From owner-freebsd-questions@freebsd.org Tue Jan 9 15:24:47 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9F1BE5BDF0 for ; Tue, 9 Jan 2018 15:24:47 +0000 (UTC) (envelope-from gurenchan@gmail.com) Received: from mail-io0-x22e.google.com (mail-io0-x22e.google.com [IPv6:2607:f8b0:4001:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8FC93811B5 for ; Tue, 9 Jan 2018 15:24:47 +0000 (UTC) (envelope-from gurenchan@gmail.com) Received: by mail-io0-x22e.google.com with SMTP id w188so18925190iod.10 for ; Tue, 09 Jan 2018 07:24:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=dhHN7dPZ9LF2hgPqS5SwnMFg9qJ3WVV5Jtqiyq9VjHw=; b=MdSq1JyXKqVqlkVVvSZm5HMLZYx6DdngvLjTNb9Dgn07fba2xMZlyfDOGgdogXnQpE hhRPajLUMUT6zr8nlKIRTpAqE07t3hUPrDCjI8ugrWhqzmdNRoPSjhhp4/jCxSdeL54/ Z4qp6SG0GtTU5EASIxmecm1tANivdSFVfW5VzMzCy3UzJxyjuR+Fn4LuajM+k2l3Gye4 U9c2ps65S7SfwkTW35zLQi7kJEFvzIoiF5d5IH6WOXjABo1x2XJlZ+40KeBlZEmCUwm4 vyhdWDhfgYRNHIghDqYKoH60rr8SAPQSZV19L+4/RGBu7OH5PE2d6mV85fIZeJXT5YQG RkMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=dhHN7dPZ9LF2hgPqS5SwnMFg9qJ3WVV5Jtqiyq9VjHw=; b=kRRWnfMqTm3sZpJyiPygDLLJLySoi7OrAjRYwZga7oZnJ9k4bopG1N+S4HzNm4voHz ImDBZ8MiB4b/eBS7KfcPklDPNerdc1hbf7R/N1XRwzMaB8QKJgGHLby9qsriqb+kwA9G xPM3zlRBOMkAO8soQ2FI/T3zTZGm++N/QDtt9FvhUik1XvsE1Dj2edmDOd1rn33XNNbc 0jAYOEMZqgs+49soVNL+w0NhJRdqma4n6/HdJkcyxAdAypltO/OIqZoZ6mibtDBvgBLA TaLRkTlLXJK+rt2f6yzUSJqvNh9RCX2KpnyV0w7ofdcrFzHIvSechxeHyl9HPZZxMLge FtAQ== X-Gm-Message-State: AKwxytd7vmUpAyQarwF+HuM7pTq2UtCKlGNZ4gauTLUKOMQjXVjTr+UY TU4rmlikuIKQZ1U/lLhWDiLUvTvBni+rL26J6Es= X-Google-Smtp-Source: ACJfBotTtir7wUd1/JpRPA5g6ug6OktrR5Epd/tXVy3Ipg66X04HVCLmdHlri6uFa7y4RES8vAzGmGvIPtkoQajcdSE= X-Received: by 10.107.35.145 with SMTP id j139mr16686607ioj.153.1515511486626; Tue, 09 Jan 2018 07:24:46 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.164.203 with HTTP; Tue, 9 Jan 2018 07:24:45 -0800 (PST) In-Reply-To: <3037cb3560fe970cdfb789a265faf21b.squirrel@webmail.harte-lyne.ca> References: <3037cb3560fe970cdfb789a265faf21b.squirrel@webmail.harte-lyne.ca> From: blubee blubeeme Date: Tue, 9 Jan 2018 23:24:45 +0800 Message-ID: Subject: =?UTF-8?B?UmU6IE1lbHRkb3duIOKAkyBTcGVjdHJl?= To: byrnejb@harte-lyne.ca Cc: FreeBSD Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2018 15:24:47 -0000 On Tue, Jan 9, 2018 at 10:38 PM, James B. Byrne via freebsd-questions < freebsd-questions@freebsd.org> wrote: > I have read some accounts which seem to imply that the rate of ssh > attacks measurably increased following the announcement of these two > flaws. The implication being that there was some cause and effect > relationship. I cannot fathom what this could be. > > I do not wish to exist in a state of blissful ignorance. But, neither > do I wish to overestimate the degree of threat these two flaws present > to our operations. > > From what I have read the impression I obtain is that both of these > two security flaws require that unaudited software be allowed to run > on the affected hosts. If one is running a private data centre, and > if only authorized software is permitted to run therein, then how much > of a threat does this development pose to such? > > It seems to me that public 'cloud' environments is where this sort of > stuff would find its most vulnerable targets. Private data systems > are no more likely to succumb to attacks along this vector than to any > other routinely available rootkit. Is that a fair assessment? > > > -- > *** e-Mail is NOT a SECURE channel *** > Do NOT transmit sensitive data via e-Mail > Do NOT open attachments nor follow links sent by e-Mail > > James B. Byrne mailto:ByrneJB@Harte-Lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" > There was a rowhammer bug that made big news in 2016 https://arstechnica.com/information-technology/2016/10/using-rowhammer-bitflips-to-root-android-phones-is-now-a-thing/ There's a paper, github repo with code and I doubt that those bugs have been patched even up to this day. I think it was around this time when Google started looking into this and a bit later when they discovered the CPU architecture vulnerabilities that they tried to keep under wraps until it was patched. If u saw how big that botnet got, you'll understand the value that shady people can extract from these types of exploits. Right now we're just waiting, my opinion on the matter is that this is just too good for shady teams not to try to exploit. Those patches will be mercilessly attacked because the pot of gold is just too large. Not only that what about users who say, I just cannot accept up to %30 decrease in performance so they actively try to remove the patches? You do not need unauthorized software, any software running on your system can exploit you. A webpage with Javascript could trigger rowhammer exploit: https://motherboard.vice.com/en_us/article/9akpwz/rowhammerjs-is-the-most-ingenious-hack-ive-ever-seen That means a website with javascript can conjure up Spectre or Meltdown. Being scared won't help, but I can't wait to see how atrocious this thing becomes. Cheer up, it's like that comic where the dog is sitting in the burning house drinking coffee, "it's fine" https://cdn.vox-cdn.com/thumbor/2q97YCXcLOlkoR2jKKEMQ-wkG9k=/0x0:900x500/1200x800/filters:focal(378x178:522x322)/cdn.vox-cdn.com/uploads/chorus_image/image/49493993/this-is-fine.0.jpg