Intel hardware bug

[Cy Schubert]

According to a Red Hat announcement, Power and Series z are also vulnerable.

---
Sent using a tiny phone keyboard.
Apologies for any typos and autocorrect.
Also, this old phone only supports top post. Apologies.

Cy Schubert
<Cy.Schubert at cschubert.com> or <cy at freebsd.org>
The need of the many outweighs the greed of the few.
---

-----Original Message-----
From: Eric McCorkle
Sent: 05/01/2018 04:48
To: Jules Gilbert; Ronald F. Guilmette; Freebsd Security; Brett Glass; Dag-Erling Smørgrav; Poul-Henning Kamp; freebsd-arch at freebsd.org; FreeBSD Hackers; Shawn Webb; Nathan Whitehorn
Subject: Re: Intel hardware bug

On 01/05/2018 05:07, Jules Gilbert wrote:
> Sorry guys, you just convinced me that no one, not the NSA, not the FSB,
> no one!, has in the past, or will in the future be able to exploit this
> to actually do something not nice.

Attacks have already been demonstrated, pulling secrets out of kernel
space with meltdown and http headers/passwords out of a browser with
spectre.  Javascript PoCs are already in existence, and we can expect
them to find their way into adware-based malware within a week or two.

Also, I'd be willing to bet you a year's rent that certain three-letter
organizations have known about and used this for some time.

> So what is this, really?, it's a market exploit opportunity for AMD.

Don't bet on it.  There's reports of AMD vulnerabilities, also for ARM.
I doubt any major architecture is going to make it out unscathed.  (But
if one does, my money's on Power)
_______________________________________________
freebsd-arch at freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe at freebsd.org"