Slashdot Mirror

← Back to Domains

Domain: spectreattack.com

Stories and comments across the archive that link to spectreattack.com.

Comments · 94

  1. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: 0 · on Microsoft Resumes Rollout of Windows 10 Version 1809, Promises Quality Changes (zdnet.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    *** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://games.slashdot.org/com...

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    These PUSSY bullshit artists aren't bullies - they're worse - they're pussy ass PUNKS & talkers (all talk "ne'er-do-well" DO-NOTHINGS).

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  2. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: -1 · on Waymo To Start First Driverless Car Service Next Month (bloomberg.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    *** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://games.slashdot.org/com...

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    These PUSSY bullshit artists aren't bullies - they're worse - they're pussy ass PUNKS & talkers (all talk "ne'er-do-well" DO-NOTHINGS).

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  3. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: -1 · on Waymo To Start First Driverless Car Service Next Month (bloomberg.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    *** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://games.slashdot.org/com...

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    These PUSSY bullshit artists aren't bullies - they're worse - they're pussy ass PUNKS & talkers (all talk "ne'er-do-well" DO-NOTHINGS).

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  4. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: 0 · on Hitman 2's Denuvo DRM Cracked Days Before the Game's Release (arstechnica.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    *** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://games.slashdot.org/com...

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    These PUSSY bullshit artists aren't bullies - they're worse - they're pussy ass PUNKS & talkers (all talk "ne'er-do-well" DO-NOTHINGS).

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  5. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: -1 · on Google Is Absorbing DeepMind's Health Care Unit To Create An 'AI Assistant For Nurses and Doctors'

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    *** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://games.slashdot.org/com...

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    These PUSSY bullshit artists aren't bullies - they're worse - they're pussy ass PUNKS & talkers (all talk "ne'er-do-well" DO-NOTHINGS).

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  6. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: 0 · on Nasty Adobe Bug Deleted $250,000 Worth of Man's Files, Lawsuit Claims (gizmodo.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    *** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://games.slashdot.org/com...

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    These PUSSY bullshit artists aren't bullies - they're worse - they're pussy ass PUNKS & talkers (all talk "ne'er-do-well" DO-NOTHINGS).

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  7. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: 0 · on Nigerian Firm Takes Blame For Routing Google Traffic Through China (reuters.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    *** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://games.slashdot.org/com...

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    These PUSSY bullshit artists aren't bullies - they're worse - they're pussy ass PUNKS & talkers (all talk "ne'er-do-well" DO-NOTHINGS).

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  8. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: -1 · on Nasty Adobe Bug Deleted $250,000 Worth of Man's Files, Lawsuit Claims (gizmodo.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    *** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://games.slashdot.org/com...

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    These PUSSY bullshit artists aren't bullies - they're worse - they're pussy ass PUNKS & talkers (all talk "ne'er-do-well" DO-NOTHINGS).

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  9. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: 0 · on Facebook Patches Vulnerability That Could Have Exposed User Data (theverge.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    *** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://games.slashdot.org/com...

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    These PUSSY bullshit artists aren't bullies - they're worse - they're pussy ass PUNKS & talkers (all talk "ne'er-do-well" DO-NOTHINGS).

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  10. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: -1 · on Couple Who Ran ROM Site To Pay Nintendo $12 Million (vice.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    *** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://it.slashdot.org/commen...

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    These PUSSY bullshit artists aren't bullies - they're worse - they're pussy ass PUNKS & talkers (all talk "ne'er-do-well" DO-NOTHINGS).

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  11. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: -1 · on Hitman 2's Denuvo DRM Cracked Days Before the Game's Release (arstechnica.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    *** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://it.slashdot.org/commen...

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  12. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: 0 · on How Nature Defies Math in Keeping Ecosystems Stable (quantamagazine.org)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    *** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://it.slashdot.org/commen...

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  13. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: -1 · on Hitman 2's Denuvo DRM Cracked Days Before the Game's Release (arstechnica.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    *** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://it.slashdot.org/commen...

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  14. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: 0 · on The British Army is Carrying Out a Massive Test of Military Robots and Drones (technologyreview.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    *** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://it.slashdot.org/commen...

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  15. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: -1 · on The British Army is Carrying Out a Massive Test of Military Robots and Drones (technologyreview.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    *** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://it.slashdot.org/commen...

