| Thread Tools |
13th September 2019, 08:57 | #1 |
[M] Reviewer Join Date: May 2010 Location: Romania
Posts: 148,597
| Intel responds to NetCat bug Not much to worry about Intel has responded to the news that a bug, dubbed NetCat, can in specific scenarios abuse DDIO to obtain keystrokes and possibly other types of sensitive data that flow through the memory of vulnerable servers saying it is "low severity". For those who came in late, the warning came from Dutch VUSec security boffins at the Vrije Universiteit Amsterdam but Intel tells us that the issue is low severity. A spokesman said that Chipzilla received notice of this research and determined it to be low severity (CVSS score of 2.6) primarily due to complexity, user interaction, and the uncommon level of access that would be required in scenarios where DDIO and RDMA are typically used. Additional mitigations include the use of software modules resistant to timing attacks, using constant-time style code. In scenarios where DDIO and RDMA are enabled, strong security controls on a secured network are required as an attacker would need to have Read and Write RDMA access on a target machine using DDIO. In the complex scenarios where DDIO and RDMA are typically used, such as massively parallel computing clusters, the access an attacker would need would be uncommon. Additional mitigations include the use of existing software modules resistant to constant-time style attacks, previously published best practices and guidelines for side channel resistance, as well as guidance for mitigating timing side channels against cryptographic implementations. https://fudzilla.com/news/49382-inte...-on-netcat-bug |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
LG Responds to EC Decision on CRT Displays | Stefan Mileschin | WebNews | 0 | 6th December 2012 08:04 |
AMD Responds to Intel's Larrabee | jmke | WebNews | 0 | 8th December 2009 09:20 |
Intel Responds to Fragmentation with New X25-M Firmware | jmke | WebNews | 0 | 14th April 2009 11:05 |
Intel Responds to AMD, NVIDIA USB 3.0 Allegations | jmke | WebNews | 5 | 14th August 2008 00:31 |
Intel responds to EU action | jmke | WebNews | 0 | 18th July 2008 14:48 |
Intel responds to EU antitrust charges | jmke | WebNews | 0 | 8th January 2008 15:16 |
Intel Responds to EU Charges | jmke | WebNews | 0 | 28th July 2007 09:48 |
Intel Responds to AMD Quad FX System | jmke | WebNews | 3 | 9th January 2007 15:00 |
MS Responds To HD-DVD Reports: Big fat no. | jmke | WebNews | 0 | 16th December 2005 17:05 |
MSI responds to 6800GT problems | jmke | WebNews | 1 | 4th February 2005 15:25 |
Thread Tools | |
| |