(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Researchers were able to reproduce bit-flipping attacks on Crucial Ballistix DDR4 DIMMs like those shown here.

Physical weaknesses in memory chips that make computers and servers susceptible to hack attacks dubbed "Rowhammer" are more exploitable than previously thought and extend to DDR4 modules, not just DDR3, according to a recently published research paper.

The paper, titled How Rowhammer Could Be Used to Exploit Weaknesses in Computer Hardware, arrived at that conclusion by testing the integrity of dual in-line memory modules, or DIMMs, using diagnostic techniques that hadn't previously been applied to finding the vulnerability. The tests showed many of the DIMMs were vulnerable to a phenomenon known as "bitflipping," in which 0s were converted to 1s and vice versa. The report was published by Third I/O, an Austin, Texas-based provider of high-speed bandwidth and super computing technologies. The findings were presented over the weekend at the Semicon China conference.

"Based on the analysis by Third I/O, we believe that this problem is significantly worse than what is being reported," the paper warned. "And it is still visible on some DDR4 memory modules."

Read 11 remaining paragraphs | Comments

[CVE-2016-2345] Solarwinds Dameware Mini Remote Control Remote Code Execution Vulnerability
Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting
CVE-2016-1520: GrandStream Android VoIP App Update Redirection
Multiple (persistent) XSS in ProjectSend
CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning Vulnerability
CVE-2016-1519: GrandStream Android VoIP App TLS MitM Vulnerability
Internet Storm Center Infocon Status