Multiple teams of security researchers around the world independently discovered these vulns and have been loosely coordinating to work on these disclosures together. This process was quite long; it took over a year. Four different whitepapers dropped today.
-
-
Prikaži ovu nit
-
Tweet nije dostupan
-
The http://mdsattacks.com site also contains a FAQ, videos of exploit demos, a really cool interactive guide to speculative execution attacks (seriously, go play with it) and handy tools to check if your system is vulnerable (links in next tweet).
Prikaži ovu nit -
Verify whether your system is vulnerable to the new MDS CPU attacks with these tools from the RIDL team! Windows: https://mdsattacks.com/files/mdstool-win.zip … Linux: https://mdsattacks.com/files/mdstool-linux.zip … GitHub:https://github.com/vusec/ridl
Prikaži ovu nit -
Also dropped today from TU Graz was
#ZombieLoad. ZombieLoad uncovers a novel Meltdown-type effect in previously unexplored fill-buffer logic. https://zombieload.com is dedicated to this vuln, w/ FAQ. Paper here: https://zombieloadattack.com/zombieload.pdf Exploit POC here:https://github.com/IAIK/ZombieLoadPrikaži ovu nit -
#ZombieLoad is no joke. It has multiple practical attack scenarios across CPU privilege rings, OS processes, VMs, and SGX enclaves. Disabling hyperthreading is the only possible workaround to prevent this extremely powerful attack on current processors.Prikaži ovu nit -
-
https://cpu.fail contains links to the other CPU vulns, and one more whitepaper, which isn't anywhere else. This paper on store-to-leak forwarding shows that Meltdown-style attacks can still work on recent CPUs that aren't vulnerable to Meltdown. https://cpu.fail/store-to-leak.pdf …
Prikaži ovu nit -
These attacks affect all modern Intel CPUs in servers, desktops and laptops, including the latest 9th-gen processors that contain Meltdown mitigations. 9th-gen CPUs are actually more vulnerable to some of these attacks than older-gen hardware. AMD and ARM CPUs are not affected.
Prikaži ovu nit -
Blog post from Red Hat with technical detail on MDS vulns (with long deep-dive video): https://www.redhat.com/en/blog/understanding-mds-vulnerability-what-it-why-it-works-and-how-mitigate-it … Blog post with technical detail on
#ZombieLoad: https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html … Intel advisory:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html …Prikaži ovu nit -
Red Hat advisory on new CPU vulnerabilities, with CVE numbers CVE-2018-12130 CVE-2018-12126 CVE-2018-12127 CVE-2019-11091https://access.redhat.com/security/vulnerabilities/mds …
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
