Are you over 18 and want to see adult content?
More Annotations
A complete backup of https://theaterkino.net
Are you over 18 and want to see adult content?
A complete backup of https://cream.co.uk
Are you over 18 and want to see adult content?
A complete backup of https://kzn.org.za
Are you over 18 and want to see adult content?
A complete backup of https://canter.com.pk
Are you over 18 and want to see adult content?
A complete backup of https://hetarena.com
Are you over 18 and want to see adult content?
A complete backup of https://boardmodelpaper.com
Are you over 18 and want to see adult content?
A complete backup of https://slicelife.com
Are you over 18 and want to see adult content?
A complete backup of https://educationprogram.us
Are you over 18 and want to see adult content?
A complete backup of https://celebgalz.com
Are you over 18 and want to see adult content?
A complete backup of https://hastybook.com
Are you over 18 and want to see adult content?
A complete backup of https://veblen-institute.org
Are you over 18 and want to see adult content?
A complete backup of https://resistance.today
Are you over 18 and want to see adult content?
Favourite Annotations
A complete backup of https://collegeofeducation.net
Are you over 18 and want to see adult content?
A complete backup of https://fidelityflatheadcounty.com
Are you over 18 and want to see adult content?
A complete backup of https://inthemosh.com
Are you over 18 and want to see adult content?
A complete backup of https://mecklenburgische-seenplatte.de
Are you over 18 and want to see adult content?
A complete backup of https://muslim.kz
Are you over 18 and want to see adult content?
A complete backup of https://openresty.com
Are you over 18 and want to see adult content?
A complete backup of https://opengateclinic.com
Are you over 18 and want to see adult content?
A complete backup of https://writinganessay.info
Are you over 18 and want to see adult content?
A complete backup of https://bloodworksnw.org
Are you over 18 and want to see adult content?
A complete backup of https://towerofpisa.org
Are you over 18 and want to see adult content?
A complete backup of https://ethepharm.com
Are you over 18 and want to see adult content?
Text
MELTDOWN
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.Meltdown Paper
Cite
arXiv
SPECTRE
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.Spectre Paper
Cite
arXiv
WHO REPORTED MELTDOWN? Meltdown was independently discovered and reported by three teams: * Jann Horn (Google Project Zero),
* Werner Haas, Thomas Prescher (Cyberus Technology),
* Daniel Gruss , Moritz Lipp ,Stefan Mangard
,
Michael Schwarz (Graz University of Technology)
WHO REPORTED SPECTRE? Spectre was independently discovered and reported by two people: * Jann Horn (Google Project Zero) and
* Paul Kocher in collaboration with, in alphabetical order, Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg
(Rambus ), Moritz Lipp (Graz University of Technology ), and Yuval Yarom (University of Adelaideand Data61
)
-------------------------QUESTIONS & ANSWERS
AM I AFFECTED BY THE VULNERABILITY? Most certainly, yes. CAN I DETECT IF SOMEONE HAS EXPLOITED MELTDOWN OR SPECTRE AGAINST ME? Probably not. The exploitation does not leave any traces in traditional log files. CAN MY ANTIVIRUS DETECT OR BLOCK THIS ATTACK? While possible in theory, this is unlikely in practice. Unlike usual malware, Meltdown and Spectre are hard to distinguish from regular benign applications. However, your antivirus may detect malware which uses the attacks by comparing binaries after they become known.WHAT CAN BE LEAKED?
If your system is affected, our proof-of-concept exploit can read the memory content of your computer. This may include passwords and sensitive data stored on the system. HAS MELTDOWN OR SPECTRE BEEN ABUSED IN THE WILD?We don't know.
IS THERE A WORKAROUND/FIX? There are patches against Meltdown for Linux ( KPTI (formerly KAISER) ), Windows, and OS X. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre (LLVM patch
,
MSVC
,
ARM speculation barrier header).
