Date: Fri, 5 Jan 2018 11:37:17 -0800 From: "K. Macy" <kmacy@freebsd.org> To: Cy Schubert <Cy.Schubert@cschubert.com> Cc: Eric McCorkle <eric@metricspace.net>, Jules Gilbert <repeatable_compression@yahoo.com>, "Ronald F. Guilmette" <rfg@tristatelogic.com>, Freebsd Security <freebsd-security@freebsd.org>, Brett Glass <brett@lariat.org>, =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@des.no>, Poul-Henning Kamp <phk@phk.freebsd.dk>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>, FreeBSD Hackers <freebsd-hackers@freebsd.org>, Shawn Webb <shawn.webb@hardenedbsd.org>, Nathan Whitehorn <nwhitehorn@freebsd.org> Subject: Re: Intel hardware bug Message-ID: <CAHM0Q_OGAYhQ9KAFpzx7pmuSoug59KZi9bs3NZ_6Pc-jrahgFg@mail.gmail.com> In-Reply-To: <20180105191145.404BC335@spqr.komquats.com> References: <20180105191145.404BC335@spqr.komquats.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 5, 2018 at 11:11 AM, Cy Schubert <Cy.Schubert@cschubert.com> wr= ote: > According to a Red Hat announcement, Power and Series z are also vulnerab= le. > Link? > --- > > -----Original Message----- > From: Eric McCorkle > Sent: 05/01/2018 04:48 > To: Jules Gilbert; Ronald F. Guilmette; Freebsd Security; Brett Glass; Da= g-Erling Sm=C3=B8rgrav; Poul-Henning Kamp; freebsd-arch@freebsd.org; FreeBS= D Hackers; Shawn Webb; Nathan Whitehorn > Subject: Re: Intel hardware bug > > On 01/05/2018 05:07, Jules Gilbert wrote: >> Sorry guys, you just convinced me that no one, not the NSA, not the FSB, >> no one!, has in the past, or will in the future be able to exploit this >> to actually do something not nice. > > Attacks have already been demonstrated, pulling secrets out of kernel > space with meltdown and http headers/passwords out of a browser with > spectre. Javascript PoCs are already in existence, and we can expect > them to find their way into adware-based malware within a week or two. > > Also, I'd be willing to bet you a year's rent that certain three-letter > organizations have known about and used this for some time. > >> So what is this, really?, it's a market exploit opportunity for AMD. > > Don't bet on it. There's reports of AMD vulnerabilities, also for ARM. > I doubt any major architecture is going to make it out unscathed. (But > if one does, my money's on Power) > _______________________________________________ > freebsd-arch@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-arch@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHM0Q_OGAYhQ9KAFpzx7pmuSoug59KZi9bs3NZ_6Pc-jrahgFg>