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  16. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: -1 · on Hitman 2's Denuvo DRM Cracked Days Before the Game's Release (arstechnica.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://it.slashdot.org/commen...

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  17. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: -1 · on Microsoft Resumes Rollout of Windows 10 Version 1809, Promises Quality Changes (zdnet.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  18. Intel issues: U may be right/no portfilter by Anonymous Coward · · Score: -1 · on Microsoft Resumes Rollout of Windows 10 Version 1809, Promises Quality Changes (zdnet.com)

    Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/...

    U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme...

    APK

    P.S.=> HOWEVER: You MAY also be RIGHT on Spectre/Meltdown being PREVENTABLE via hosts blocking downloaded software (script or exe) but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics! apk

  19. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: -1 · on Intel Launches New Core i9-9980XE 18-Core CPU With 4.5GHz Boost Clock (hothardware.com)

    You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).

    (Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )

    LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...

    Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...

    APK

    P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  20. You may be RIGHT on Intel CPU issues by Anonymous Coward · · Score: -1 · on Intel Launches New Core i9-9980XE 18-Core CPU With 4.5GHz Boost Clock (hothardware.com)

    Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/...

    U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme...

    APK

    P.S.=> HOWEVER: You MAY also be RIGHT on Spectre/Meltdown being PREVENTABLE via hosts blocking downloaded software (script or exe) but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics! apk

  21. Intel issues: U may be right/no portfilter by Anonymous Coward · · Score: -1 · on WannaCry is Still Dominating Ransomware (axios.com)

    Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/...

    * HOWEVER: You MAY also be RIGHT on Spectre/Meltdown being PREVENTABLE via hosts blocking downloaded software (script or exe) but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics! apk

    P.S.=> U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

  22. On SPECULATIVE EXECUTION (you may be right) by Anonymous Coward · · Score: -1 · on Intel Launches New Core i9-9980XE 18-Core CPU With 4.5GHz Boost Clock (hothardware.com)

    Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/...

    APK

    P.S.=> HOWEVER: You MAY also be RIGHT on Spectre/Meltdown being PREVENTABLE via hosts blocking downloaded software (script or exe) per your statement in that last link above also (thanks but NOT TOTALLY SURE here vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics! apk

  23. On SPECULATIVE EXECUTION (you may be right) by Anonymous Coward · · Score: -1 · on Apple iPhone X, Samsung Galaxy S9 and Xiaomi Mi 6 Smartphones Hacked At Pwn2Own Tokyo (securityweek.com)

    Hosts can stop portsmash (blocking downloads of it) https://it.slashdot.org/commen... not Spectre/Meltdown AFAIK - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk

    HOWEVER: In your "impersonations" trying to make me "look bad" or a liar (like your kind is)? Hope you're RIGHT (considering I'm only sure hosts stop portsmash vs. Spectre/Meltdown) https://tech.slashdot.org/comm...

    APK

    P.S.=> ADDITIONALLY: You MAY also be RIGHT on Spectre/Meltdown being PREVENTABLE via hosts blocking downloaded software (script or exe) per your statement in that last link above also (thanks but NOT TOTALLY SURE here vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics... apk

  24. Re:Baby out with the bathwater by Cajun+Hell · · Score: 2 · on Meltdown and Spectre Patches Bricking Ubuntu 16.04 Computers (bleepingcomputer.com)

    Javascript can't do that is an interpreted language and checks array bounds, if javascript could do this, with or without these bugs it would be a security flaw in itself.
    ...
    Javascript is not C or machine code.

    This is common sense and it's what I used to believe too. I totally don't fault you for thinking that.

    Now I direct you to section 4.3 of the Spectre paper. You need to read it. This isn't about "you're wrong," it's about "here's something very interesting."

    And if you're anything like me, you will be stunned by Listing 3, where it shows the incredible job Chrome did, to compile Javascript to machine code. I had no idea.

  25. Re:Freedom demands Open Hardware also by Anonymous Coward · · Score: 0 · on OpenBSD's De Raadt Pans 'Incredibly Bad' Disclsoure of Intel CPU Bug (itwire.com)

    Some ARM processors are too. Have you read anything on the matter Mr Score5Informative?
     

