Re: Meltdown – Spectre

Tue Jan 9 15:24:47 UTC 2018

On Tue, Jan 9, 2018 at 10:38 PM, James B. Byrne via freebsd-questions <
freebsd-questions at freebsd.org> wrote:

> I have read some accounts which seem to imply that the rate of ssh
> attacks measurably increased following the announcement of these two
> flaws.  The implication being that there was some cause and effect
> relationship.  I cannot fathom what this could be.
>
> I do not wish to exist in a state of blissful ignorance.  But, neither
> do I wish to overestimate the degree of threat these two flaws present
> to our operations.
>
> From what I have read the impression I obtain is that both of these
> two security flaws require that unaudited software be allowed to run
> on the affected hosts.  If one is running a private data centre, and
> if only authorized software is permitted to run therein, then how much
> of a threat does this development pose to such?
>
> It seems to me that public 'cloud' environments is where this sort of
> stuff would find its most vulnerable targets.  Private data systems
> are no more likely to succumb to attacks along this vector than to any
> other routinely available rootkit.  Is that a fair assessment?
>
>
> --
> ***          e-Mail is NOT a SECURE channel          ***
>         Do NOT transmit sensitive data via e-Mail
>  Do NOT open attachments nor follow links sent by e-Mail
>
> James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
> Harte & Lyne Limited          http://www.harte-lyne.ca
> 9 Brockley Drive              vox: +1 905 561 1241
> Hamilton, Ontario             fax: +1 905 561 0757
> Canada  L8E 3C3
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe at freebsd.org"
>
There was a rowhammer bug that made big news in 2016
https://arstechnica.com/information-technology/2016/10/using-rowhammer-bitflips-to-root-android-phones-is-now-a-thing/

There's a paper, github repo with code and I doubt that those bugs have
been patched even up to this day.

I think it was around this time when Google started looking into this and a
bit later when they discovered the CPU architecture vulnerabilities that
they tried to keep under wraps until it was patched.

If u saw how big that botnet got, you'll understand the value that shady
people can extract from these types of exploits.

Right now we're just waiting, my opinion on the matter is that this is just
too good for shady teams not to try to exploit.

Those patches will be mercilessly attacked because the pot of gold is just
too large.

Not only that what about users who say, I just cannot accept up to %30
decrease in performance so they actively try to remove the patches?

You do not need unauthorized software, any software running on your system
can exploit you.

A webpage with Javascript could trigger rowhammer exploit:
https://motherboard.vice.com/en_us/article/9akpwz/rowhammerjs-is-the-most-ingenious-hack-ive-ever-seen

That means a website with javascript can conjure up Spectre or Meltdown.

Being scared won't help, but I can't wait to see how atrocious this thing
becomes.

Cheer up, it's like that comic where the dog is sitting in the burning
house drinking coffee, "it's fine"
https://cdn.vox-cdn.com/thumbor/2q97YCXcLOlkoR2jKKEMQ-wkG9k=/0x0:900x500/1200x800/filters:focal(378x178:522x322)/cdn.vox-cdn.com/uploads/chorus_image/image/49493993/this-is-fine.0.jpg