Esetova lista :
https://www.welivesecurity.com/2018/01/ ... commended/
Sada je: 18 tra 2024, 04:45.
Moderator/ica: Moderatori/ce
https://insights.ubuntu.com/2018/01/24/ ... d-to-know/
Detaljne tehničke informacije o Meltdown i Spectre i utjecaju na različite sustave.
Detaljne tehničke informacije o Meltdown i Spectre i utjecaju na različite sustave.
JH-IM je napisao/la:https://insights.ubuntu.com/2018/01/24/meltdown-spectre-and-ubuntu-what-you-need-to-know/
Detaljne tehničke informacije o Meltdown i Spectre i utjecaju na različite sustave.
Ima i ovo, zanimljiv članak i u elementima lakše uznemirujuć https://sysdig.com/blog/making-sense-of-meltdown/
Es gibt keinen Gott, kein Universum, keine menschliche Rasse, kein irdisches Leben, keinen Himmel, keine Hölle. Es ist alles ein Traum - ein grotesker und dummer Traum. Nichts existiert außer dir. Und du bist nur ein Gedanke - ein vagabundierender Gedanke, ein nutzloser Gedanke, ein heimatloser Gedanke, der verloren in der leeren Ewigkeit wandelt!
phoronix.com preporučuje prezentaciju Jon Masters (Red Hat) iz FOSDEM 2018 :
video: https://ftp.heanet.ie/mirrors/fosdem-vi ... ynote.webm
slides: https://fosdem.org/2018/schedule/event/ ... eynote.pdf
Jon Masters On Understanding Spectre & Meltdown CPU Vulnerabilities
https://www.phoronix.com/scan.php?page= ... e-Meltdown
LP b4sh
video: https://ftp.heanet.ie/mirrors/fosdem-vi ... ynote.webm
slides: https://fosdem.org/2018/schedule/event/ ... eynote.pdf
Jon Masters On Understanding Spectre & Meltdown CPU Vulnerabilities
https://www.phoronix.com/scan.php?page= ... e-Meltdown
LP b4sh
"The quieter you become, the more you are able to hear...."
Specter Mitigations u Microsoftovom C/C++ prevodiocu
Paul Kocher predviđa 60% gubitka brzine kod korištenja LFENCE
https://www.paulkocher.com/doc/Microsof ... ation.html
Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits
Eksperimentirati sa novim scenarijima napada. Zanimljivo je pronaći na dnu "Ažurirano"(Updated). Čini se da je Intel već razvio hardversko rješenje. Međutim, oni ih nazivaju "ublažavanjem"(mitigation), a ne "popraviti"(fix).
https://www.theregister.co.uk/2018/02/1 ... _variants/
Paul Kocher tako hrabro tvrdi da je pronašao ranjivosti u procesorima koji do dan danas nisu iskorišteni od bilo koje strane HaCkOrZ ... ?? Pomeni je to sve bullshitt
Info mojih Kernel-a 4.16.0-rc1 i 4.15.3 :
LP b4sh
****
Edit by calisto: nabrajanj stavljeno u code radi lakśeg pregleda.
Paul Kocher predviđa 60% gubitka brzine kod korištenja LFENCE
https://www.paulkocher.com/doc/Microsof ... ation.html
Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits
Eksperimentirati sa novim scenarijima napada. Zanimljivo je pronaći na dnu "Ažurirano"(Updated). Čini se da je Intel već razvio hardversko rješenje. Međutim, oni ih nazivaju "ublažavanjem"(mitigation), a ne "popraviti"(fix).
https://www.theregister.co.uk/2018/02/1 ... _variants/
Paul Kocher tako hrabro tvrdi da je pronašao ranjivosti u procesorima koji do dan danas nisu iskorišteni od bilo koje strane HaCkOrZ ... ?? Pomeni je to sve bullshitt
Info mojih Kernel-a 4.16.0-rc1 i 4.15.3 :
- Kod: Označi sve
Spectre and Meltdown mitigation detection tool v0.34
Checking for vulnerabilities on current system
Kernel is Linux 4.16.0-rc1 #1 SMP Wed Feb 14 12:34:01 CET 2018 x86_64
CPU is Intel(R) Core(TM) i5-7600K CPU @ 3.80GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO (model 158 stepping 9 ucode 0x5e)
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec: YES (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: __user pointer sanitization)[/color]
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: NO
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
* Retpoline enabled: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: Full generic retpoline)[/color]
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: PTI)[/color]
A false sense of security is worse than no security at all, see --disclaimer
############
Spectre and Meltdown mitigation detection tool v0.34
Checking for vulnerabilities on current system
Kernel is Linux 4.15.3 #1 SMP Wed Feb 14 14:06:48 CET 2018 x86_64
CPU is Intel(R) Core(TM) i5-7600K CPU @ 3.80GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO (model 158 stepping 9 ucode 0x5e)
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec: YES (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: __user pointer sanitization)
[/color]
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: NO
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
* Retpoline enabled: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: Full generic retpoline)[/color]
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: PTI)[/color]
A false sense of security is worse than no security at all, see --disclaimer
LP b4sh
****
Edit by calisto: nabrajanj stavljeno u code radi lakśeg pregleda.
"The quieter you become, the more you are able to hear...."
Tko živi u nadi umire u gov....
Tko živi u nadi umire u gov....
Jeremija je napisao/la:https://www.bug.hr/hakeri/hakeri-nakratko-izbrisali-najgledaniji-video-s-youtubea-3722?utm_source=Midas&utm_medium=Widget&utm_campaign=Razmjena%2bInPortal
Ovo je i komično. Hakiran YouTube.
To je hakiran nečiji račun na jutubu a ne sami jutub. Očito ne vode računa kako i gdje spremaju svoje lozinke.
Uncovering the Android patch gap through binary-only patch analysis HITB conference, April 13, 2018
https://conference.hitb.org/hitbsecconf ... alysis.pdf
https://conference.hitb.org/hitbsecconf ... alysis.pdf
Es gibt keinen Gott, kein Universum, keine menschliche Rasse, kein irdisches Leben, keinen Himmel, keine Hölle. Es ist alles ein Traum - ein grotesker und dummer Traum. Nichts existiert außer dir. Und du bist nur ein Gedanke - ein vagabundierender Gedanke, ein nutzloser Gedanke, ein heimatloser Gedanke, der verloren in der leeren Ewigkeit wandelt!
Kad Apple neće (navodno) dati pristup, idemo drugačije
https://motherboard.vice.com/en_us/arti ... ch-graykey
https://motherboard.vice.com/en_us/arti ... ch-graykey
Na mreži
Trenutno korisnika/ca: / i 5 gostiju.