Excellent work!
I started a Spectre/Meltdown documentation and resource collection repo. Please share and contribute PRs!https://github.com/marcan/speculation-bugs/blob/master/README.md …
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
*Very* nice. I see you have a "Y?" for AMD on [BTI]; is there a currently known working PoC/report or is that just speculation?
-
ah, I see you have a note about AMD and BTI in the "vendor response" section. might want to cross-ref that from the "Y?" (should I submit a PR?)
- Show replies
New conversation -
-
-
For the vulnerability tables it’s probably a good idea to insert inline citations.
-
Mostly done :-)
- Show replies
New conversation -
-
-
Great work here by
@marcan42. It seems to be the most comprehensive and straight-to-the point guide to meltdown & spectre. Star this.https://twitter.com/marcan42/status/949047927019843585 … -
I now wonder, if we see more notebooks with AMD or ARM64 in the future…
End of conversation
New conversation -
-
-
Thanks for sharing this. Once again, master
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Variation 1 remote attack is not hard. Crypto libraries purposely jitter network responses exactly to prevent this type of attacks (particularly leaking private keys)
-
Sure, but a lot of things need to line up beyond typical crypto attacks. You need to be able to trigger reads from the buffer or clashing cache lines, besides having a service with the vulnerable code path to begin with. I will be impressed if someone finds an exploitable service
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.