olea
4 Enero, 2018 08:46
#1
Spectre Attacks: Exploiting Speculative Execution : https://spectreattack.com/spectre.pdf
https://twitter.com/nicoleperlroth/status/948684376249962496?ref_src=twcamp^share|twsrc^m5|twgr^email|twcon^7046|twterm^1
retpoline is a special sequence on Intel CPUs to stop speculation for
indirect branches: https://lkml.org/lkml/2018/1/3/770
An Update on AMD Processor Security
Intel Corporation and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices...
Mitigations landing for new class of timing attack: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
Fedora [email protected] : Call for testing: updates to address today’s CPU/kernel vulnerability .
Apple has released security updates for macOS Sierra and El Capitan with mitigations for Meltdown.
Apple has released updates for iOS, macOS High Sierra, and Safari on Sierra and El Capitan to help defend against Spectre.
Apple Watch is unaffected by...
1 me gusta
He recibido correo de Azure que van a hacer mantenimiento para la máquina donde esta este foro ( si no recuerdo mal estaba en azure).
Ya se puede comprobar si tu procesador Intel es vulnerable a Meltdown y/o Spectre con la herramienta de Intel para la ocasión
1 me gusta
function isVulnerable() {
return true;
}
1 me gusta
[SrFreak] SrFreak http://foro.hacklabalmeria.net/u/srfreak
5 Enero
Ya se puede comprobar si tu procesador Intel es vulnerable a Meltdown
y/o Spectre con la herramienta de Intel para la ocasión
downloadcenter.intel.com https://downloadcenter.intel.com/download/27150
Download Intel-SA-00086 Detection Tool
<https://downloadcenter.intel.com/download/27150>
Intel-SA-00086 Detection Tool
Parece que me escapo:
./intel_sa00086.py
INTEL-SA-00086 Detection Tool
Copyright© 2017, Intel Corporation, All rights reserved
Application Version: 1.0.0.152
Scan date: 2018-01-05 10:09:35 GMT
*** Host Computer Information ***
Name: orusem
Manufacturer: System manufacturer
Model: System Product Name
Processor Name: Intel® Pentium® CPU G860 @ 3.00GHz
OS Version: debian buster/sid (4.14.0-2-amd64)
*** Intel® ME Information ***
Engine: Intel® Management Engine
Version: 8.0.13.1502
SVN: 0
*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable.
For more information refer to the INTEL-SA-00086 Detection Tool Guide or the
Intel Security Advisory Intel-SA-00086 at the following link:
https://www.intel.com/sa-00086-support
Salud y Revolución.
Lobo.
Eso mismo pensé yo xD
De todos modos, parece que ha sido un falso positivo y esta herramienta aún no detecta Meltdown y Spectre, aunque lo hará.