Skip to main content

Suche

Beiträge die mit Spectre getaggt sind


 
Unix: OpenBSD 6.4 kommt mit Schleier und ohne Hyperthreads #OpenBSD #Betriebssystem #Meltdown #Spectre #Unix #Applikationen #OpenSource #Security

 
Spectre Folio: HPs 2-in-1-Notebook besteht zu großen Teilen aus Leder #HP #Computer #Corei7 #Detachable #Notebook #PC #Spectre #Mobil

 
Linux Kernel Developer Criticizes Intel for Meltdown,Spectre Response....One of the world's leading Linux kernel developers took issue with Intel's initial disclosure of the Meltdown and Spectre CPU vulnerabilities.
#Linux #Kernel #Developer #Intel #Meltdown #Spectre #CPU #COMPUTER #HACKER #TECHNOLOGY #SECURITY #INTERNET #WEB
http://www.eweek.com/security/linux-kernel-developer-criticizes-intel-for-meltdown-spectre-response?utm_medium=email&utm_campaign=EWK_NL_LOSU_20180904_STR1L2&dni=454210202&rni=452971552

 
Meltdown und Spectre: Linux-Entwickler kritisiert Intel für Community-Spaltung #Meltdown #GregKroah-Hartman #Linux #Linux-Kernel #Sicherheitslücke #Spectre #Applikationen #OpenSource #Security

 
#Intel #AMD #CPU #performance #Spectre #meltdown #infosec #cybersecurity

The Performance Cost Of Spectre / Meltdown / Foreshadow Mitigations On Linux 4.19

https://www.phoronix.com/scan.php?page=article&item=linux-419-mitigations&num=1

 
The #Performance #Cost Of #Spectre / #Meltdown / #Foreshadow #Mitigations On #Linux 4.19
Image/Photo
One of the most frequent test requests recently has been to look at the overall performance cost of Meltdown/Spectre mitigations on the latest Linux kernel and now with L1TF/Foreshadow work tossed into the mix. With the Linux 4.19 kernel that just kicked off development this month has been continued churn in the Spectre/Meltdown space, just not for x86_64 but also for POWER/s390/ARM where applicable.
https://www.phoronix.com/scan.php?page=article&item=linux-419-mitigations

 
Well this is embarrassing. #Microsoft pushed out an update to mitigate a #Spectre vulnerability only for it to cause infinite boot loops (Technically power down update loops). Also the microcode update was pushed to #AMD #CPU users not just #Intel. What a blunder.

 
A #Global #Switch To #Kill #Linux's #CPU #Spectre / #Meltdown #Workarounds?


Something I have seen asked in our forums and elsewhere -- most recently on the kernel mailing list -- is whether there is a single kernel option that can be used for disabling all of the Spectre/Meltdown workarounds and any other performance-hurting CPU vulnerability workarounds.
https://www.phoronix.com/scan.php?page=news_item&px=Global-Switch-Skip-Spectre-Melt

 
Kommende "Cascade Lake"-Xeons sind gegen Meltdown-Attacken unempfindlich und auch gegen viele Spectre-Attacken – aber Software-Patches bleiben nötig. #HotChips #HotChips2018 #IntelXeon #MeltdownundSpectre #Prozessoren #Server #Spectre #Spectre-NG

 
Hardware- und Software-Entwickler diskutierten auf dem Symposium Hot Chips, wie sich Sicherheitslücken in Prozessoren künftig vermeiden lassen. #CPU #Prozessor #Spectre #Meltdown

 
Foreshadow/L1TF: Intel-CPUs ermöglichten unberechtigtes Auslesen von Speicher #Intel #Linux #Linux-Kernel #Meltdown #Prozessor #Sicherheitslücke #Spectre #Windows #OpenSource #PC-Hardware

 
Auf der Usenix Security '18 hat ein Team internationaler Experten die Sicherheitslücke Foreshadow erläutert; eine Variante davon gefährdet virtuelle Maschinen. #Intel #MeltdownundSpectre #Prozessoren #Security #Sicherheitslücken #Spectre #Spectre-NG

