1. Meltdown-Spectre
Contents
読んでみよう、解説記事: https://medium.com/@mattklein123/meltdown-spectre-explained-6bc8634cc0c2 /explained
Triple Meltdown: https://www.wired.com/story/meltdown-spectre-bug-collision-intel-chip-flaw-discovery/
twitter moment: https://twitter.com/i/moments/948712363108139008?lang=ja
https://twitter.com/laurilove/status/948684955835621377
1.1. 公開の始まり
Papers are out:
Spectre - https://spectreattack.com/spectre.pdf
Meltdown - https://meltdownattack.com/meltdown.pdf /Meltdown
Project Zero Reading privileged memory with a side-channel https://googleprojectzero.blogspot.jp/2018/01/reading-privileged-memory-with-side.html
Negative Result: Reading Kernel Memory From User Mode /kernel-memory
Project Zeroとは独立して、発見したのではないか。これを読んで、感動した。-- ToshinoriMaeno 2018-01-11 03:42:54
Prefetch side-channel attacks: Bypassing SMAP and kernel ASLR https://scholar.google.com/citations?user=8bhMX4YAAAAJ&hl=en
1.2. JPCERT
https://jvn.jp/vu/JVNVU93823979/index.html
1.3. 対策
手元のUbuntu 16.04LTSのLinux kernelは4.4.0-109になった。(KPTIが入っているらしい。) -- ToshinoriMaeno 2018-01-11 02:40:44
Retpoline: a software construct for preventing branch-target-injection Author: Paul Turner, Senior Staff Engineer, Technical Infrastructure
https://support.google.com/faqs/answer/7625886
1.4. 解説記事
Intel on the chip exploit putting billions of devices at risk https://www.wandera.com/blog/intel-chip-exploit/?platform=hootsuite
https://twitter.com/securelyfitz/status/949004862968143873
https://ds9a.nl/articles/posts/spectre-meltdown/
Spectre & Meltdown: tapping into the CPU's subconscious thoughts Posted on 2018, Jan 06
Meltdown and Spectre: clearing up the confusion 2018-01-08 14:01:17 https://isc.sans.edu/diary/23197
日本語の解説がでてきた: http://milestone-of-se.nesuke.com/nw-advanced/nw-security/meltdown-spectre/
投機的実行に関する脆弱性「Meltdown」と「Spectre」について解説 http://blog.trendmicro.co.jp/archives/16735
1.5. POC
Multiple CPUs - 'Spectre' Information Disclosure
SpectrePoC https://github.com/crozone/SpectrePoC
https://github.com/mniip/spectre-meltdown-poc
- 手元のubuntu 16.04LTSでは動作しなかった。makeでwarningも出ている。
https://github.com/gkaindl/meltdown-poc
- This will only work on Intel "Haswell" and later, since it uses the TSX extensions to mitigate the processor trap.
https://github.com/paboldin/meltdown-exploit /POC3
Am I affected by Meltdown?! Meltdown (CVE-2017-5754) checker https://github.com/raphaelsc/Am-I-affected-by-Meltdown
https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/
https://www.renditioninfosec.com/files/Rendition_Infosec_Meltdown_and_Spectre.pdf
ると tweet /ると https://twitter.com/cocoa_ruto/status/949646083956793344
https://twitter.com/USCERT_gov/status/948758403089772544
Meltdown and Spectre Side-Channel Vulnerabilities http://bit.ly/2CQaZ8l
https://dev.classmethod.jp/security/processor-vulnerability-meltdown-spectre/
- プロセッサの脆弱性「Meltdown」と「Spectre」についてまとめてみた
Project Zero Reading privileged memory with a side-channel https://googleprojectzero.blogspot.jp/2018/01/reading-privileged-memory-with-side.html
Intel Issues Updates to Protect Systems from Security Exploits https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/
https://www.mozilla.org/en-US/firefox/57.0.4/releasenotes/
1.6. その他
http://d.hatena.ne.jp/Kango/20180104/1515094046