emoji-award-marseynothingburger
Jump in the discussion.

No email address required.

>exploiting the bug would require hackers to already have obtained relatively deep access to an AMD-based PC or server [...]

:#marseynothingburger:

Jump in the discussion.

No email address required.

This is indeed a nothing burger. Buy the dip.

This isn't not financial advice, Do it, cute twinks.

Jump in the discussion.

No email address required.

Jump in the discussion.

No email address required.

You can go from ring 0 to ring -2

here is a "ring" for you r-slur :#mariogoatse:

Jump in the discussion.

No email address required.

:spreadbussy#:

Jump in the discussion.

No email address required.

Good thing the only ring I care about is

:#marseygoatse:

Jump in the discussion.

No email address required.

:#marseyslurpfast:

Jump in the discussion.

No email address required.

:#marseyshy:

Jump in the discussion.

No email address required.

As we saw with the Crowdstrike thing, you'd only need to install a crafted file on a webhost to gain kernel-level control over millions of devices. With this exploit you could even silently install malware in the SMM and return to the driver as if nothing happened—something that would be practically impossible to detect even in the kernel.

Jump in the discussion.

No email address required.

Nerd


https://i.rdrama.net/images/17191743323420358.webp

Jump in the discussion.

No email address required.

explain this pls i have no clue but seems dramatic

Jump in the discussion.

No email address required.

:marseybeingnerd: sure I love explaining this stuff

When you run a normal program on a computer, it is unprivileged. It cannot directly touch your hardware or other applications. This is handled by the processor itself, and for Intel/AMD processors this is called ring 3.

If a program needs to interact with something else, it sends a request to the operating system. The part of the OS that handles these messages is called the kernel, and it runs in the privileged ring 0 (nobody uses rings 1 or 2). The kernel validates the request, checks if the app is authorized to do the thing it wants, and then passes the request to the driver or other application. :marseygatekeeper2:

You can do almost anything in ring 0; you have near-full control over memory (including all running applications) and hardware. That's why anti-virus and kernel-level anti-cheat are so powerful: the can see everything you do. :marseyglow: It also means that a frick-up can blow up the entire system, like Crowdstrike did, from a distance, by pushing an update over-the-air! :marseymushroomcloud:


About 30 years ago, Intel and AMD introduced System Management Mode to their CPUs. This is an even more privileged ring within the processor ("ring -2"), one that even the OS can't influence. It handles various aspects of the hardware that previously had dedicated chips, such as power management, fan speed control, legacy I/O ports, and so on. It also glows :marseyglow2: because it can touch everything, the kernel cannot inspect it, nor can the kernel prevent it from running.

The SMM has been exploited a bunch already, so the manufacturers have started to introduce various ways to lock people out of touching it. The beauty of the exploit here is that it can bypass this lock: now you can install an undetectable, unstoppable virus that you can only remove by exploiting the CPU again. Once infected, the system is pretty much trash.

The Crowdstrike issue was because of a malformed file read by a driver running within the kernel. It was programmed so horribly bad that it may be easy to create a file such that the driver starts executing code hidden within the file, granting anyone remote access to privileged parts of the system. Allowing you to install your virus all over the world on critical systems, undetected, permanently.

This is the sort of thing that the NSA will have been using for years already, I expect.


except for the even-glowier Management Engine/Platform Security Processor in ring -3

inb4 lpb

Jump in the discussion.

No email address required.

https://i.rdrama.net/images/17035472185349927.webp

Jump in the discussion.

No email address required.

is this stuff actually useful or did the intel nerds do this just to have keep their job?

Jump in the discussion.

No email address required.

There's a legitimate reason to make the system management mode non-negotiable, because you don't want to let a frozen OS prevent the SMM from shutting down the CPU if it overheats and stuff like that.

While you could do all of this in hardware, if you do it in software you can use the existing CPU core for much more fancy features and easier updating.

Jump in the discussion.

No email address required.

It's certainly useful for the NSA.

Not sure how much the power management stuff it does really matters. I think in enterprise it can be used for device management and stuff as well.

Jump in the discussion.

No email address required.

He's saying it can infect like HIV: even if you eliminate it everywhere you can see, it is embedded deeply enough to come back from its lair.

Jump in the discussion.

No email address required.

Computer aids from unprotected internets

Jump in the discussion.

No email address required.

how can a virus infect hardware?

Jump in the discussion.

No email address required.

There are enclaves of hardware on modern CPUs that have their own storage and processing -- and deeper control of the system than the OS has (even the kernel). If you infect that, fixing it is like curing someone of HIV.

Jump in the discussion.

No email address required.

/ Hahahahahahahaha How The Fuck Is Kernel Level Malware Real Hahahaha Nigga Just Unsocket The CPU Like Nigga Just Take It Out Your Computer Haha
Jump in the discussion.

No email address required.

literally why?

Jump in the discussion.

No email address required.

So that manufacturers can run their own programs (on behalf of the government) without the user's knowledge.

Jump in the discussion.

No email address required.

means literally any used hardware is unsafe which is kinda big

also couldn't it just piggyback or pretend to be popular software that does have kernel access

Jump in the discussion.

No email address required.

Link copied to clipboard
Action successful!
Error, please refresh the page and try again.