    According to ARM, some of their processors are also affected.

  26. Re:How does Javascript make illegal mem references by Anonymous Coward · · Score: 0 · on Google Says Almost All CPUs Since 1995 Vulnerable To 'Meltdown' And 'Spectre' Flaws (bleepingcomputer.com)

    Javascript doesn't have pointers.

    Yeh it does. Arrays are pointers. :) If you reference an array element, you are effectively doing array_base_address + size_of_array_element * desired_index. Yeah, sure the JIT compiler inserts a range check making sure desired index is within range and that would be enough security.. traditionally... but if you've poisoned the CPU's branch predictor cache and allowed your memory access code to speculatively execute...

    Have a read. Good luck, I don't quite understand it myself.

    Spectre is really about poisoning the branch predictor. It's a big deal; but I think only allows access to memory that the process would otherwise have access to. (Unlike Meltdown).

  27. Re:Can't get Meltdown/Spectre JS exploit to work by GameboyRMH · · Score: 1 · on When F00F Bug Hit 20 Years Ago, Intel Reacted the Same Way (itwire.com)

    This explains how the source works:

    https://spectreattack.com/spec...

    Apparently it was only intended to work on Chrome. If it works, it should output a small memory dump.

  28. Re:It isn't his decision by 110010001000 · · Score: 5, Informative · on Nope, No Intel Chip Recall After Spectre and Meltdown, CEO Says (cnet.com)

    FROM THE PEOPLE WHO ACTUALLY FOUND THE FLAW:

    https://spectreattack.com/

    Which systems are affected by Meltdown?
    Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors.

    Really, are you that ill-informed?

  29. Re:We're not being cynical enough about this by tsqr · · Score: 1 · on When F00F Bug Hit 20 Years Ago, Intel Reacted the Same Way (itwire.com)

    That's Spectre, not Meltdown. Meltdown is far more egregious, and carries the huge performance penalty.

    If you say so. I'm no expert on this stuff. The writeup on Hacker News certainly makes Spectre appear to be serious and difficult to mitigate:

    The second problem, Spectre (paper), is not easy to patch and will haunt people for quite some time since this issue requires changes to processor architecture in order to fully mitigate.

    Spectre attack breaks the isolation between different applications, allowing the attacker-controlled program to trick error-free programs into leaking their secrets by forcing them into accessing arbitrary portions of its memory, which can then be read through a side channel.

    Spectre attacks can be used to leak information from the kernel to user programs, as well as from virtualization hypervisors to guest systems.

    “In addition to violating process isolation boundaries using native code, Spectre attacks can also be used to violate browser sandboxing, by mounting them via portable JavaScript code. We wrote a JavaScript program that successfully reads data from the address space of the browser process running it.” the paper explains.

    “KAISER patch, which has been widely applied as a mitigation to the Meltdown attack, does not protect against Spectre.”

    The paper they reference is an interesting read (particularly section 8, "Conclusions and Future Work"), available as PDF here.

  30. Looks like "drive by attacks" ARE possible by Sloppy · · Score: 2 · on Google Says Almost All CPUs Since 1995 Vulnerable To 'Meltdown' And 'Spectre' Flaws (bleepingcomputer.com)

    (BTW, thanks to the people who suggested I read the Spectre paper.)

    I haven't seen anything that would make me think that a drive by attack through a web browser could actually be performed.

    One of the things that makes Spectre so interesting, is that we're wrong!

    Long story short, is that though Javascript doesn't have pointers, it can have an array of bytes. And the compilers are amazing and apparently do a really great job of turning the Javascript into machine language.

    So the Javascript basically asks for somearray[i], where i is totally out of bounds but nevertheless does correspond to some memory location that would be used, if we weren't checking array bounds. Of course, array bounds are checked, but by the time they're checked, the conditional execution has already read and used somearray[i] to touch something else. Though somearray[i] is never directly exposed, its value can be later inferred by checking to see what memory page got loaded into the cache.

    Fuck. Now I see why everyone is freaking out.

    If I were in charge of the Internet (heh) I'd say let's just remove all of Javascript's ability to interface with the clock, so that you can't ever figure out what was in cache vs what wasn't. No, let's not kid ourselves: my imperial directive as God of the Internet would be that web browsers should no longer ever execute any code of any kind from web pages. (Gee, I could have told myself that 20 years ago, and I probably did but I eventually had to come to accept that Javascript on the web ain't going away, no matter how much we all hate it.) You just can't sandbox things good enough.