 
Pwnie Awards: Hacker-Preise für Golem.de-Autor und John McAfee #BlackHat #Bitcoin #BlackHat2014 #BlackHat2015 #BlackHat2017 #Hacker #Meltdown #Spectre #McAfee #Paypal

 
Black Hat: Langer Atem für IT-Sicherheit #BlackHat #Browser #Chrome #ProjectZero #Prozessor #Sicherheitslücke #Spectre #Google #Technologie #Applikationen

 
Spectre and Meltdown - Linus Torvalds infuriated by Intel insanity - Open CPU and rise of RISC? RISCV - hifive1

Update: 2018.07 – it’s getting worse – steal bytes WITHOUT RUNNING ANY CODE


this attack is SUPER SLOW but it could stea
... mehr anzeigen

 
Spectre and Meltdown - Linus Torvalds infuriated by Intel insanity - Open CPU and rise of RISC? RISCV - hifive1

Update: 2018.07 – it’s getting worse – steal bytes WITHOUT RUNNING ANY CODE


this attack is SUPER SLOW but it could steal arbitrary Bytes (how many bytes are one root password? (well yes you would to have to know in advance where exactly the root password is in memory and then it is probably (hopefully) not in an unencrypted state but in an sha512sum hashed/encrypted state) from routers and servers WITHOUT RUNNING ANY CODE on the system itself?

https://misc0110.net/web/files/netspectre.pdf

mirror: netspectre.pdf

src:... mehr anzeigen

 
NetSpectre greift ohne ausführbaren Schadcode an – zwar fließen nur wenige Bytes pro Stunde, aber ungeschützte Server und Storage-Systeme sind angreifbar. #MeltdownundSpectre #Security #Sicherheit #Sicherheitslücken #Spectre #Spectre-NG

 
Forscher der Uni Saarland und der Uni Kalifornien enttarnen neue Sicherheitslücken, die zu bekannten und erwarteten Spectre- und Spectre-NG-Bugs hinzukommen. #CISPA #MeltdownundSpectre #Security #Sicherheit #Sicherheitslücken #Spectre #Spectre-NG #UniSaarland

 
Eine neue, nach James Bond benannte Schutztechnik, soll Spectre-Schwachstellen mit nur 2 Prozent Performance-Einbußen in Programmcode erkennen und eliminieren. #007 #CPU #JamesBond #MeltdownundSpectre #Sicherheitslücken #Spectre

 
Intel veröffentlicht die nächste Prozessor-Sicherheitslücke: Die Funktion Lazy FP Restore ist anfällig für eine Seitenkanal-Attacke. #IntelCorei #MeltdownundSpectre #Prozessoren #Security #Sicherheit #Spectre #Spectre-NG

 
Hersteller von Hardware, Betriebssystemen und Software stellen Webseiten mit Informationen und Sicherheitsupdates für die neuen Spectre-Lücken Spectre V3a und Spectre V4 bereit: Ein Überblick. #AMD #ARM #Corei #IBM #Intel #Prozessoren #Sicherheit #Sicherheitslücken #Spectre #Spectre-NG

 

Spectre Variant 4 update - reboot required


I updated the linux kernel. A reboot is required. I'll do this asap...
BRB

#libranet #spectre #linux #reboot @Libranet Support

... mehr anzeigen

 
Microcode-Updates für Intel-Prozessoren, die unter Windows zum Schutz vor der Sicherheitslücke Spectre V2 nötig sind, kommen nun auch per Windows Update für aktuelle Installationen; bei Linux gibt es aber noch Probleme. #Intel #MeltdownundSpectre #Prozessoren #Security #Sicherheitslücken #Spectre

 
Eigentlich war für Montag die Veröffentlichung der ersten Spectre-NG-Patches geplant. Doch Intel hat um Aufschub gebeten und diesen auch erhalten. Neue, exklusive Informationen zeigen, wie es mit Spectre-NG jetzt weiter gehen soll. #Intel #Spectre #Spectre-NG

 
Getunte E-Bikes werden zur Gefahr für ihre Fahrer und Dritte, Elon Musk verscherzt es sich mit Investoren, neue Sicherheitsprobleme in Intel-CPUs sind entdeckt worden: die wichtigsten Meldungen der Woche. #Bosch #Diesel #Intel #Spectre #Spectre-NG

