Hacker News new | past | comments | ask | show | jobs | submit login

> People should also be aware that disabling DDIO comes at a significant performance cost. So far as the researchers know, chips from AMD and other manufacturers aren't vulnerable because they don't store networking data on shared CPU caches.

Again, performance gains leak sensitive data and the solution is to disable some features (and loose performance as well). Seems that Intel chose between performance x security, and security lost.

> Intel DDIO is enabled by default on all Intel Xeon processor E5 family and Intel Xeon processor E7 v2 family platforms. (from https://www.intel.com/content/www/us/en/io/data-direct-i-o-t...)

Seems that it was used in 2012-2014 processors, so it's an attack on 5-years-old processors. Perhaps the impact isn't that great nowadays, but I couldn't find it the same attack can be made in more recent CPUs.




The web site of the researchers says:

> Yes, DDIO is enabled transparently by default in all Intel server-grade processors since 2012 (Intel Xeon E5, E7 and SP families).

https://www.vusec.net/projects/netcat/




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: