On Wed, 10 Jan 2018 15:26:04 -0600, Tom Marchant <m42tom-ibmm...@yahoo.com> wrote:
>On Wed, 10 Jan 2018 21:44:29 +0100, R.S. wrote: > >>BTW: It's worth to remember chances the vulnerability would really >>compromise system security are really small. (IMHO) > >I agree. Especially since the method of exploiting it involves flushing >cache and testing to see what memory location was reloaded into >cache. In a real system the amount of cache activity is too high for >the technique to be reliable. And the attacking task would use a lot >of CPU, making it unlikely that WLM would allow it to complete its >work without being interrupted frequently. Assuming, of course, that the attack occurs on a heavily-used production system. On a more lightly-used system, perhaps a test system with access to shared data or with a shared security database or shared ICSF data such that credentials "stolen" on one system could be used on another, it might be more successful. That would come down to other factors of data segregation and security, and require additional analysis. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
