Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 5 Jan 2018 07:42:53 -0500
From:      Eric McCorkle <eric@metricspace.net>
To:        Jules Gilbert <repeatable_compression@yahoo.com>, "Ronald F. Guilmette" <rfg@tristatelogic.com>, Freebsd Security <freebsd-security@freebsd.org>, Brett Glass <brett@lariat.org>, =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@des.no>, Poul-Henning Kamp <phk@phk.freebsd.dk>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>, FreeBSD Hackers <freebsd-hackers@freebsd.org>, Shawn Webb <shawn.webb@hardenedbsd.org>, Nathan Whitehorn <nwhitehorn@freebsd.org>
Subject:   Re: Intel hardware bug
Message-ID:  <250f3a77-822b-fba5-dcd7-758dfec94554@metricspace.net>
In-Reply-To: <809675000.867372.1515146821354@mail.yahoo.com>
References:  <736a2b77-d4a0-b03f-8a6b-6a717f5744d4@metricspace.net> <2594.1515141192@segfault.tristatelogic.com> <809675000.867372.1515146821354@mail.yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 01/05/2018 05:07, Jules Gilbert wrote:
> Sorry guys, you just convinced me that no one, not the NSA, not the FSB,
> no one!, has in the past, or will in the future be able to exploit this
> to actually do something not nice.

Attacks have already been demonstrated, pulling secrets out of kernel
space with meltdown and http headers/passwords out of a browser with
spectre.  Javascript PoCs are already in existence, and we can expect
them to find their way into adware-based malware within a week or two.

Also, I'd be willing to bet you a year's rent that certain three-letter
organizations have known about and used this for some time.

> So what is this, really?, it's a market exploit opportunity for AMD.

Don't bet on it.  There's reports of AMD vulnerabilities, also for ARM.
I doubt any major architecture is going to make it out unscathed.  (But
if one does, my money's on Power)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?250f3a77-822b-fba5-dcd7-758dfec94554>