Intel hardware bug

Cy Schubert Cy.Schubert at cschubert.com
Fri Jan 5 19:47:48 UTC 2018 

https://access.redhat.com/security/vulnerabilities/speculativeexecution?sc_cid=701f2000000tsLNAAY&

---
Sent using a tiny phone keyboard.
Apologies for any typos and autocorrect.
Also, this old phone only supports top post. Apologies.

Cy Schubert
<Cy.Schubert at cschubert.com> or <cy at freebsd.org>
The need of the many outweighs the greed of the few.
---

-----Original Message-----
From: K. Macy
Sent: 05/01/2018 11:37
To: Cy Schubert
Cc: Eric McCorkle; Jules Gilbert; Ronald F. Guilmette; Freebsd Security; Brett Glass; Dag-Erling Smørgrav; Poul-Henning Kamp; freebsd-arch at freebsd.org; FreeBSD Hackers; Shawn Webb; Nathan Whitehorn
Subject: Re: Intel hardware bug

On Fri, Jan 5, 2018 at 11:11 AM, Cy Schubert <Cy.Schubert at cschubert.com> wrote:
> According to a Red Hat announcement, Power and Series z are also vulnerable.
>

Link?


> ---
>
> -----Original Message-----
> From: Eric McCorkle
> Sent: 05/01/2018 04:48
> To: Jules Gilbert; Ronald F. Guilmette; Freebsd Security; Brett Glass; Dag-Erling Smørgrav; Poul-Henning Kamp; freebsd-arch at freebsd.org; FreeBSD Hackers; Shawn Webb; Nathan Whitehorn
> Subject: Re: Intel hardware bug
>
> On 01/05/2018 05:07, Jules Gilbert wrote:
>> Sorry guys, you just convinced me that no one, not the NSA, not the FSB,
>> no one!, has in the past, or will in the future be able to exploit this
>> to actually do something not nice.
>
> Attacks have already been demonstrated, pulling secrets out of kernel
> space with meltdown and http headers/passwords out of a browser with
> spectre.  Javascript PoCs are already in existence, and we can expect
> them to find their way into adware-based malware within a week or two.
>
> Also, I'd be willing to bet you a year's rent that certain three-letter
> organizations have known about and used this for some time.
>
>> So what is this, really?, it's a market exploit opportunity for AMD.
>
> Don't bet on it.  There's reports of AMD vulnerabilities, also for ARM.
> I doubt any major architecture is going to make it out unscathed.  (But
> if one does, my money's on Power)
> _______________________________________________
> freebsd-arch at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-arch
> To unsubscribe, send any mail to "freebsd-arch-unsubscribe at freebsd.org"
>
> _______________________________________________
> freebsd-arch at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-arch
> To unsubscribe, send any mail to "freebsd-arch-unsubscribe at freebsd.org"

More information about the freebsd-security mailing list