    Oh, fuckfuckfuck.

  31. Concise Summary Of The Flaw by Anonymous Coward · · Score: 5, Informative · on By Next Week, Intel Expects To Issue Updates To More Than 90% of Processor Products Introduced Within Past Five Years (intel.com)

    The flaw is concisely explained in this article.

    https://spectreattack.com/spectre.pdf

    In particular, it says the following.

    Here is an example of exploitable code:

                if (x < array1_size)

                          y = array2[array1[x] * 256];

    In this example, the variable x contains attacker-
    controlled data. The if statement compiles to a branch
    instruction, whose purpose is to verify that the value
    of x is within a legal range, ensuring that the access to
    array1 is valid.

    For the exploit, the attacker first invokes the relevant
    code with valid inputs, training the branch predictor to
    expect that the if will be true. The attacker then invokes
    the code with a value of x outside the bounds of array1
    and with array1_size uncached. The CPU guesses
    that the bounds check will be true, [then] speculatively exe-
    cutes the read from array2[array1[x] * 256] using
    the malicious x. The read from array2 loads data into
    the cache at an address that is dependent on array1[x]
    using the malicious x. The change in the cache state is
    not reverted when the processor realizes that the specu-
    lative execution was erroneous, and can be detected by
    the adversary to find a byte of the victim's memory. By
    repeating with different values of x, this construct can be
    exploited to read the victim's memory.

  32. Re:How does Javascript make illegal mem references by sl3xd · · Score: 1 · on Google Says Almost All CPUs Since 1995 Vulnerable To 'Meltdown' And 'Spectre' Flaws (bleepingcomputer.com)

    In any case all these bugs seem fairly theoretically and very difficult to be actually exploited.

    The Spectre paper documents a proof of concept in five lines of JavaScript code that works on Google's V8 JavaScript engine (ie. Google Chrome).

    That doesn't appear to be merely theoretical.

  33. Re:Almost All processors by sl3xd · · Score: 5, Informative · on Google Says Almost All CPUs Since 1995 Vulnerable To 'Meltdown' And 'Spectre' Flaws (bleepingcomputer.com)

    Frankly, this whole hoopla about Spectre seems like a well orchestrated deflection stunt by Intel PR operations.

    I'd caution against a false sense of security, based on one's choice of processor for your personal desktop.

    There's no disagreement that "Meltdown" is the greater problem, and affects pretty much any Intel chip still functioning. It's important to remember that it's virtually guaranteed that connect to many servers that uses an affected processor every day. Those of us who maintain cloud infrastructures are particularly unhappy with the situation.

    The fact that Meltdown is worse shouldn't distract from the fact that Spectre is bad.

    The paper on Spectre is written by a number of people working for a number of organizations, but Intel isn't one of them. It has the following statement:

    We have also verified the attack’s applicability to AMD Ryzen CPUs. Finally, we have also successfully mounted Spectre attacks on several Samsung and Qualcomm processors (which use an ARM architecture) found in popular mobile phones

    They go on to state they've verified the weakness on x86 using C and JavaScript (+ Google V8 JIT) bytecode.

    Much like JavaScript cryptocurrency mining , the fact that something is hard doesn't mean it's not worth doing to those interested, and having browser-based JavaScript exposing data isn't a good thing.

    Meltdown can be fixed fairly easily (AMD certainly shows it's possible to avoid the problem). Spectre, however, will be with us for a long time.

  34. Re:Better link and description than story by blind+biker · · Score: 1 · on Google Says Almost All CPUs Since 1995 Vulnerable To 'Meltdown' And 'Spectre' Flaws (bleepingcomputer.com)

    >> Just read the linked research paper.

    Which is why I provided that URL. None of the clickbait articles had links to the research paperS (plural, MF'er).

    So...you're welcome newbie. Now GTFO my lawn.

    I used singular, because the topic was Spectre, so I only referenced the Spectre paper.

    And "newbie"? Who uses that, anymore? I remember it being quite the term, circa 1998.

