On 9/27/25 02:28, Peter Gutmann wrote: > Jacob Bachmeyer <[email protected]> writes: > >> I am somewhat skeptical about this, simply because there have been many >> "proper solutions" to Rowhammer that have thus far failed. > > It depends on what you mean by "failed". Rowhammer is an attack that no > (real-life) attacker has ever used, and no real-life attacker will ever use, > because there are about, oh, six million much easier ways to get what you > want. So while a theoretical defence has failed against a theoretical attack, > in practice nothing of value has been lost. > > (Not saying that it's not a cool attack, just that it's not one we have to > worry about. What we do have to worry about is phishing, buffer overflows, > SQL and more generally script injection, supply-chain attacks, it's a long > list). > > Peter.
What about attackers trying to escape VMs? At some point the hardware might actually become the weakest link. Is there something about Rowhammer specifically that makes it an unattractive attack, even for nation-state attackers against well-protected targets? -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
