Share this page!

Enter Twitter Thread URL to Unroll

Needs to be the full URL like: https://twitter.com/threadreaderapp/status/1644127596119195649

How to get URL link on Twitter App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Joe Fitz Profile picture
@securelyfitz
Jan 4, 2018 10 tweets 2 min read Twitter logo Read on Twitter
Here's my layman's not-totally-accurate-but-gets-the-point-across story about how  #meltdown & #spectre type attacks work:

Let's say you go to a library that has a 'special collection' you're not allowed access to, but you want to to read one of the books. 1/10
You go in and go to the librarian and say "I'd like special book #1, and the Sue Grafton novel that corresponds to the first letter of page 1 of that book." 2/10
The librarian dutifully goes and gets special book #1, looks at page 1, sees 'C', and also grabs 'C is for Corpse', and comes back to the desk, but does not show you the books. 3/10
The librarian scans your card, then scans the first book, and says "sorry, you don't have access to this book, let's start over." But puts the books on the nearby re-shelve cart instead of back on the shelf. 4/10
In response you say "I'd like to borrow 'A is for Alibi' and the librarian responds "just a moment while I get that". You interrupt and ask for 'B is for Burgler and the librarian responds "just a moment while I get that" again. 5/10
When you interrupt again, and say "I'd also like C is..." the librarian interrupts you to say ' oh I have that one right here on the cart!" 6/10
You say "Great! But actually I don't want any books. You can put all those back!" and write down 'C' in your notebook. 7/10
The dutiful librarian re-shelves all the books and then you repeat the process... For every single letter on every page in special book #1. The librarian is especially dutifully and luckily fast, so this only takes you a few moments. 8/10
Let's try fixing it by having a separate shelf, reshelving rack, librarian, and line for the special collection. It solves the problem, but all the people who have access to and use the special collection complain about how it takes 5 to 30% longer to get their books. 9/10
So, the books are memory. The special collection is operating system or other programs memory. The reshelving rack is cache and/or register file. The librarian is the page management.
It's not a perfect analogy, but it describes it in non-technical terms. Feedback welcome. 10/10

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Joe Fitz

Joe Fitz Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @securelyfitz

Joe Fitz Profile picture
Oct 8, 2018
Do I Have a Hardware Implant?

I’ve gotten lots of inquiries if I could analyze some hardware for or could recommend someone who might.

I’ll be blunt - most of you don’t need this. Here are some things you should consider before seeking out services like this:
1. It’s unlikely you’re affected. Really. Even assuming every claim is true, and even if there is a secret device on every single X brand motherboard, it’s unlikely you’re targeted by whatever payload the implant carries.
2. There are no published hardware indicators of compromise (IOCs). The device and placement referenced in the article are only representative and not actual devices. Having experienced hardware eyes on your board might pick out something odd, but won’t be conclusive.
Read 23 tweets
Joe Fitz Profile picture
Oct 5, 2018
Hector and others have identified the component used in the bloomberg article to represent the hardware implant. I'd like to share my perspective on whether it's realistically possible:
If someone said that the implant was found inside a coupler, first I'd check component suppliers for couplers that might fit the bill. And the one displayed is pretty much the smallest one you can find with 'coupler' in the name.
A coupler is a filter - you'd normally have signals coming in & filtered signals going out the other side.
If you see a piece of alumina or ceramic and it has markings on top with a coupler's model number you'll assume that's what it is.
Perfect man-in-the-middle opportunity
Read 12 tweets
Joe Fitz Profile picture
Oct 4, 2018
At one point in time I had a conversation about how I would put a hardware implant into a system. I'm delighted to see @qrs had a very similar assessment:
Given a photo of a server motherboard, this was my response after a few minutes. You'll have to take my word i wrote this 4 Sept 2017.

" Well, you picked an easy one, it already has a backdoor :)"
"The ASPEED chip (1) is the BMC or Board Management Controller. It's an extra CPU on the system that is supposed to 'manage' the actual server that does all the work, like negotiating power supplies and storage connections with the rest of the servers in the rack."
Read 17 tweets
Joe Fitz Profile picture
Oct 4, 2018
There’s recent news about some really interesting hardware implants. I wanted to take a bit to share more technical thoughts and details that can’t be reduced to a mainstream article on the topic.
threaded: securinghardware.com/articles/hardw…
The core of the claim is that someone implanted extra components on some server motherboards that would do malicious stuff, subvert the system and possibly allow it to ‘phone home’. I looked at the claims through a technical and feasibility lens.
I’ve studied hardware implants for a few years now. I’ve done multiple reviews of server hardware looking for backdoors I profit, via @securinghw and @SecureHardware, from people being more interested in hardware security.
Read 32 tweets
Joe Fitz Profile picture
Jul 24, 2018
Remember the USB fans from Singapore that were in the news? @HackingThings and I took some more of them apart and there's plenty of potential for foul play.
This is an older lightning port fan that @HackingThings had. No surprise there's a chip in there to speak SDQ to tell the iPhone to supply power
We hooked up a @saleae logic analyser and tried @stacksmashing's protocol decoder:
Read 12 tweets
Joe Fitz Profile picture
Jun 4, 2018
Congratulations, your talk has been declined! Many of us have been disappointed or relieved by a rejection in the past few days. As a follow-on to my previous post about the CFP process and writing an abstract, I figured it would be fitting to write a bit about what to do now.
Long form posted and will be updated here: securinghardware.com/articles/congr…

Don’t worry, a post about what to do if you’re *accepted* should come right on time, about a week before Black Hat and Defcon.
It’s okay to be disappointed. You put lots of work into your research, and more into making it look good for the cfp. If you’re smart, you’ve been scrambling to deliver on the things you promised in case they asked for more info. It might feel like all that was a waste of time.
Read 20 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(