Vulnerabilidades Meltdown y Spectre

Spectre Attacks: Exploiting Speculative Execution: https://spectreattack.com/spectre.pdf

https://twitter.com/nicoleperlroth/status/948684376249962496?ref_src=twcamp^share|twsrc^m5|twgr^email|twcon^7046|twterm^1

retpoline is a special sequence on Intel CPUs to stop speculation for
indirect branches: https://lkml.org/lkml/2018/1/3/770

An Update on AMD Processor Security

Mitigations landing for new class of timing attack: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

Fedora [email protected]: Call for testing: updates to address today’s CPU/kernel vulnerability.

1 me gusta
2 Me gusta

He recibido correo de Azure que van a hacer mantenimiento para la máquina donde esta este foro ( si no recuerdo mal estaba en azure).

Ya se puede comprobar si tu procesador Intel es vulnerable a Meltdown y/o Spectre con la herramienta de Intel para la ocasión

1 me gusta
function isVulnerable() {
    return true;
}
1 me gusta

[SrFreak] SrFreak http://foro.hacklabalmeria.net/u/srfreak
5 Enero

Ya se puede comprobar si tu procesador Intel es vulnerable a Meltdown
y/o Spectre con la herramienta de Intel para la ocasión

downloadcenter.intel.com https://downloadcenter.intel.com/download/27150

  Download Intel-SA-00086 Detection Tool
  <https://downloadcenter.intel.com/download/27150>

Intel-SA-00086 Detection Tool

Parece que me escapo:

./intel_sa00086.py

INTEL-SA-00086 Detection Tool
Copyright© 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.152
Scan date: 2018-01-05 10:09:35 GMT

*** Host Computer Information ***
Name: orusem
Manufacturer: System manufacturer
Model: System Product Name
Processor Name: Intel® Pentium® CPU G860 @ 3.00GHz
OS Version: debian buster/sid (4.14.0-2-amd64)

*** Intel® ME Information ***
Engine: Intel® Management Engine
Version: 8.0.13.1502
SVN: 0

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable.

For more information refer to the INTEL-SA-00086 Detection Tool Guide or the
Intel Security Advisory Intel-SA-00086 at the following link:
https://www.intel.com/sa-00086-support

Salud y Revolución.

Lobo.

Eso mismo pensé yo xD

De todos modos, parece que ha sido un falso positivo y esta herramienta aún no detecta Meltdown y Spectre, aunque lo hará.