Intel hardware bug
Eric McCorkle
eric at metricspace.net
Fri Jan 5 12:42:56 UTC 2018
On 01/05/2018 05:07, Jules Gilbert wrote:
> Sorry guys, you just convinced me that no one, not the NSA, not the FSB,
> no one!, has in the past, or will in the future be able to exploit this
> to actually do something not nice.
Attacks have already been demonstrated, pulling secrets out of kernel
space with meltdown and http headers/passwords out of a browser with
spectre. Javascript PoCs are already in existence, and we can expect
them to find their way into adware-based malware within a week or two.
Also, I'd be willing to bet you a year's rent that certain three-letter
organizations have known about and used this for some time.
> So what is this, really?, it's a market exploit opportunity for AMD.
Don't bet on it. There's reports of AMD vulnerabilities, also for ARM.
I doubt any major architecture is going to make it out unscathed. (But
if one does, my money's on Power)
More information about the freebsd-security
mailing list