WHICH SYSTEMS ARE AFFECTED BY MELTDOWN? Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether AMD processors are also affected by Meltdown. According to ARM, some of their
processors are also affected. WHICH SYSTEMS ARE AFFECTED BY SPECTRE? Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors. WHICH CLOUD PROVIDERS ARE AFFECTED BY MELTDOWN? Cloud providers which use Intel CPUs and Xen PV as virtualization without having patches applied. Furthermore, cloud providers without real hardware virtualization, relying on containers that share one kernel, such as Docker, LXC, or OpenVZ are affected. WHAT IS THE DIFFERENCE BETWEEN MELTDOWN AND SPECTRE? Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location. For a more technical discussion we refer to the papers ( Meltdownand Spectre
)
WHY IS IT CALLED MELTDOWN? The vulnerability basically melts security boundaries which are normally enforced by the hardware. WHY IS IT CALLED SPECTRE? The name is based on the root cause, speculative execution. As it is not easy to fix, it will haunt us for quite some time. IS THERE MORE TECHNICAL INFORMATION ABOUT MELTDOWN AND SPECTRE? Yes, there is an academic paper anda blog post
about Meltdown, and an academic paper about Spectre. Furthermore, there is a Google Project Zero blog entryabout both attacks.
WHAT ARE CVE-2017-5753 AND CVE-2017-5715? CVE-2017-5753 and CVE-2017-5715 are the official references to Spectre. CVE is the Standard for Information Security Vulnerability Names maintained by MITRE. WHAT IS THE CVE-2017-5754? CVE-2017-5754 is the official reference to Meltdown. CVE is the Standard for Information Security Vulnerability Names maintained byMITRE.
CAN I SEE MELTDOWN IN ACTION?CAN I USE THE LOGO?
Both the Meltdown and Spectre logo are free to use, rights waived viaCC0 . Logos are
designed by Natascha Eibl .LOGO
LOGO WITH TEXT
CODE ILLUSTRATION
MELTDOWN
PNG Â Â /Â Â Â SVG PNG Â Â /Â Â Â SVG PNG Â Â /Â Â Â SVGSPECTRE
PNG Â Â /Â Â Â SVG PNG Â Â /Â Â Â SVG PNG Â Â /Â Â Â SVG IS THERE A PROOF-OF-CONCEPT CODE? Yes, there is a GitHub repository containing test code for Meltdown. WHERE CAN I FIND OFFICIAL INFOS/SECURITY ADVISORIES OF INVOLVED/AFFECTED COMPANIES?LINK
INTEL
Security Advisory
/
Newsroom
/ Â Â Â WhitepaperARM
Security Update
AMD
Security InformationRISC-V
Blog
NVIDIA
Security Bulletin
/Â Â Â Product SecurityMICROSOFT
Security Guidance
/ Â Â Â Information regarding anti-virus software / Â Â Â Azure Blog / Â Â Â Windows (Client) / Â Â Â Windows (Server)AMAZON
Security Bulletin
Project Zero Blog
/ Â Â Need to knowANDROID
Security Bulletin
APPLE
Apple Support
LENOVO
Security Advisory
IBM
Blog
DELL
Knowledge Base
/Â Â Â Knowledge Base (Server) HEWLETT PACKARD ENTERPRISEVulnerability Alert
HP INC.
Security Bulletin
HUAWEI
Security Notice
SYNOLOGY
Security Advisory
CISCO
Security Advisory
F5
Security Advisory
MOZILLA
Security Blog
RED HAT
Vulnerability Response /Â Â Â Performance ImpactsDEBIAN
Security Tracker
UBUNTU
Knowledge Base
SUSE
Vulnerability ResponseFEDORA
Kernel update
QUBES
Announcement
FORTINET
Advisory
NETAPP
Advisory
LLVM
Spectre (Variant #2) Patch /Â Â Â Review __builtin_load_no_speculate/Â Â Â Review
llvm.nospeculateloadCERT
Vulnerability Note
MITRE
CVE-2017-5715
/Â Â Â CVE-2017-5753/
 CVE-2017-5754
VMWARE
Security Advisory
/Â Â Â Blog
CITRIX
Security Bulletin
/Â Â Â Security Bulletin (XenServer)XEN
Security Advisory (XSA-254)/Â Â Â FAQ
-------------------------ACKNOWLEDGEMENTS
We would like to thank Intel for awarding us with a bug bounty for the responsible disclosure process, and their professional handling of this issue through communicating a clear timeline and connecting all involved researchers. Furthermore, we would also thank ARM for their fast response upon disclosing the issue. This work was supported in part by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 681402). This work was supported in part by NSF awards #1514261 and #1652259, financial assistance award 70NANB15H328 from the U.S. Department of Commerce, National Institute of Standards and Technology, the 2017-2018 Rothschild Postdoctoral Fellowship, and the Defense Advanced Research Project Agency (DARPA) under Contract #FA8650-16-C-7622. © 2018 Graz University of Technology. All Rights Reserved. System hosted at Graz University of Technology | Legal NoticeDetails
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0