Intel hardware bug
K. Macy
kmacy at freebsd.org
Fri Jan 5 19:47:46 UTC 2018
On Fri, Jan 5, 2018 at 11:37 AM, K. Macy <kmacy at freebsd.org> wrote:
> On Fri, Jan 5, 2018 at 11:11 AM, Cy Schubert <Cy.Schubert at cschubert.com> wrote:
>> According to a Red Hat announcement, Power and Series z are also vulnerable.
>>
>
> Link?
Spectre yes. Meltdown no. Spectre is a problem but much harder to
exploit. It's Intel's handling of meltdown that is seriously grounds
for table flipping.
https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
>
>
>> ---
>>
>> -----Original Message-----
>> From: Eric McCorkle
>> Sent: 05/01/2018 04:48
>> To: Jules Gilbert; Ronald F. Guilmette; Freebsd Security; Brett Glass; Dag-Erling Smørgrav; Poul-Henning Kamp; freebsd-arch at freebsd.org; FreeBSD Hackers; Shawn Webb; Nathan Whitehorn
>> Subject: Re: Intel hardware bug
>>
>> On 01/05/2018 05:07, Jules Gilbert wrote:
>>> Sorry guys, you just convinced me that no one, not the NSA, not the FSB,
>>> no one!, has in the past, or will in the future be able to exploit this
>>> to actually do something not nice.
>>
>> Attacks have already been demonstrated, pulling secrets out of kernel
>> space with meltdown and http headers/passwords out of a browser with
>> spectre. Javascript PoCs are already in existence, and we can expect
>> them to find their way into adware-based malware within a week or two.
>>
>> Also, I'd be willing to bet you a year's rent that certain three-letter
>> organizations have known about and used this for some time.
>>
>>> So what is this, really?, it's a market exploit opportunity for AMD.
>>
>> Don't bet on it. There's reports of AMD vulnerabilities, also for ARM.
>> I doubt any major architecture is going to make it out unscathed. (But
>> if one does, my money's on Power)
>> _______________________________________________
>> freebsd-arch at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-arch
>> To unsubscribe, send any mail to "freebsd-arch-unsubscribe at freebsd.org"
>>
>> _______________________________________________
>> freebsd-arch at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-arch
>> To unsubscribe, send any mail to "freebsd-arch-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list