Tuesday 20 October 2015

PassMark received offer to not release rowhammer test

Here's an interesting report of skulduggery related to the rowhammer bug.

PassMark say they received an offer to not release a rowhammer test in their MemTest86 tool, in return for payment:

"We had anonymous contact offering to act as a go between between us and unnamed memory companies, with a view to paying us not release the new version of MemTest86. Who knows how serious the offer was.

Needless to say we didn't take up that option, and just released the software anyway.

But the issue is a BIG issue. The lack of publicity up to now is somewhat surprising considering the implications. Many computers are fundamentally (slightly) unreliable in a random ways. Maybe this doesn't matter for home use, but for medical devices, banking systems, flight control systems, etc.. it is a big deal."

The quoted post is from 20th February 2015 – after the rowhammer bug was publicised by the CMU paper but before we published about the exploitability of the bug.

Some background: PassMark are the maintainers of MemTest86. (MemTest86 should not be confused with MemTest86+ which is an alternative, open source fork of the same original codebase.)