Date: Fri, 5 Jan 2018 13:30:26 +0000 From: Andrew Duane <aduane@juniper.net> To: Eric McCorkle <eric@metricspace.net>, Jules Gilbert <repeatable_compression@yahoo.com>, "Ronald F. Guilmette" <rfg@tristatelogic.com>, Freebsd Security <freebsd-security@freebsd.org>, Brett Glass <brett@lariat.org>, =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>, Poul-Henning Kamp <phk@phk.freebsd.dk>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>, FreeBSD Hackers <freebsd-hackers@freebsd.org>, Shawn Webb <shawn.webb@hardenedbsd.org>, Nathan Whitehorn <nwhitehorn@freebsd.org> Subject: RE: Intel hardware bug Message-ID: <SN1PR0501MB2125B36067CD93A5B95AC74DCE1C0@SN1PR0501MB2125.namprd05.prod.outlook.com> In-Reply-To: <250f3a77-822b-fba5-dcd7-758dfec94554@metricspace.net> References: <736a2b77-d4a0-b03f-8a6b-6a717f5744d4@metricspace.net> <2594.1515141192@segfault.tristatelogic.com> <809675000.867372.1515146821354@mail.yahoo.com> <250f3a77-822b-fba5-dcd7-758dfec94554@metricspace.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I wouldn't think Javascript would have the accurate timing required to leve= rage this attack, but I don't really know enough about the language. Regardless, is there someone within FreeBSD that is working on patches for = this set of problems, at least for Intel? Linux already has at least some, = and I believe NetBSD does too. Of course Windows has already pushed out a W= indows10 fix, 7 and 8 are coming. .................................... Andrew L. Duane - Principal Resident Engineer AT&T Advanced Services Technical Lead Juniper Quality Ambassador m=A0=A0=A0+1 603.770.7088 o +1 408.933.6944 (2-6944) skype: andrewlduane aduane@juniper.net -----Original Message----- From: owner-freebsd-hackers@freebsd.org [mailto:owner-freebsd-hackers@freeb= sd.org] On Behalf Of Eric McCorkle Sent: Friday, January 5, 2018 7:43 AM To: Jules Gilbert <repeatable_compression@yahoo.com>; Ronald F. Guilmette <= rfg@tristatelogic.com>; Freebsd Security <freebsd-security@freebsd.org>; Br= ett Glass <brett@lariat.org>; Dag-Erling Sm=F8rgrav <des@des.no>; Poul-Henn= ing Kamp <phk@phk.freebsd.dk>; freebsd-arch@freebsd.org; FreeBSD Hackers <f= reebsd-hackers@freebsd.org>; Shawn Webb <shawn.webb@hardenedbsd.org>; Natha= n Whitehorn <nwhitehorn@freebsd.org> Subject: Re: Intel hardware bug On 01/05/2018 05:07, Jules Gilbert wrote: > Sorry guys, you just convinced me that no one, not the NSA, not the=20 > FSB, no one!, has in the past, or will in the future be able to=20 > exploit this to actually do something not nice. Attacks have already been demonstrated, pulling secrets out of kernel space= with meltdown and http headers/passwords out of a browser with spectre. J= avascript PoCs are already in existence, and we can expect them to find the= ir way into adware-based malware within a week or two. Also, I'd be willing to bet you a year's rent that certain three-letter org= anizations have known about and used this for some time. > So what is this, really?, it's a market exploit opportunity for AMD. Don't bet on it. There's reports of AMD vulnerabilities, also for ARM. I doubt any major architecture is going to make it out unscathed. (But if = one does, my money's on Power)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?SN1PR0501MB2125B36067CD93A5B95AC74DCE1C0>