access to that address or one in that cache line. At least this system wasn't multiuser... A friend who read the errata item said (and I agree) it looks like a Rube Goldberg sequence. (yes, I'm dating myself.) As far as I know, 10 years later, the bug has never been fixed in the masks (of course, most ppc (and embedded mips) designs are now going to ARM chips. Don't know how much better that is; some of the speed-demon versions of that have a version of spectre.) -- Pete