= Meltdown-Spectre = <> 読んでみよう、解説記事: https://medium.com/@mattklein123/meltdown-spectre-explained-6bc8634cc0c2 [[/explained]] ---- https://meltdownattack.com/ Triple Meltdown: https://www.wired.com/story/meltdown-spectre-bug-collision-intel-chip-flaw-discovery/ twitter moment: https://twitter.com/i/moments/948712363108139008?lang=ja https://twitter.com/laurilove/status/948684955835621377 == 公開の始まり == Papers are out: . Spectre - https://spectreattack.com/spectre.pdf . Meltdown - https://meltdownattack.com/meltdown.pdf [[/Meltdown]] Project Zero Reading privileged memory with a side-channel https://googleprojectzero.blogspot.jp/2018/01/reading-privileged-memory-with-side.html Negative Result: Reading Kernel Memory From User Mode [[/kernel-memory]]  Project Zeroとは独立して、発見したのではないか。これを読んで、感動した。-- ToshinoriMaeno <> Prefetch side-channel attacks: Bypassing SMAP and kernel ASLR https://scholar.google.com/citations?user=8bhMX4YAAAAJ&hl=en == JPCERT == https://jvn.jp/vu/JVNVU93823979/index.html == 対策 == 手元のUbuntu 16.04LTSのLinux kernelは4.4.0-109になった。(KPTIが入っているらしい。) -- ToshinoriMaeno <> Retpoline: a software construct for preventing branch-target-injection Author: Paul Turner, Senior Staff Engineer, Technical Infrastructure https://support.google.com/faqs/answer/7625886 == 解説記事 == Intel on the chip exploit putting billions of devices at risk https://www.wandera.com/blog/intel-chip-exploit/?platform=hootsuite https://twitter.com/securelyfitz/status/949004862968143873 https://ds9a.nl/articles/posts/spectre-meltdown/ Spectre & Meltdown: tapping into the CPU's subconscious thoughts Posted on 2018, Jan 06 Meltdown and Spectre: clearing up the confusion  2018-01-08 14:01:17 https://isc.sans.edu/diary/23197 日本語の解説がでてきた: http://milestone-of-se.nesuke.com/nw-advanced/nw-security/meltdown-spectre/ 投機的実行に関する脆弱性「Meltdown」と「Spectre」について解説 http://blog.trendmicro.co.jp/archives/16735 [[/基礎知識]] == POC == [[/ubuntu16.04LTS]] Multiple CPUs - 'Spectre' Information Disclosure https://www.exploit-db.com/exploits/43427/ SpectrePoC https://github.com/crozone/SpectrePoC https://github.com/mniip/spectre-meltdown-poc 手元のubuntu 16.04LTSでは動作しなかった。makeでwarningも出ている。 https://github.com/gkaindl/meltdown-poc This will only work on Intel "Haswell" and later, since it uses the TSX extensions to mitigate the processor trap. https://github.com/paboldin/meltdown-exploit [[/POC3]] Am I affected by Meltdown?! Meltdown (CVE-2017-5754) checker https://github.com/raphaelsc/Am-I-affected-by-Meltdown ---- https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/ https://www.renditioninfosec.com/files/Rendition_Infosec_Meltdown_and_Spectre.pdf ---- ると tweet [[/ると]] https://twitter.com/cocoa_ruto/status/949646083956793344 https://twitter.com/USCERT_gov/status/948758403089772544 Meltdown and Spectre Side-Channel Vulnerabilities http://bit.ly/2CQaZ8l https://www.us-cert.gov/ncas/current-activity/2018/01/03/Meltdown-and-Spectre-Side-Channel-Vulnerabilities https://dev.classmethod.jp/security/processor-vulnerability-meltdown-spectre/ プロセッサの脆弱性「Meltdown」と「Spectre」についてまとめてみた Project Zero Reading privileged memory with a side-channel https://googleprojectzero.blogspot.jp/2018/01/reading-privileged-memory-with-side.html ---- Intel Issues Updates to Protect Systems from Security Exploits https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/ https://www.mozilla.org/en-US/firefox/57.0.4/releasenotes/ [[/TSX]] == その他 == http://d.hatena.ne.jp/Kango/20180104/1515094046 == Skylake 資料 == https://news.mynavi.jp/article/20150826-s_skylake02/menu