Novosti o sigurnosti, propustima i zanimljivostima
Moderator/ica: Moderatori/ce
Re: Novosti o sigurnosti, propustima i zanimljivostima
https://insights.ubuntu.com/2018/01/24/ ... d-to-know/
Detaljne tehničke informacije o Meltdown i Spectre i utjecaju na različite sustave.
Detaljne tehničke informacije o Meltdown i Spectre i utjecaju na različite sustave.
Re: Novosti o sigurnosti, propustima i zanimljivostima
Ima i ovo, zanimljiv članak i u elementima lakše uznemirujuć https://sysdig.com/blog/making-sense-of-meltdown/JH-IM je napisao/la:https://insights.ubuntu.com/2018/01/24/ ... d-to-know/
Detaljne tehničke informacije o Meltdown i Spectre i utjecaju na različite sustave.
Es gibt keinen Gott, kein Universum, keine menschliche Rasse, kein irdisches Leben, keinen Himmel, keine Hölle. Es ist alles ein Traum - ein grotesker und dummer Traum. Nichts existiert außer dir. Und du bist nur ein Gedanke - ein vagabundierender Gedanke, ein nutzloser Gedanke, ein heimatloser Gedanke, der verloren in der leeren Ewigkeit wandelt!
Re: Novosti o sigurnosti, propustima i zanimljivostima
phoronix.com preporučuje prezentaciju Jon Masters (Red Hat) iz FOSDEM 2018 :
video: https://ftp.heanet.ie/mirrors/fosdem-vi ... ynote.webm
slides: https://fosdem.org/2018/schedule/event/ ... eynote.pdf
Jon Masters On Understanding Spectre & Meltdown CPU Vulnerabilities
https://www.phoronix.com/scan.php?page= ... e-Meltdown
LP b4sh
video: https://ftp.heanet.ie/mirrors/fosdem-vi ... ynote.webm
slides: https://fosdem.org/2018/schedule/event/ ... eynote.pdf
Jon Masters On Understanding Spectre & Meltdown CPU Vulnerabilities
https://www.phoronix.com/scan.php?page= ... e-Meltdown
LP b4sh
"The quieter you become, the more you are able to hear...."
Re: Novosti o sigurnosti, propustima i zanimljivostima
Specter Mitigations u Microsoftovom C/C++ prevodiocu
Paul Kocher predviđa 60% gubitka brzine kod korištenja LFENCE
https://www.paulkocher.com/doc/Microsof ... ation.html
Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits
Eksperimentirati sa novim scenarijima napada. Zanimljivo je pronaći na dnu "Ažurirano"(Updated). Čini se da je Intel već razvio hardversko rješenje. Međutim, oni ih nazivaju "ublažavanjem"(mitigation), a ne "popraviti"(fix).
https://www.theregister.co.uk/2018/02/1 ... _variants/
Paul Kocher tako hrabro tvrdi da je pronašao ranjivosti u procesorima koji do dan danas nisu iskorišteni od bilo koje strane HaCkOrZ ... ??
Pomeni je to sve bullshitt
Info mojih Kernel-a 4.16.0-rc1 i 4.15.3 :
LP b4sh
****
Edit by calisto: nabrajanj stavljeno u code radi lakśeg pregleda.
Paul Kocher predviđa 60% gubitka brzine kod korištenja LFENCE
https://www.paulkocher.com/doc/Microsof ... ation.html
Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits
Eksperimentirati sa novim scenarijima napada. Zanimljivo je pronaći na dnu "Ažurirano"(Updated). Čini se da je Intel već razvio hardversko rješenje. Međutim, oni ih nazivaju "ublažavanjem"(mitigation), a ne "popraviti"(fix).
https://www.theregister.co.uk/2018/02/1 ... _variants/
Paul Kocher tako hrabro tvrdi da je pronašao ranjivosti u procesorima koji do dan danas nisu iskorišteni od bilo koje strane HaCkOrZ ... ??
Info mojih Kernel-a 4.16.0-rc1 i 4.15.3 :
Kod: Označi sve
Spectre and Meltdown mitigation detection tool v0.34
Checking for vulnerabilities on current system
Kernel is Linux 4.16.0-rc1 #1 SMP Wed Feb 14 12:34:01 CET 2018 x86_64
CPU is Intel(R) Core(TM) i5-7600K CPU @ 3.80GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO (model 158 stepping 9 ucode 0x5e)
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec: YES (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: __user pointer sanitization)[/color]
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: NO
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
* Retpoline enabled: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: Full generic retpoline)[/color]
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: PTI)[/color]
A false sense of security is worse than no security at all, see --disclaimer
############
Spectre and Meltdown mitigation detection tool v0.34
Checking for vulnerabilities on current system
Kernel is Linux 4.15.3 #1 SMP Wed Feb 14 14:06:48 CET 2018 x86_64
CPU is Intel(R) Core(TM) i5-7600K CPU @ 3.80GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO (model 158 stepping 9 ucode 0x5e)
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec: YES (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: __user pointer sanitization)
[/color]
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: NO
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
* Retpoline enabled: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: Full generic retpoline)[/color]
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: PTI)[/color]
A false sense of security is worse than no security at all, see --disclaimerLP b4sh
****
Edit by calisto: nabrajanj stavljeno u code radi lakśeg pregleda.
"The quieter you become, the more you are able to hear...."
Re: Novosti o sigurnosti, propustima i zanimljivostima
Tko živi u nadi umire u gov....
Re: Novosti o sigurnosti, propustima i zanimljivostima
Tko živi u nadi umire u gov....
- jurastublic
- Postovi: 1907
- Pridružen/a: 16 tra 2011, 08:34
- Spol: M
- OS: Mint 10 LXDE itd...
- Lokacija: i grupa Film
Re: Novosti o sigurnosti, propustima i zanimljivostima
To je hakiran nečiji račun na jutubu a ne sami jutub. Očito ne vode računa kako i gdje spremaju svoje lozinke.Jeremija je napisao/la:https://www.bug.hr/hakeri/hakeri-nakratko-izbrisali-najgledaniji-video-s-youtubea-3722?utm_source=Midas&utm_medium=Widget&utm_campaign=Razmjena%2bInPortal
Ovo je i komično. Hakiran YouTube.
Re: Novosti o sigurnosti, propustima i zanimljivostima
Uncovering the Android patch gap through binary-only patch analysis HITB conference, April 13, 2018
https://conference.hitb.org/hitbsecconf ... alysis.pdf
https://conference.hitb.org/hitbsecconf ... alysis.pdf
Es gibt keinen Gott, kein Universum, keine menschliche Rasse, kein irdisches Leben, keinen Himmel, keine Hölle. Es ist alles ein Traum - ein grotesker und dummer Traum. Nichts existiert außer dir. Und du bist nur ein Gedanke - ein vagabundierender Gedanke, ein nutzloser Gedanke, ein heimatloser Gedanke, der verloren in der leeren Ewigkeit wandelt!
Re: Novosti o sigurnosti, propustima i zanimljivostima
Kad Apple neće (navodno) dati pristup, idemo drugačije
https://motherboard.vice.com/en_us/arti ... ch-graykey
https://motherboard.vice.com/en_us/arti ... ch-graykey