  35. Re:Not just Intel, also AMD and ARM by lastman71 · · Score: 1 · on Intel Responds To Alleged Chip Flaw, Claims Effects Won't Significantly Impact Average Users (hothardware.com)

    The point is that there are actually two different flaw:

    - meltdown
    - spectre

    The first one, make possible to read kernel memory, from a normal process. And it works only on Intel.

    The second one is more subtle. You can read the memory of the process, without actually accessing it. It seems quite innocuos, doesn't it? But think about this: what if we use this trick, running a javascript, for reading all the memory of the browser? Can we read the password saved in the browser? Yes we can.

    And this affects any cpu with "out of order execution" (almost any modern cpu).

    More details here: https://spectreattack.com./

  36. Re:They did not test AMD or ARM by neo00 · · Score: 2 · on Google Says Almost All CPUs Since 1995 Vulnerable To 'Meltdown' And 'Spectre' Flaws (bleepingcomputer.com)
    Meltdown only impacts Intel processors. Meltdown can be thought to be a special case of Spectre that exploits an Intel-specific flaw that makes it simpler to execute the exploit.

    Spectre, which is more of a generalized class of attacks, but more difficult to implement, impacts Intel, AMD, and ARM as per the original spectre paper. https://spectreattack.com/spec..., from which I quote:

    Hardware. We have empirically verified the vulnerability of several Intel processors to Spectre attacks, including Ivy Bridge, Haswell and Skylake based processors. We have also verified the attack’s applicability to AMD Ryzen CPUs. Finally, we have also successfully mounted Spectre attacks on several Samsung and Qualcomm processors (which use an ARM architecture) found in popular mobile phones.

    and

    Unlike Meltdown, the Spectre attack works on non-Intel processors, including AMD and ARM processors. Furthermore, the KAISER patch [19], which has been widely applied as a mitigation to the Meltdown attack, does not protect against Spectre.

    References:
    Spectre https://spectreattack.com/spec...
    Meltdown https://meltdownattack.com/mel...

  37. Re:They did not test AMD or ARM by neo00 · · Score: 2 · on Google Says Almost All CPUs Since 1995 Vulnerable To 'Meltdown' And 'Spectre' Flaws (bleepingcomputer.com)
    Meltdown only impacts Intel processors. Meltdown can be thought to be a special case of Spectre that exploits an Intel-specific flaw that makes it simpler to execute the exploit.

    Spectre, which is more of a generalized class of attacks, but more difficult to implement, impacts Intel, AMD, and ARM as per the original spectre paper. https://spectreattack.com/spec..., from which I quote:

    Hardware. We have empirically verified the vulnerability of several Intel processors to Spectre attacks, including Ivy Bridge, Haswell and Skylake based processors. We have also verified the attack’s applicability to AMD Ryzen CPUs. Finally, we have also successfully mounted Spectre attacks on several Samsung and Qualcomm processors (which use an ARM architecture) found in popular mobile phones.

    and

    Unlike Meltdown, the Spectre attack works on non-Intel processors, including AMD and ARM processors. Furthermore, the KAISER patch [19], which has been widely applied as a mitigation to the Meltdown attack, does not protect against Spectre.

    References:
    Spectre https://spectreattack.com/spec...
    Meltdown https://meltdownattack.com/mel...

  38. Intel Atoms by DrYak · · Score: 1 · on Google's Project Zero Team Discovered Critical CPU Flaw Last Year (techcrunch.com)

    If I'm reading this correctly, older Intel Atoms are safe because they are in-order CPUs ( https://spectreattack.com/#faq). I still have an Atom from 2010, and it's already slow enough so I'd rather leave it without KPTI. Of course, my important servers are all AMD.

    ...and same for Xeon Phi.
    (Which are basically the same kind of in order approach like Atoms, but linked together with a ginormous SIMD unit - the AVX512 - some kind of ultra-SSE/AVX on steroids that border onto GPU territory. That shouldn't be a surprise, as Xeon Phi are basically what Intel salvaged out of their failed Larrabee GPU experiments).

    According to the Wikipedia article about Atom architecture, there's only one single micro-ops ever in flight from a given process (though they DO hyperthreading and might fill unused slot with micro-ops coming from a different thread), and don't do any speculative execution at all :
    At no time can you reach a situation were some check (e.g.: a software "rust-style" boundary check, like in the bug also affecting AMD too, or the MMU enforcing memory protection as the bug affecting Intels only) hasn't completed yet, but the invalid read has already started entering the pipeline.

