Sada je: 26 svi 2018, 12:55.
Linux, poslužitelj, mreže i sigurnost

Moderator/ica: Moderatori/ce

Esetova lista :

https://www.welivesecurity.com/2018/01/ ... commended/
Avatar
Postovi: 236
Postovi: 236
Pridružen/a: 06 tra 2017, 18:40
Podijelio/la zahvalu: 60 puta
Primio/la zahvalu: 16 puta
Spol: M
OS: Manjaro KDE
https://insights.ubuntu.com/2018/01/24/ ... d-to-know/

Detaljne tehničke informacije o Meltdown i Spectre i utjecaju na različite sustave.
Avatar
Postovi: 2758
Postovi: 2758
Pridružen/a: 23 ruj 2013, 21:19
Podijelio/la zahvalu: 41 puta
Primio/la zahvalu: 170 puta
Spol: M
OS: Ubuntu 17.10/ArchGnome
JH-IM je napisao/la:https://insights.ubuntu.com/2018/01/24/meltdown-spectre-and-ubuntu-what-you-need-to-know/

Detaljne tehničke informacije o Meltdown i Spectre i utjecaju na različite sustave.


Ima i ovo, zanimljiv članak i u elementima lakše uznemirujuć https://sysdig.com/blog/making-sense-of-meltdown/
Es gibt keinen Gott, kein Universum, keine menschliche Rasse, kein irdisches Leben, keinen Himmel, keine Hölle. Es ist alles ein Traum - ein grotesker und dummer Traum. Nichts existiert außer dir. Und du bist nur ein Gedanke - ein vagabundierender Gedanke, ein nutzloser Gedanke, ein heimatloser Gedanke, der verloren in der leeren Ewigkeit wandelt!
Avatar
Moderator
Postovi: 9518
Moderator
Postovi: 9518
Pridružen/a: 07 pro 2007, 18:07
Podijelio/la zahvalu: 129 puta
Primio/la zahvalu: 243 puta
Spol: Y
OS: utuntu 17.04
phoronix.com preporučuje prezentaciju Jon Masters (Red Hat) iz FOSDEM 2018 :

video: https://ftp.heanet.ie/mirrors/fosdem-vi ... ynote.webm
slides: https://fosdem.org/2018/schedule/event/ ... eynote.pdf

Jon Masters On Understanding Spectre & Meltdown CPU Vulnerabilities
https://www.phoronix.com/scan.php?page= ... e-Meltdown

LP b4sh
"The quieter you become, the more you are able to hear...."
Avatar
Postovi: 348
Postovi: 348
Pridružen/a: 04 tra 2012, 21:31
Podijelio/la zahvalu: 10 puta
Primio/la zahvalu: 19 puta
Spol: M
OS: Debian
Specter Mitigations u Microsoftovom C/C++ prevodiocu

Paul Kocher predviđa 60% gubitka brzine kod korištenja LFENCE

https://www.paulkocher.com/doc/Microsof ... ation.html

Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits
Eksperimentirati sa novim scenarijima napada. Zanimljivo je pronaći na dnu "Ažurirano"(Updated). Čini se da je Intel već razvio hardversko rješenje. Međutim, oni ih nazivaju "ublažavanjem"(mitigation), a ne "popraviti"(fix).

https://www.theregister.co.uk/2018/02/1 ... _variants/

Paul Kocher tako hrabro tvrdi da je pronašao ranjivosti u procesorima koji do dan danas nisu iskorišteni od bilo koje strane HaCkOrZ ... ?? pface Pomeni je to sve bullshitt

Info mojih Kernel-a 4.16.0-rc1 i 4.15.3 :

Kod: Označi sve
Spectre and Meltdown mitigation detection tool v0.34

Checking for vulnerabilities on current system
Kernel is Linux 4.16.0-rc1 #1 SMP Wed Feb 14 12:34:01 CET 2018 x86_64
CPU is Intel(R) Core(TM) i5-7600K CPU @ 3.80GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO (model 158 stepping 9 ucode 0x5e)
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec: YES (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: __user pointer sanitization)[/color]

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: NO
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
* Retpoline enabled: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: Full generic retpoline)[/color]

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: PTI)[/color]

