[sf-lug] Notification about ZombieLoad Attack vulnerabilities

Bobbie Sellers bliss-sf4ever at dslextreme.com
Wed May 15 13:11:25 PDT 2019 


On 5/15/19 8:44 AM, aaronco36 wrote:
> For those of you who aren't already aware of this, there was posted 
> within the last several days the discovery of more critical 
> vulnerabilities in Intel-based processors *besides* the previous 
> infamous Meltdown, Spectre, and Foreshadow vulnerabilities.
>
>> From the ZombieLoad Attack website [1]:
> ~~~~~~~~~~~~~~~ quoting ~~~~~~~~~~~~~~~~~~~~
> Watch out! Your processor resurrects your private browsing-history and 
> other sensitive data.
>
> After Meltdown, Spectre, and Foreshadow, we discovered more critical 
> vulnerabilities in modern processors. The ZombieLoad attack allows 
> stealing sensitive data and keys while the computer accesses them.
>
> While programs normally only see their own data, a malicious program 
> can exploit the fill buffers to get hold of secrets currently 
> processed by other running programs. These secrets can be user-level 
> secrets, such as browser history, website content, user keys, and 
> passwords, or system-level secrets, such as disk encryption keys.
>
> The attack does not only work on personal computers but can also be 
> exploited in the cloud.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Among other good sources of information about the ZombieLoad Attack 
> currently making the rounds, also see references [2] thru [6].
> SJVN even mentioned yesterday in reference [7] how the ZombieLand 
> Attack vulnerability can affect Linux systems.
>
> -A
>
> ================================
> References
> ================================
> [1]https://zombieloadattack.com/
> [2]https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/
> [3]https://www.zdnet.com/article/intel-cpus-impacted-by-new-zombieload-side-channel-attack/ 
>
> [4]https://gizmodo.com/what-to-do-about-the-new-intel-chip-flaw-1834759126 
>
> [5]https://www.reddit.com/r/linux/comments/booowk/zombieload_cross_privilegeboundary_data_leakage_a/ 
>
> [6]https://9to5mac.com/2019/05/14/intel-zombieload-vulnerability-mac/
> [7]https://www.zdnet.com/article/linux-vs-zombieload/
> ================================
>
> aaronco36 at sdf.org
> ---------------------
>

         First thank you Aaron.  I have re-posted to several mailing 
lists and a Usenet
newsgroup but here is another URL that was referred to as cute.  It does 
not seem to be a fully
comprehensive list as it was said to be.  The answers to the questions 
are cute though.
<https://cpu.fail/>

     Bobbie Sellers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20190515/f6c8ff35/attachment.html>

More information about the sf-lug mailing list