Sada je: 29 ožu 2024, 11:50.
Linux, poslužitelj, mreže i sigurnost

Moderator/ica: Moderatori/ce

Esetova lista :

https://www.welivesecurity.com/2018/01/ ... commended/
Avatar
Postovi: 397
Postovi: 397
Pridružen/a: 06 tra 2017, 18:40
Podijelio/la zahvalu: 84 puta
Primio/la zahvalu: 39 puta
Spol: M
OS: Manjaro KDE
https://insights.ubuntu.com/2018/01/24/ ... d-to-know/

Detaljne tehničke informacije o Meltdown i Spectre i utjecaju na različite sustave.
Avatar
Postovi: 2806
Postovi: 2806
Pridružen/a: 23 ruj 2013, 21:19
Podijelio/la zahvalu: 41 puta
Primio/la zahvalu: 177 puta
Spol: M
OS: Ubuntu 18.04 LTS
JH-IM je napisao/la:https://insights.ubuntu.com/2018/01/24/meltdown-spectre-and-ubuntu-what-you-need-to-know/

Detaljne tehničke informacije o Meltdown i Spectre i utjecaju na različite sustave.


Ima i ovo, zanimljiv članak i u elementima lakše uznemirujuć https://sysdig.com/blog/making-sense-of-meltdown/
Es gibt keinen Gott, kein Universum, keine menschliche Rasse, kein irdisches Leben, keinen Himmel, keine Hölle. Es ist alles ein Traum - ein grotesker und dummer Traum. Nichts existiert außer dir. Und du bist nur ein Gedanke - ein vagabundierender Gedanke, ein nutzloser Gedanke, ein heimatloser Gedanke, der verloren in der leeren Ewigkeit wandelt!
Avatar
Moderator
Postovi: 10321
Moderator
Postovi: 10321
Pridružen/a: 07 pro 2007, 18:07
Podijelio/la zahvalu: 181 puta
Primio/la zahvalu: 313 puta
Spol: Y
OS: utuntu 19.10
phoronix.com preporučuje prezentaciju Jon Masters (Red Hat) iz FOSDEM 2018 :

video: https://ftp.heanet.ie/mirrors/fosdem-vi ... ynote.webm
slides: https://fosdem.org/2018/schedule/event/ ... eynote.pdf

Jon Masters On Understanding Spectre & Meltdown CPU Vulnerabilities
https://www.phoronix.com/scan.php?page= ... e-Meltdown

LP b4sh
"The quieter you become, the more you are able to hear...."
Avatar
Postovi: 440
Postovi: 440
Pridružen/a: 04 tra 2012, 21:31
Podijelio/la zahvalu: 11 puta
Primio/la zahvalu: 39 puta
Spol: M
OS: Debian
Specter Mitigations u Microsoftovom C/C++ prevodiocu

Paul Kocher predviđa 60% gubitka brzine kod korištenja LFENCE

https://www.paulkocher.com/doc/Microsof ... ation.html

Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits
Eksperimentirati sa novim scenarijima napada. Zanimljivo je pronaći na dnu "Ažurirano"(Updated). Čini se da je Intel već razvio hardversko rješenje. Međutim, oni ih nazivaju "ublažavanjem"(mitigation), a ne "popraviti"(fix).

https://www.theregister.co.uk/2018/02/1 ... _variants/

Paul Kocher tako hrabro tvrdi da je pronašao ranjivosti u procesorima koji do dan danas nisu iskorišteni od bilo koje strane HaCkOrZ ... ?? pface Pomeni je to sve bullshitt

Info mojih Kernel-a 4.16.0-rc1 i 4.15.3 :

Kod: Označi sve
Spectre and Meltdown mitigation detection tool v0.34

Checking for vulnerabilities on current system
Kernel is Linux 4.16.0-rc1 #1 SMP Wed Feb 14 12:34:01 CET 2018 x86_64
CPU is Intel(R) Core(TM) i5-7600K CPU @ 3.80GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO (model 158 stepping 9 ucode 0x5e)
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec: YES (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: __user pointer sanitization)[/color]

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: NO
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
* Retpoline enabled: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: Full generic retpoline)[/color]

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: PTI)[/color]

