Bank Holiday: that time when your #amiga gets dusted off and booted up, right?
Author Archives: steve
Sorry if I have unfollowed you. It’s everything …
Sorry if I have unfollowed you. It’s everything personal. 😁
Word up, @WordPress. I have a locked-down WP …
Losing count with the number of times this …
Losing count with the number of times this flakey operating system decides it’s had enough of life. And it’s not like I have work to do or anything. #macOS #badjoke
Shock news: MacOS crashes again.
Random tweet about spam for tweet no. 1701. …
Random tweet about spam for tweet no. 1701. As a #trekkie, I can only hang my head in shame.
Email this morning
Email rcv’d this morning:
Hi, My name is Oksana and i’m writing you to tell you that you are super cute
GREAT! GO ON…
from your photos on Facebook. I myself am from Russia
DAMN! ?
Trying to construct a timeline of #Spectre #Meltdown, …
Trying to construct a timeline of #Spectre #Meltdown, because some things don’t compute. This post will be updated! If you want to add/correct something, please comment.
2017-02-01
The CVE numbers 2017-5715, 2017-5753 and 2017-5754 are assigned to/reserved by Intel. (I guess they asked for being assigned a range).
2017-02-27
Bosman et al publish their findings how ASLR can be abused on cachebased architectures at the NDSS Symposium. [5]
Some time before June, 2017
The two attack vectors, now combined as #Spectre, are independently found by Google’s Project Zero researchers and researchers from the academic world. [1]
2017-06-01
The findings are shared with Intel, AMD and Arm. [1] footnote 1
Some time before 2017-07-28
#Meltdown attack vector is identified and shared with Intel (also AMD, ARM?) (by the same group?) [1] footnote 1
2017-07-28
Anders Fogh publishes his #Meltdown findings (found independently?) called “Negative Result: Reading Kernel Memory From User Mode” [3]
2017-11-09
Intel informs partners and other interested parties under NDA. [2]
2017-11-20
The CRD (Coordinated Release Date) is agreed upon to be 2018-01-09 by many parties involved. [2]
2017-12-13
Apple releases iOS 11.2, MacOS 10.13.2 and TVos 11.2. These update contain fixes for #Spectre but that is not mentioned in the release notes.
2018-01-01
The sweetpython post appears, speculating about what’s behind the Linux kernel patches called PTI [4]
2018-01-02
The Register publishes an article titled “Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign” that puts enough of the information together. [6]
2018-01-03
Bosman posts on Twitter about a working reproducer for #Meltdown [7]
Google breaks the agreed CRD and makes everything public. Amazon, Google, Microsoft declare their respective clouds are patched and safe.
Sources:
[1] https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
[2] https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
[3] https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/
[4] http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table
[5] https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/aslrcache-practical-cache-attacks-mmu/
[6] https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
[7] https://mobile.twitter.com/brainsmoke/status/948561799875502080