    You cannot leak stuff using speculative execution on a CPU that lacks any form of speculative execution, indeed.

    (So if the rushed correction enables kpti on your setup, you can safely disable it by giving "nokpti" to it).

  39. Re:In all seriousness.... by TeknoHog · · Score: 1 · on Google's Project Zero Team Discovered Critical CPU Flaw Last Year (techcrunch.com)

    - old, in-order, non-pipelined CPU like the 6502 in your good old trusted C64 don't do speculative execution and thus aren't affected specifically by such exploits.

    If I'm reading this correctly, older Intel Atoms are safe because they are in-order CPUs ( https://spectreattack.com/#faq). I still have an Atom from 2010, and it's already slow enough so I'd rather leave it without KPTI. Of course, my important servers are all AMD.

  40. Re:Press the panic button by geekpowa · · Score: 1 · on Intel Responds To Alleged Chip Flaw, Claims Effects Won't Significantly Impact Average Users (hothardware.com)

    I don't believe this is correct.

    The Specter attack doesn't let bad code map memory from other processes. It merely allows bad code to explore memory with the process it runs in. i.e. dodgy javascript mapping entire memory layout of the browser it is running in but strictly within the bounds of the same process. Still a pretty power attack

  41. Re:"[Cannot]...corrupt, modify, or delete data"?? by silverdirk · · Score: 2 · on Intel Responds To Alleged Chip Flaw, Claims Effects Won't Significantly Impact Average Users (hothardware.com)

    I like this summary, so I'll elaborate a bit for those who don't want to read the paper.

    There are two attacks, being released together. Meltdown attacks Intel kernel memory, and Spectre attacks any peer userspace process. Meltdown (attack on kernel memory) only works on certain Intel designs. Specter works on any architecture that performs out-of-order execution of instructions and leaves junk behind in the cache even after the results of the instructions that shouldn't have been executed are wiped and where the cache is shared by multiple processes. Basically, any modern high-speed processor.

    The first one can be mitigated by not leaving any kernel pages mapped at all. The second one ... sounds like they're suggesting to just look for all the known patterns of instructions in your binaries and modify the source code to avoid that pattern. And keep doing that each time a new pattern is discovered.

    Both attacks work by checking "did a specific address end up in processor cache". The usual way to test this is by clearing the cache, performing the attack, and then seeing which memory accesses are fast and which are slow. For both, the attacker needs to be able to precisely time memory reads. For Spectre, the attacker also needs to know the machine code of the target (to find specific instruction sequences which it can attack), and be able to communicate with the target (to provide them with crafted inputs)

    While the requirements for Spectre sound like a high bar, the authors of the paper were able to demonstrate it by tweaking some javascript and looking at the machine code it generates in Chrome's JIT compiler, then having the javascript attack the host browser. This allowed the javascript to read the entire memory of the browser. It doesn't say they were able to attack things like SSH agent cached keys, but once they know everything in the browser's password cache they can work their way outward.

    A multi-user host would be the most vilnerable to Spectre.

  42. Re:Can we pause the Panic Parade, please? by Kiwikwi · · Score: 1 · on Intel Responds To Alleged Chip Flaw, Claims Effects Won't Significantly Impact Average Users (hothardware.com)

    Guess again. Spectre paper confirms that any webpage can read browser process memory from JavaScript. On AMD CPUs too.

  43. Re:Many different vendors??? by Anonymous Coward · · Score: 1, Informative · on Intel Responds To Alleged Chip Flaw, Claims Effects Won't Significantly Impact Average Users (hothardware.com)

    Turns out AMD CPUs are affected too. See https://spectreattack.com/ for details

  44. Some info by Artem+S.+Tashkinov · · Score: 1, Troll · on Intel Responds To Alleged Chip Flaw, Claims Effects Won't Significantly Impact Average Users (hothardware.com)

    Enough with speculation. All the details have just been revealed:

    Source: Reading privileged memory with a side-channel

    Website: Meltdown and Spectre

    AMD CPUs are susceptible to one of the attacks.