A false sense of security is worse than no security at all, see --disclaimer

############

Spectre and Meltdown mitigation detection tool v0.34

Checking for vulnerabilities on current system
Kernel is Linux 4.15.3 #1 SMP Wed Feb 14 14:06:48 CET 2018 x86_64
CPU is Intel(R) Core(TM) i5-7600K CPU @ 3.80GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO (model 158 stepping 9 ucode 0x5e)
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec: YES (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: __user pointer sanitization)
[/color]
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: NO
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
* Retpoline enabled: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: Full generic retpoline)[/color]

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: [color=#FF0000]NOT VULNERABLE (Mitigation: PTI)[/color]

A false sense of security is worse than no security at all, see --disclaimer



LP b4sh :thmb-up


****
Edit by calisto: nabrajanj stavljeno u code radi lakśeg pregleda.
"The quieter you become, the more you are able to hear...."
Avatar
Postovi: 440
Postovi: 440
Pridružen/a: 04 tra 2012, 21:31
Podijelio/la zahvalu: 11 puta
Primio/la zahvalu: 39 puta
Spol: M
OS: Debian
https://advance.hr/vijesti/snazan-cyber ... se-izbore/

Hakirane tisuće Cisco rutera u Iranu i šire.
Tko živi u nadi umire u gov....
Avatar
Postovi: 794
Postovi: 794
Pridružen/a: 20 pro 2015, 15:51
Podijelio/la zahvalu: 162 puta
Primio/la zahvalu: 46 puta
Spol: M
OS: Dual Ubuntu 20.04 i win10
https://www.bug.hr/hakeri/hakeri-nakrat ... 2bInPortal

Ovo je i komično. Hakiran YouTube.
Tko živi u nadi umire u gov....
Avatar
Postovi: 794
Postovi: 794
Pridružen/a: 20 pro 2015, 15:51
Podijelio/la zahvalu: 162 puta
Primio/la zahvalu: 46 puta
Spol: M
OS: Dual Ubuntu 20.04 i win10
Jeremija je napisao/la:https://www.bug.hr/hakeri/hakeri-nakratko-izbrisali-najgledaniji-video-s-youtubea-3722?utm_source=Midas&utm_medium=Widget&utm_campaign=Razmjena%2bInPortal
Ovo je i komično. Hakiran YouTube.

To je hakiran nečiji račun na jutubu a ne sami jutub. Očito ne vode računa kako i gdje spremaju svoje lozinke.
Avatar
Postovi: 1907
Postovi: 1907
Pridružen/a: 16 tra 2011, 08:34
Lokacija: i grupa Film
Podijelio/la zahvalu: 45 puta
Primio/la zahvalu: 342 puta
Spol: M
OS: Mint 10 LXDE itd...
Uncovering the Android patch gap through binary-only patch analysis HITB conference, April 13, 2018
https://conference.hitb.org/hitbsecconf ... alysis.pdf
Es gibt keinen Gott, kein Universum, keine menschliche Rasse, kein irdisches Leben, keinen Himmel, keine Hölle. Es ist alles ein Traum - ein grotesker und dummer Traum. Nichts existiert außer dir. Und du bist nur ein Gedanke - ein vagabundierender Gedanke, ein nutzloser Gedanke, ein heimatloser Gedanke, der verloren in der leeren Ewigkeit wandelt!
Avatar
Moderator
Postovi: 10321
Moderator
Postovi: 10321
Pridružen/a: 07 pro 2007, 18:07
Podijelio/la zahvalu: 181 puta
Primio/la zahvalu: 313 puta
Spol: Y
OS: utuntu 19.10
Kad Apple neće (navodno) dati pristup, idemo drugačije :-D

https://motherboard.vice.com/en_us/arti ... ch-graykey
[+ Prikaži] Klik
ThinkPad T14s Gen. 1
AMD Ryzen 7 PRO 4750U
16 GB DDR4-3200
Samsung SSD 970 EVO Plus 2TB
14" FHD IPS (Innolux N140HCG-GQ2)
WiFi Intel® Wi-Fi® 6 AX200
OS: Debian 6 Cinnamon
Slika: dio kolekcije

***

ZEN
"Charlie. What are you thinking?"
"I'm thinking about what I want and what I need."
"What do you want?"
"I want a peaceful soul."
"And what do you need?"
"I need a bigger gun."
Avatar
Site Admin
Postovi: 11318
Site Admin
Postovi: 11318
Pridružen/a: 01 kol 2012, 12:39
Podijelio/la zahvalu: 655 puta
Primio/la zahvalu: 1005 puta
Spol: M
OS: LinuxMint Cinnamon

Na mreži
Trenutno korisnika/ca: / i 5 gostiju.