On Tuesday, an international team of researchers unveiled BadRAM, a proof-of-concept attack that completely undermines security assurances that chipmaker AMD makes to users of one of its most expensive and well-fortified microprocessor product lines. Starting with the AMD Epyc 7003 processor, a feature known as SEV-SNP—short for Secure Encrypted Virtualization and Secure Nested Paging—has provided the cryptographic means for certifying that a VM hasn’t been compromised by any sort of backdoor installed by someone with access to the physical machine running it.

  • @WagnasT
    link
    English
    8521 hours ago

    Looks like AMD has already patched it, also appears to affect older Intel versions of the same tech concept but not current generations.

    Only really affects guests in multi tenant hypervisor environments, requires physical access to the hypervisor, requires external physical hardware, requires booting the host with said hardware attached, at some point this level of compromise is already absurd. This kind of research is important and shows that we still need to limit out level of trust with host providers but I don’t think anyone needs to panic.

    • Dark Arc
      link
      fedilink
      English
      3617 hours ago

      Kinda annoyed with Ars for perpetuating this trend of dramatized security vulnerability names and descriptions.

      • Bakkoda
        link
        fedilink
        English
        7
        edit-2
        13 hours ago

        Ars went the way of Toms a while ago for me. There’s some decent stuff to be found but most of it is click/rage bait.

        • Dark Arc
          link
          fedilink
          English
          211 hours ago

          I still think it’s generally more good than bad and I appreciate they provide an authenticated ad free RSS feed for subscribers, but I think this was one of their worst headlines.

    • @Tangent5280
      link
      English
      1717 hours ago

      If someone breaks into your home and shits your pants then they might be able to make you smell like shit.

      • @[email protected]
        link
        fedilink
        English
        416 hours ago

        Legit question: is the “he/she shits your pants” expression and generally shit verbiage own vogue or something?

        I have to ask because I keep seeing it and I’m pretty sheltered from corporate social media (and probably larger Internet cultural trends overall).