Vulnerabilidades Meltdown y Spectre


#1

https://twitter.com/GESI_AL/status/948836221492584449

Spectre Attacks: Exploiting Speculative Execution: https://spectreattack.com/spectre.pdf

https://googleprojectzero.blogspot.com.es/2018/01/reading-privileged-memory-with-side.html

https://twitter.com/nicoleperlroth/status/948684376249962496?ref_src=twcamp^share|twsrc^m5|twgr^email|twcon^7046|twterm^1

retpoline is a special sequence on Intel CPUs to stop speculation for
indirect branches: https://lkml.org/lkml/2018/1/3/770

https://twitter.com/newsycombinator/status/948917483838242816

An Update on AMD Processor Security

https://developer.arm.com/support/security-update

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

Mitigations landing for new class of timing attack: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

https://www.theverge.com/2018/1/3/16846840/intel-arm-processor-flaw-chipocalypse-windows-macos-linux

Fedora test-announce@lists.fedoraproject.org: Call for testing: updates to address today’s CPU/kernel vulnerability.

https://support.apple.com/en-us/HT208394


#2

#3

He recibido correo de Azure que van a hacer mantenimiento para la máquina donde esta este foro ( si no recuerdo mal estaba en azure).


#4

Ya se puede comprobar si tu procesador Intel es vulnerable a Meltdown y/o Spectre con la herramienta de Intel para la ocasión


#5
function isVulnerable() {
    return true;
}

#6

[SrFreak] SrFreak http://foro.hacklabalmeria.net/u/srfreak
5 Enero

Ya se puede comprobar si tu procesador Intel es vulnerable a Meltdown
y/o Spectre con la herramienta de Intel para la ocasión

downloadcenter.intel.com https://downloadcenter.intel.com/download/27150

  Download Intel-SA-00086 Detection Tool
  <https://downloadcenter.intel.com/download/27150>

Intel-SA-00086 Detection Tool

Parece que me escapo:

./intel_sa00086.py

INTEL-SA-00086 Detection Tool
Copyright© 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.152
Scan date: 2018-01-05 10:09:35 GMT

*** Host Computer Information ***
Name: orusem
Manufacturer: System manufacturer
Model: System Product Name
Processor Name: Intel® Pentium® CPU G860 @ 3.00GHz
OS Version: debian buster/sid (4.14.0-2-amd64)

*** Intel® ME Information ***
Engine: Intel® Management Engine
Version: 8.0.13.1502
SVN: 0

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable.

For more information refer to the INTEL-SA-00086 Detection Tool Guide or the
Intel Security Advisory Intel-SA-00086 at the following link:
https://www.intel.com/sa-00086-support

Salud y Revolución.

Lobo.


#7

Eso mismo pensé yo xD

De todos modos, parece que ha sido un falso positivo y esta herramienta aún no detecta Meltdown y Spectre, aunque lo hará.