Oh no.

  • Espi@kbin.social
    link
    fedilink
    arrow-up
    45
    ·
    1 year ago

    All these kind of CPU level vulnerabilities are the same, they are only really “risky” if there is malicious software running in the computer in the first place.

    The real problem is that these CPU-level vulnerabilities all break one of the core concepts of computers, which is process separation and virtual memory. If process separation is broken then all other levels of security become pointless.

    While for desktops this isn’t a huge problem (except when sometimes vulnerabilities might even be able to be exploited though browsers), this is a huge problem for servers, where the modern cloud usually has multiple users in virtual machines in a single server and a malicious user could steal information across virtual machines.

    • towerful@reddthat.com
      link
      fedilink
      English
      arrow-up
      31
      ·
      edit-2
      1 year ago

      Your first paragraph isn’t quite right.
      Modern hacks/cracks aren’t a “do this and suddenly you are in” type deal.
      It’s a cascade chain of failures of non-malicious software.
      Saying “don’t have a virus” is absolutely correct, however that’s not the concern here.
      The concern is about the broadening of the attack surface.

      A hacker gets minor access to a system. Leverages some CVE to get a bit more access, and keeps poking around and trying CVEs (known or unknown) until they get enough access to run this CVE.
      And then they can escape the VM onto the host or other VMs on the same system, which might then give them access to a VM on another host, and they can escape that VM to get access to another VM, and on and on.

      Very quickly, there is a fleet of VMs that are compromised. And the only sign of someone poking around is on the first VM the hacker broke into.
      All other VMs would be accessed using trusted credentials.

      ETA:
      Infact, it doesn’t even need to be a hacker.
      It could be someone uploading a CI/CD task using their own account. It extracts all API keys, usernames and passwords it can find.
      Suddenly, you have access to a whole bunch of repositories and APIs.
      Then you can sneak in some malicious code to the git repo, and suddenly your malicious code is being shipped within legit software that gets properly signed and everything.