Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 5 Jan 2018 11:37:17 -0800
From:      "K. Macy" <kmacy@freebsd.org>
To:        Cy Schubert <Cy.Schubert@cschubert.com>
Cc:        Eric McCorkle <eric@metricspace.net>, Jules Gilbert <repeatable_compression@yahoo.com>,  "Ronald F. Guilmette" <rfg@tristatelogic.com>, Freebsd Security <freebsd-security@freebsd.org>,  Brett Glass <brett@lariat.org>, =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@des.no>,  Poul-Henning Kamp <phk@phk.freebsd.dk>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>,  FreeBSD Hackers <freebsd-hackers@freebsd.org>, Shawn Webb <shawn.webb@hardenedbsd.org>,  Nathan Whitehorn <nwhitehorn@freebsd.org>
Subject:   Re: Intel hardware bug
Message-ID:  <CAHM0Q_OGAYhQ9KAFpzx7pmuSoug59KZi9bs3NZ_6Pc-jrahgFg@mail.gmail.com>
In-Reply-To: <20180105191145.404BC335@spqr.komquats.com>
References:  <20180105191145.404BC335@spqr.komquats.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 5, 2018 at 11:11 AM, Cy Schubert <Cy.Schubert@cschubert.com> wr=
ote:
> According to a Red Hat announcement, Power and Series z are also vulnerab=
le.
>

Link?


> ---
>
> -----Original Message-----
> From: Eric McCorkle
> Sent: 05/01/2018 04:48
> To: Jules Gilbert; Ronald F. Guilmette; Freebsd Security; Brett Glass; Da=
g-Erling Sm=C3=B8rgrav; Poul-Henning Kamp; freebsd-arch@freebsd.org; FreeBS=
D Hackers; Shawn Webb; Nathan Whitehorn
> Subject: Re: Intel hardware bug
>
> On 01/05/2018 05:07, Jules Gilbert wrote:
>> Sorry guys, you just convinced me that no one, not the NSA, not the FSB,
>> no one!, has in the past, or will in the future be able to exploit this
>> to actually do something not nice.
>
> Attacks have already been demonstrated, pulling secrets out of kernel
> space with meltdown and http headers/passwords out of a browser with
> spectre.  Javascript PoCs are already in existence, and we can expect
> them to find their way into adware-based malware within a week or two.
>
> Also, I'd be willing to bet you a year's rent that certain three-letter
> organizations have known about and used this for some time.
>
>> So what is this, really?, it's a market exploit opportunity for AMD.
>
> Don't bet on it.  There's reports of AMD vulnerabilities, also for ARM.
> I doubt any major architecture is going to make it out unscathed.  (But
> if one does, my money's on Power)
> _______________________________________________
> freebsd-arch@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-arch
> To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"
>
> _______________________________________________
> freebsd-arch@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-arch
> To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHM0Q_OGAYhQ9KAFpzx7pmuSoug59KZi9bs3NZ_6Pc-jrahgFg>