 |
Post AvlTu4bGPOXc5STxWS by [email protected] |
 |
More posts by [email protected] |
|
Post #AvSkxos4pwGTgGTpL6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Ubuntu is now allowing users to disable security mitigations Intel has baked in… |
|
|
|
Post #AvSlpk5Sq8KETrSDpY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin i'm gonna need more coffee.and probably some tylenol. |
|
|
|
Post #AvSlpkCCR5iGokbbKS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@neurovagrant @dangoodin some big questions:- are there even spectre attacks th… |
|
|
|
Post #AvSlpkIw236J9dkypM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @neurovagrant @dangoodin or, “everything is a trade-off.” |
|
|
|
Post #AvSlpkVLHv1dm7YtAO by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@neurovagrant @dangoodin i figure this way:any "exploit" that require… |
|
|
|
Post #AvSs25gwwK5KgbG83M by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin This is really without looking it up: I think Spectre was a multi-pr… |
|
|
|
Post #AvSs25nKYbBn0OFE00 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@astifter As @gsuberland notes, the attack is not strictly relevant only for mu… |
|
|
|
Post #AvStOaJhrBPlzdg2gC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin nobody bothers attacking these vulns because it takes a lot of engin… |
|
|
|
Post #AvStOaRrMrw8OvUYO8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin @gsuberland from the user perspective its risk/reward too, and for e… |
|
|
|
Post #AvStOaYEz92aiiTeKm by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@demize @gsuberland I get your point, but just to clarify: my understanding is … |
|
|
|
Post #AvStOag2W9HN6u7sUS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin for most people it's just not a realistic part of their threat m… |
|
|
|
Post #AvStwoRXqEXXeRfGVM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Thanks for all your comments so far. Can any of you with Ubuntu familiarity tel… |
|
|
|
Post #AvSxyRRgiVoiillPyS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin another question I have is: how many mitigations can be avoided in t… |
|
|
|
Post #AvSxyRYQJTCl3eunTM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@josh I'm pretty sure memory safe code is irrelevant to this class of attac… |
|
|
|
Post #AvSyeidLCdUUBuNEWW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@gsuberland @dangoodin i understand from https://bugs.launchpad.net/ubuntu/+so… |
|
|
|
Post #AvSyeikmkxRgYzrB7w by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@fanf @gsuberland @dangoodin yea, this looks like an obsolete mitigation in a u… |
|
|
|
Post #AvSyqvPLXB5nHieFJA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@tmaher @fanf @gsuberland Interesting. How easy is it to disable Spectre mitiga… |
|
|
|
Post #AvSzgySnQ0HLou54Cm by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@dangoodin @fanf @gsuberland my recollection is it’s doable with kernel boot … |
|
|
|
Post #AvT9pZ4YBqxXDdTViq by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Another question: if Spectre is a vulnerability affecting CPUs, why did Intel c… |
|
|
|
Post #AvTAZu10eoDHUcukZk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@dangoodin Meltdown was CPU-specific. Spectre impacted TONS of "general pu… |
|
|
|
Post #Avdzw1yInKRzmbYXlQ by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin Yes, it is well known that microcode patches provided for CPU based … |
|
|
|
Post #AvlTtXsq31zWcPS1po by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin it's a family of vulnerabilities that generally affect certain o… |
|
|
|
Post #AvlTtY0da2EJ0b6FzU by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@sophieschmieg Interesting. I thought speculative execution was only a thing fo… |
|
|
|
Post #AvlTtYQs0VDIJxNCsa by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin this explains the performance gains observed, as the system can effe… |
|
|
|
Post #AvlTtepCEyEm98nid6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin @sophieschmieg maybe it could be between the two, like speculative e… |
|
|
|
Post #AvlTtuT64u4CfEaIPA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin @sophieschmieg Remember, CPUs and GPUs are tightly linked physically… |
|
|
|
Post #AvlTu4bGPOXc5STxWS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin as far as I know, that is correct |
|
|
|
Post #AvlTuSMC54kNlfcGMi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin very out of my depth here for sure (I am not a systems programmer). … |
|
|
|
Post #AvlTuWRIu1DAQg2Osy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin USB attacks were theoretical until they weren't tooIf we have a … |
|
|
|
Post #AvlTuWYOTesmmfM3w8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@igrok I see your overall point, but when were USB attacks only theoretical? Th… |
|
|
|
Post #AvlTuWf84cGp7YVRR2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin https://infosec.exchange/@dangoodin/110188301817196614 and downthread |
|
|
|
Post #AvlTuWnHaInBWqJx8y by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@igrok Oh, by USB attack, you mean juicejacking, yes? |
|
|
|
Post #AvlTuYSnNRaohskcUK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin sure |
|
|
|
Post #AvlTugbx5Hfdyb62s4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin @demize yeah this seems mostly confined to GPU compute, but it's… |
|
|
|
Post #AvlTvA8vHmH9ZFkHmy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@dangoodin @gsuberland Ah yes. Sorry, should have read up on it again. (Or keep… |
