Buy the book at
www.amazon.com/author/paulbabicki
Rowhammer
Posted by: Margaret
Rouse
Contributor(s):
Madelyn Bacon
Rowhammer is a vulnerability in commodity dynamic random
access memory (DRAM) chips that allows an attacker to
exploit devices with DRAM memory by repeatedly accessing (hammering) a row of
memory until it causes bit flips and transistors in adjacent rows of memory
reverse their binary state: ones turn into zeros and vice versa.
The flaw, first reported in the paper "Flipping Bits
in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance
Errors," detailed how, as DRAM processes continues to scale to smaller
sizes, it becomes more difficult to prevent individual memory cells from
interacting with neighboring cells.
The Rowhammer flaw allows memory manipulation to be used
by malicious actors to extract data such as passwords from vulnerable systems.
The flaw has been detected in DDR3 and DDR4 DRAM chips and, when combined with
other attacks, can be used to access the contents of memory on systems using
vulnerable chips. The Google Project Zero team published details
of its proof of concept code for exploits of
Rowhammer on x86-64 Linux machines, but they wrote that
the exploit was likely not specific to Linux systems.
Rowhammer accomplishes this manipulation by forcing the
repeated reading and recharging of a row of capacitors in a DRAM chip. The repeated
reading and recharging of a row happens when an attacker uses the machine code
instruction Cache Line Flush (CLFLUSH) to clear the cache, as shown in the 2014 research paper
from Carnegie Mellon University and Intel Labs researchers. Caching limits
prevent bit flipping from occurring normally, so the repeated CLFLUSH overloads
the system. When the bit flipping happens too often and in capacitor rows too
close together, neighboring capacitors begin to interact electrically, and this
opens up the opportunity to exploit the Rowhammer flaw.
Researchers at Intel became aware of Rowhammer in 2012
and filed patent applications that were publically disclosed, but the
vulnerability didn't garner much attention until 2014 when the research paper
was published. DRAM chips are an important part of most electronic devices,
including those that are essential to computers. As such, DRAM vulnerabilities
like Rowhammer cannot be fixed with basic security software or operating system
(OS) updates. Rowhammer continues to be used in new attacks.
===================================================== For a great satire on email, please see the following:
https://www.youtube.com/watch?v=HTgYHHKs0Zwscoop_post=bcaa0440-2548-11e5-c1bd-90b11c3d2b20&__scoop_topic=2455618
===============================================
Good Netiquette And A Green Internet To All!
=========================================================================================Tabula Rosa Systems - Tabula Rosa Systems (TRS) is dedicated to providing Best of Breed Technology and Best of Class Professional Services to our Clients. We have a portfolio of products which we have selected for their capabilities, viability and value. TRS provides product, design, implementation and support services on all products that we represent. Additionally, TRS provides expertise in Network Analysis, eBusiness Application Profiling, ePolicy and eBusiness Troubleshooting. We can be contacted at:
===============================================================
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
Anyone who would like to review the book and have it posted on my blog or website, please contact me paul@netiquetteiq.com.
In addition to this blog, I maintain a radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and PSG of Mercer County, NJ.
Additionally, I am the president of Tabula Rosa Systems,
a “best of breed” reseller of products for communications, email,
network management software, security products and professional
services. Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.
Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology marketplace.
=============================================================
No comments:
Post a Comment