Modern RAM Used For Computers, Smartphones Still Vulnerable To Rowhammer Attacks

An anonymous reader quotes a report from ZDNet: According to new research published today, modern RAM cards are still vulnerable to Rowhammer attacks despite extensive mitigations that have been deployed by manufacturers over the past six years. These mitigations, collectively referred to as Target Row Refresh (TRR), are a combination of software and hardware fixes that have been slowly added to the design of modern RAM cards after 2014 when academics disclosed the first-ever Rowhammer attack. But in a new research paper titled today and titled "TRRespass: Exploiting the Many Sides of Target Row Refresh," a team of academics from universities in the Netherlands and Switzerland said they developed a generic tool named TRRespass that can be used to upgrade the old Rowhammer attacks to work on the new-and-improved TRR-protected RAM cards. The new upgraded attacks work on both DIMM and LPDDR4 memory types, and can be used to retrieve encryption keys from memory, or escalate an attacker's access right to sudo/SYSTEM-level.

Not much progress.

[Fly Swatter]

It seems just like today Rowhammer was in the news [slashdot.org]

Re:Not much progress.

[Dutch Gun]

As it turns out, modern Slashdot is still vulnerable to dupe attacks.

Re:

[Rick Schumann]

Yup. [slashdot.org]

Re:

[Rick Schumann]

Slashdot staff must all be working from home and aren't communicating with each other.

Re:

[WoodstockJeff]

Actually, that should have IMPROVED the situation!

Technicalities

[hcs_$reboot]

A while ago, my Slashdot page still had on the right side a list of replies to my comments. Was easy to follow-up. Not anymore. I suspect a bug ; maybe nobody can maintain the code anymore?
About the dupes: how difficult is it to automatically grab the keywords from a new topic title and "grep" that within the published titles? It's not.
Well, Perl is "write only" as we like to say, but I'd happily give this code a try...

Nice to see some stability

[Opportunist]

You know, with the world at turmoil, with Covid running rampart, SMB insecure and ram too, at least you can rely on Slashdot to dupe stories faithfully, and the less interesting the more likely.

It's kinda comforting, don't you think?

Re:

[gweihir]

And here I was wondering why the number of comments suddenly was so low....

Re:

[Opportunist]

While we're at joking, what do an internet addict and an F-14 pilot have in common? Both break out in cold sweat when the display shows NO CARRIER.

Yeah, it's old, but maybe some of the old farts haven't been killed off by Corona yet that still understand it.

slashdot purchased by apple?

[ThePhish]

It's not a mistake, it's just a feature you didn't know you needed yet.