Using #Meltdown to steal passwords in real time #intelbug #kaiser #kpti /cc @mlqxyz @lavados @StefanMangard @yuvalyarom https://t.co/gX4CxfL1Ax pic.twitter.com/JbEvQSQraP
— Michael Schwarz (@misc0110) January 4, 2018
Kevin Kofler (./1075) :Je sais que tu as toute confiance dans ce genre d'entreprises, mais leur argument est complètement bidon : en effet, la faille ne permet que de lire la mémoire et donc ne permet pas *directement* d'effacer les données. Mais une fois que tu es devenu root, c'est assez facile d'effacer les données (et effacer les données n'est pas forcément le plus grave).
"Intel believes these exploits do not have the potential to corrupt, modify or delete data." – Bref, ce n'est pas aussi dangereux que Rowhammer, faut pas déconner.
From: Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date: 2007-10-24 1:14:13
Message-ID: 200710240114.l9O1EDt3003562 () cvs ! openbsd ! org
[Download message RAW]
> Virtualization seems to have a lot of security benefits.
You've been smoking something really mind altering, and I think you
should share it.
x86 virtualization is about basically placing another nearly full
kernel, full of new bugs, on top of a nasty x86 architecture which
barely has correct page protection. Then running your operating
system on the other side of this brand new pile of shit.
You are absolutely deluded, if not stupid, if you think that a
worldwide collection of software engineers who can't write operating
systems or applications without security holes, can then turn around
and suddenly write virtualization layers without security holes.
You've seen something on the shelf, and it has all sorts of pretty
colours, and you've bought it.
That's all x86 virtualization is.
So there's been a lot of talk about Meltdown and PTI, but 32-bit users have been implicitly left out in the cold it seems (PTI is x64-only). Based on some testing here with a modified POC (and helpful assist from @_minipli) it seems grsecurity w/ KERNEXEC/UDEREF stops it on i386
— grsecurity (@grsecurity) January 5, 2018
squalyl (./1098) :Non car il n'utilisent pas la techno qui pose problème:
ils sont affectés.