Keyboard shortcuts are available for common actions and site navigation.
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Having trouble keeping all the CPU vulns that dropped today straight? Understandable. There's a lot. This is going to be a thread.
Multiple teams of security researchers around the world independently discovered these vulns and have been loosely coordinating to work on these disclosures together. This process was quite long; it took over a year. Four different whitepapers dropped today.
https://mdsattacks.com goes over two attacks: RIDL and Fallout. These attacks exploit Microarchitectural Data Sampling (MDS) side channel vulnerabilities in Intel CPUs. RIDL paper here: https://mdsattacks.com/files/ridl.pdf Fallout paper here: https://mdsattacks.com/files/fallout.pdf …
The http://mdsattacks.com site also contains a FAQ, videos of exploit demos, a really cool interactive guide to speculative execution attacks (seriously, go play with it) and handy tools to check if your system is vulnerable (links in next tweet).
Verify whether your system is vulnerable to the new MDS CPU attacks with these tools from the RIDL team! Windows: https://mdsattacks.com/files/mdstool-win.zip … Linux: https://mdsattacks.com/files/mdstool-linux.zip … GitHub:https://github.com/vusec/ridl
Also dropped today from TU Graz was #ZombieLoad. ZombieLoad uncovers a novel Meltdown-type effect in previously unexplored fill-buffer logic. https://zombieload.com is dedicated to this vuln, w/ FAQ. Paper here: https://zombieloadattack.com/zombieload.pdf Exploit POC here:https://github.com/IAIK/ZombieLoad
#ZombieLoad is no joke. It has multiple practical attack scenarios across CPU privilege rings, OS processes, VMs, and SGX enclaves. Disabling hyperthreading is the only possible workaround to prevent this extremely powerful attack on current processors.
https://cpu.fail contains links to the other CPU vulns, and one more whitepaper, which isn't anywhere else. This paper on store-to-leak forwarding shows that Meltdown-style attacks can still work on recent CPUs that aren't vulnerable to Meltdown. https://cpu.fail/store-to-leak.pdf …
These attacks affect all modern Intel CPUs in servers, desktops and laptops, including the latest 9th-gen processors that contain Meltdown mitigations. 9th-gen CPUs are actually more vulnerable to some of these attacks than older-gen hardware. AMD and ARM CPUs are not affected.
Blog post from Red Hat with technical detail on MDS vulns (with long deep-dive video): https://www.redhat.com/en/blog/understanding-mds-vulnerability-what-it-why-it-works-and-how-mitigate-it … Blog post with technical detail on #ZombieLoad: https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html … Intel advisory:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html …
Red Hat advisory on new CPU vulnerabilities, with CVE numbers CVE-2018-12130 CVE-2018-12126 CVE-2018-12127 CVE-2019-11091https://access.redhat.com/security/vulnerabilities/mds …
Haha, no haiku when shit hits the fan? 
Technical detail is hard to write in haiku Sorry not sorry
When the form obstructs It is time to move freely Form follows function
"Speculative execution" alone is too many syllables to fit in a haiku 
CVEs abound Speculative execution Off-by-one errors
Hardest problem in computer science, and also haiku poetry
Is AMD actually better, or just less researched? Almost seems like you just can't have speculative execution.
There are architectural decisions specific to Intel that make their CPUs vulnerable to a lot of Meltdown-style attacks like these, but AMD isn't immune to speculative execution attacks such as Spectre.
Seems like a sizable portion of Intel's performance edge over AMD was based on leveraging insecure features.
The fact that AMD marketing does not "milk" these advantages suggests that AMDs security was more of a side effect of their design choices rather than an explicit goal.
Or, they're just good people who find publically ridiculing your competition on security vulnerabilities unconscionably bad behaviour that can only invite trouble
Big corporations are never good people. At best careful to not paint a target on their back, at worst knowingly withholding vulnerabilities.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
