From owner-freebsd-security@freebsd.org Fri Jan 5 19:47:48 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 278A4EBC99B; Fri, 5 Jan 2018 19:47:48 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id BFA097ABEA; Fri, 5 Jan 2018 19:47:47 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([96.50.22.10]) by shaw.ca with ESMTPA id XXxxeF6ugS7BpXXxyeXg6c; Fri, 05 Jan 2018 12:47:46 -0700 X-Authority-Analysis: v=2.2 cv=NKylwwyg c=1 sm=1 tr=0 a=jvE2nwUzI0ECrNeyr98KWA==:117 a=jvE2nwUzI0ECrNeyr98KWA==:17 a=RgaUWeydRksA:10 a=20KFwNOVAAAA:8 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=uzSovi_1LZDTydRZN2AA:9 a=8J4chuak_uIRPK4g:21 a=pVYAQAJm03auPRN6:21 a=QEXdDO2ut3YA:10 a=MMjiIUenpLf6ge6zeOQA:9 a=ZsGH8CjA44_So7fI:21 a=I18adWnKP6q6kCHM:21 a=Th99hHS62kTuvYDY:21 a=_W_S_7VecoQA:10 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22 Received: from [10.168.3.146] (S0106d4ca6d8943b0.gv.shawcable.net [70.66.132.207]) by spqr.komquats.com (Postfix) with ESMTPSA id EAFBB3EA; Fri, 5 Jan 2018 11:47:43 -0800 (PST) MIME-Version: 1.0 From: Cy Schubert Subject: RE: Intel hardware bug Date: Fri, 5 Jan 2018 11:47:49 -0800 To: "K. Macy" , Cy Schubert CC: Eric McCorkle , Jules Gilbert , "Ronald F. Guilmette" , Freebsd Security , Brett Glass , =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= , Poul-Henning Kamp , "freebsd-arch@freebsd.org" , FreeBSD Hackers , Shawn Webb , Nathan Whitehorn Message-Id: <20180105194743.EAFBB3EA@spqr.komquats.com> X-CMAE-Envelope: MS4wfDfdNQ2Axb8uIQDJJKM+DFEBFjWsWorXKt0r8ks+tP0iKOErSoRXaeUrk2rDccno983U/CQgBtyh3RxCJ8FYzS+MJTKRz/sNso857+DlZa38tr0/3+VV c+vz41Fndb7Z5Hy3sIKDK7QnsHQdNUaCySGj5ONXpi1Yyl5x0iiGcN/9otJZkc26KDXwd2iJ9ZFok/nFmkacXxzE8TW4iDDV9qu5dI031RM9GDyQnZFAqfC/ m16owC1IwLIZs+FX0NcKdPZCDDS+X8GtOmMVeG5wnAj7YcqNBfUrUC8Vn8BHfpHoh1mkcQQ+UVEB5oU8tee/fYO7uuZCeGXdvyWbEAHWKnl+jj4++BfhudXA LnUklwoijzWov8l+P8h0dZl0K9Mv/7eQ/f4Ak5bJsQOY82hYGTHr8FZXoqjks345GWdMBUIGoLY7CgkI3qIpdgAmC+nz+mxNBsgp4qjR/D99e2jTznHpkukE dsk5H+6SULQcJ4XPRC0igRLJYvAWOpc+j7EgZYXs8shYOKtZNLJFlmPAMsFuMwm48eQU6CexknliTsA6/G8XYS8mDZ9ZwL7Q6U1SZiPEhUzgex4Yzo7wVIuC eyxaQfebLC9cLMj+FTKpQ9af70utNzbeL1nNqK5zaWQistOf/g99kRc7nJnjI2/XT+bhzBxL81UTDQSc542RpYoW5FywQPa4nqwAXdBH10aInabgLxudA5IY TyCIfunthjw= X-Mailman-Approved-At: Fri, 05 Jan 2018 21:59:06 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2018 19:47:48 -0000 https://access.redhat.com/security/vulnerabilities/speculativeexecution?sc_= cid=3D701f2000000tsLNAAY& --- Sent using a tiny phone keyboard. Apologies for any typos and autocorrect. Also, this old phone only supports top post. Apologies. Cy Schubert or The need of the many outweighs the greed of the few. --- -----Original Message----- From: K. Macy Sent: 05/01/2018 11:37 To: Cy Schubert Cc: Eric McCorkle; Jules Gilbert; Ronald F. Guilmette; Freebsd Security; Br= ett Glass; Dag-Erling Sm=C3=B8rgrav; Poul-Henning Kamp; freebsd-arch@freebs= d.org; FreeBSD Hackers; Shawn Webb; Nathan Whitehorn Subject: Re: Intel hardware bug On Fri, Jan 5, 2018 at 11:11 AM, Cy Schubert wr= ote: > According to a Red Hat announcement, Power and Series z are also vulnerab= le. > Link? > --- > > -----Original Message----- > From: Eric McCorkle > Sent: 05/01/2018 04:48 > To: Jules Gilbert; Ronald F. Guilmette; Freebsd Security; Brett Glass; Da= g-Erling Sm=C3=B8rgrav; Poul-Henning Kamp; freebsd-arch@freebsd.org; FreeBS= D Hackers; Shawn Webb; Nathan Whitehorn > Subject: Re: Intel hardware bug > > On 01/05/2018 05:07, Jules Gilbert wrote: >> Sorry guys, you just convinced me that no one, not the NSA, not the FSB, >> no one!, has in the past, or will in the future be able to exploit this >> to actually do something not nice. > > Attacks have already been demonstrated, pulling secrets out of kernel > space with meltdown and http headers/passwords out of a browser with > spectre. Javascript PoCs are already in existence, and we can expect > them to find their way into adware-based malware within a week or two. > > Also, I'd be willing to bet you a year's rent that certain three-letter > organizations have known about and used this for some time. > >> So what is this, really?, it's a market exploit opportunity for AMD. > > Don't bet on it. There's reports of AMD vulnerabilities, also for ARM. > I doubt any major architecture is going to make it out unscathed. (But > if one does, my money's on Power) > _______________________________________________ > freebsd-arch@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-arch@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"