Date: Fri, 5 Jan 2018 11:47:45 -0800 From: "K. Macy" <kmacy@freebsd.org> To: Cy Schubert <Cy.Schubert@cschubert.com> Cc: Eric McCorkle <eric@metricspace.net>, Jules Gilbert <repeatable_compression@yahoo.com>, "Ronald F. Guilmette" <rfg@tristatelogic.com>, Freebsd Security <freebsd-security@freebsd.org>, Brett Glass <brett@lariat.org>, =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@des.no>, Poul-Henning Kamp <phk@phk.freebsd.dk>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>, FreeBSD Hackers <freebsd-hackers@freebsd.org>, Shawn Webb <shawn.webb@hardenedbsd.org>, Nathan Whitehorn <nwhitehorn@freebsd.org> Subject: Re: Intel hardware bug Message-ID: <CAHM0Q_NQSG9ndV%2B31bq0bwvp%2BU=e4PBLvk%2B6vPcm2eV3ny1oyQ@mail.gmail.com> In-Reply-To: <CAHM0Q_OGAYhQ9KAFpzx7pmuSoug59KZi9bs3NZ_6Pc-jrahgFg@mail.gmail.com> References: <20180105191145.404BC335@spqr.komquats.com> <CAHM0Q_OGAYhQ9KAFpzx7pmuSoug59KZi9bs3NZ_6Pc-jrahgFg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 5, 2018 at 11:37 AM, K. Macy <kmacy@freebsd.org> wrote: > On Fri, Jan 5, 2018 at 11:11 AM, Cy Schubert <Cy.Schubert@cschubert.com> = wrote: >> According to a Red Hat announcement, Power and Series z are also vulnera= ble. >> > > Link? Spectre yes. Meltdown no. Spectre is a problem but much harder to exploit. It's Intel's handling of meltdown that is seriously grounds for table flipping. https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/ > > >> --- >> >> -----Original Message----- >> From: Eric McCorkle >> Sent: 05/01/2018 04:48 >> To: Jules Gilbert; Ronald F. Guilmette; Freebsd Security; Brett Glass; D= ag-Erling Sm=C3=B8rgrav; Poul-Henning Kamp; freebsd-arch@freebsd.org; FreeB= SD Hackers; Shawn Webb; Nathan Whitehorn >> Subject: Re: Intel hardware bug >> >> On 01/05/2018 05:07, Jules Gilbert wrote: >>> Sorry guys, you just convinced me that no one, not the NSA, not the FSB= , >>> no one!, has in the past, or will in the future be able to exploit this >>> to actually do something not nice. >> >> Attacks have already been demonstrated, pulling secrets out of kernel >> space with meltdown and http headers/passwords out of a browser with >> spectre. Javascript PoCs are already in existence, and we can expect >> them to find their way into adware-based malware within a week or two. >> >> Also, I'd be willing to bet you a year's rent that certain three-letter >> organizations have known about and used this for some time. >> >>> So what is this, really?, it's a market exploit opportunity for AMD. >> >> Don't bet on it. There's reports of AMD vulnerabilities, also for ARM. >> I doubt any major architecture is going to make it out unscathed. (But >> if one does, my money's on Power) >> _______________________________________________ >> freebsd-arch@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-arch >> To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" >> >> _______________________________________________ >> freebsd-arch@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-arch >> To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHM0Q_NQSG9ndV%2B31bq0bwvp%2BU=e4PBLvk%2B6vPcm2eV3ny1oyQ>