A false sense of security is worse than no security at all, see --disclaimer

############

Spectre and Meltdown mitigation detection tool v0.34

Checking for vulnerabilities on current system
Kernel is Linux 4.15.3 #1 SMP Wed Feb 14 14:06:48 CET 2018 x86_64
CPU is Intel(R) Core(TM) i5-7600K CPU @ 3.80GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO (model 158 stepping 9 ucode 0x5e)
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec: YES (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: __user pointer sanitization)
[/color]
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: NO
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
* Retpoline enabled: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: Full generic retpoline)[/color]

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: PTI)[/color]

A false sense of security is worse than no security at all, see --disclaimer



LP b4sh :thmb-up


****
Edit by calisto: nabrajanj stavljeno u code radi lakśeg pregleda.
"The quieter you become, the more you are able to hear...."
Avatar
Postovi: 348
Postovi: 348
Pridružen/a: 04 tra 2012, 21:31
Podijelio/la zahvalu: 10 puta
Primio/la zahvalu: 19 puta
Spol: M
OS: Debian
https://advance.hr/vijesti/snazan-cyber ... se-izbore/

Hakirane tisuće Cisco rutera u Iranu i šire.
S rogatim se bodeš samo kada je pečen
Avatar
Postovi: 275
Postovi: 275
Pridružen/a: 20 pro 2015, 15:51
Podijelio/la zahvalu: 73 puta
Primio/la zahvalu: 6 puta
Spol: M
OS: Ubuntu16.04-Mint-win7
https://www.bug.hr/hakeri/hakeri-nakrat ... 2bInPortal

Ovo je i komično. Hakiran YouTube.
S rogatim se bodeš samo kada je pečen
Avatar
Postovi: 275
Postovi: 275
Pridružen/a: 20 pro 2015, 15:51
Podijelio/la zahvalu: 73 puta
Primio/la zahvalu: 6 puta
Spol: M
OS: Ubuntu16.04-Mint-win7
Jeremija je napisao/la:https://www.bug.hr/hakeri/hakeri-nakratko-izbrisali-najgledaniji-video-s-youtubea-3722?utm_source=Midas&utm_medium=Widget&utm_campaign=Razmjena%2bInPortal
Ovo je i komično. Hakiran YouTube.

To je hakiran nečiji račun na jutubu a ne sami jutub. Očito ne vode računa kako i gdje spremaju svoje lozinke.
Avatar
Postovi: 1770
Postovi: 1770
Pridružen/a: 16 tra 2011, 08:34
Lokacija: i grupa Film
Podijelio/la zahvalu: 41 puta
Primio/la zahvalu: 312 puta
Spol: M
OS: Mint 10 LXDE itd...
Uncovering the Android patch gap through binary-only patch analysis HITB conference, April 13, 2018
https://conference.hitb.org/hitbsecconf ... alysis.pdf
Es gibt keinen Gott, kein Universum, keine menschliche Rasse, kein irdisches Leben, keinen Himmel, keine Hölle. Es ist alles ein Traum - ein grotesker und dummer Traum. Nichts existiert außer dir. Und du bist nur ein Gedanke - ein vagabundierender Gedanke, ein nutzloser Gedanke, ein heimatloser Gedanke, der verloren in der leeren Ewigkeit wandelt!
Avatar
Moderator
Postovi: 9518
Moderator
Postovi: 9518
Pridružen/a: 07 pro 2007, 18:07
Podijelio/la zahvalu: 129 puta
Primio/la zahvalu: 243 puta
Spol: Y
OS: utuntu 17.04
Kad Apple neće (navodno) dati pristup, idemo drugačije :-D

https://motherboard.vice.com/en_us/arti ... ch-graykey
[+ Prikaži] Klik
ThinkPad T540p
Intel Core i5-4300M
Intel HD Graphics 4600
16GB DDR3L
128GB OCZ Vertex4 SSD & 500GB 7200 RPM HDD
15.6" FHD (1920x1080) anti-glare
6-cell Li-Ion battery 56Wh
Ubuntu 16.04.1
Slika: T540p i braća

***

ZEN
"Charlie. What are you thinking?"
"I'm thinking about what I want and what I need."
"What do you want?"
"I want a peaceful soul."
"And what do you need?"
"I need a bigger gun."
Avatar
Site Admin
Postovi: 9647
Site Admin
Postovi: 9647
Pridružen/a: 01 kol 2012, 12:39
Podijelio/la zahvalu: 559 puta
Primio/la zahvalu: 675 puta
Spol: M
OS: LinuxMint Cinnamon

Na mreži
Trenutno korisnika/ca: / i 2 gostiju.