Using microarchitecture bugs to beat authenticated pointers.

[Dave Aitel via Dailydave <dailydave () lists aitelfoundation org>]

If you've walked through the Underworld long enough, you've run into
demons. Or maybe it's the other way around - by running into enough demons,
you might realize you are walking through the Underworld. And by making
friends with them, if you are lucky, you might realize you are a demon
yourself.

[image: image.png]
My brother in Zeus - this is just tempting the Fates.

Every so often an exploit from the Underworld is found. Maybe one or two a
year is dragged screaming curses in a long-dead language out into the
sunlight, pinned against a Kaspersky GReaT blogpost, and vivasected for the
world.

Sometimes these are simple bugs, with complex exploitation chains.
Sometimes these are complex bugs, but with reliable simple exploit chains.
Occasionally you see a host of bugs, all linked together like fire ants
fording a stream. If you've walked through the Underworld enough you'll
simply nod in recognition of them, perhaps stop to admire the artwork of
the Runes carved into their skins by some unknown spellcrafter.

My point is this: it doesn't matter what the real-world utility is for an
exploit, because demons don't care. They operate partially in the future,
perhaps. Or maybe ignoring real-world utility evolved as a sense of
necessity of staying ahead of the eyes hunting for them. I'm not sure. But
my rule - a core axiom of persistent engagement - is that if it can be
done, it is being done already.

-dave

_______________________________________________
Dailydave mailing list -- dailydave () lists aitelfoundation org
To unsubscribe send an email to dailydave-leave () lists aitelfoundation org