 
Diesen Text schreibe ich an meinem Bürocomputer mit Haswell-CPU: Er ist nicht gegen die Spectre-V2-Lücke geschützt - 11 Monate nach deren Entdeckung. #Intel #Meltdown #Prozessoren #Security #Sicherheitslücken #Spectre #Spectre-NG

 
Acht neue Sicherheitslücken – vier davon hochriskant – haben Forscher in Intel-Prozessoren gefunden. Das belegen Informationen, die c't exklusiv vorliegen. #Intel #Prozessoren #Security #Sicherheitslücken #Spectre #Spectre-NG

 
Don't feel bad, #OpenBSD. The US Government didn't learn about #meltdown or #spectre until public disclosure either. #intel o_0

 

 

CVE-2017-5754


#meltdown #spectre #debian

"Locate the following line in your /etc/default/grub file:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

or similar, and change it to:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash nopti"

then run $ sudo update-grub2 and reboot

You can verify it worked by running the following:

$ dmesg | grep 'page table'
[ 0.000000] Kernel/User page tables isolation: disabled on command line."
https://www.reddit.com/r/debian/comments/7wozlc/q_how_do_i_prevent_updates_to_fix_spectre_meltdown/

 

Meltdown & Spectre Megathread : sysadmin


#meltdown #spectre

 

 

AMD Is Releasing Spectre Firmware Updates To Fix CPU Vulnerabilities - Slashdot


#amd #meltdown #spectre

 
#spectre / #meltdown reality check over at the xorl blog: https://xorl.wordpress.com/2018/01/10/thoughts-on-meltdown-spectre/

"The only real victim that this attack is more valuable than privilege escalation attacks is shared hosting providers. Whether that is virtual machines, containers, or anything similar. Those exploitation techniques break the sole business model of those companies. Huge players [..] are selling exactly what Meltdown & Spectre proved that it doesn’t exist, high quality isolation between shared resources."

xorl %eax, %eax: Thoughts on Meltdown & Spectre (xorl)

2018 started with some unique low-level exploitation techniques disclosure. People that never cared about processor architecture suddenly explain how speculative execution, advanced side-channel an…

 
#spectre / #meltdown reality check over at the xorl blog: https://xorl.wordpress.com/2018/01/10/thoughts-on-meltdown-spectre/

"The only real victim that this attack is more valuable than privilege escalation attacks is shared hosting providers. Whether that is virtual machines, containers, or anything similar. Those exploitation techniques break the sole business model of those companies. Huge players [..] are selling exactly what Meltdown & Spectre proved that it doesn’t exist, high quality isolation between shared resources."

xorl %eax, %eax: Thoughts on Meltdown & Spectre (xorl)

2018 started with some unique low-level exploitation techniques disclosure. People that never cared about processor architecture suddenly explain how speculative execution, advanced side-channel an…

 
I missed this post by Anders Fogh a couple of days ago, on the academic work that has lead up to #Meltdown / #Spectre: https://cyber.wtf/2018/01/05/behind-the-scene-of-a-bug-collision/

"Well, CPU research is much like drawing a map of an uncharted world. Researchers start from known research and proceed into the unknown, and if they find something, they document it and add it to the map. This essentially means that the frontier looks very similar to everybody leading people into the same paths."

Don't need no conspiracy.

cyber.wtf: Behind the scenes of a bug collision (Anders Fogh)

Introduction In this blog post I’ll speculate as to how we ended up with multiple researchers arriving at the same vulnerabilities in modern CPU’s concurrently. The conclusion is that t…

 
NVIDIA GPUs weren't immune to #Spectre security flaws either
https://www.engadget.com/2018/01/10/nvidia-gpu-meltdown-and-spectre-patches/

#NVIDIA has detailed how its #GPU are affected by the speculative execution attacks and has started releasing updated drivers that tackle the issue.

NVIDIA GPUs weren't immune to Spectre security flaws either

NVIDIA has begun patching its graphics hardware to fight Meltdown and Spectre security vulnerabilities.