<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#CCCCCC">
    <br>
    <br>
    <div class="moz-cite-prefix">On 5/15/19 8:44 AM, aaronco36 wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:alpine.NEB.2.20.1905151538010.24412@faeroes.freeshell.org">For
      those of you who aren't already aware of this, there was posted
      within the last several days the discovery of more critical
      vulnerabilities in Intel-based processors *besides* the previous
      infamous Meltdown, Spectre, and Foreshadow vulnerabilities.
      <br>
      <br>
      <blockquote type="cite">From the ZombieLoad Attack website [1]:
        <br>
      </blockquote>
      ~~~~~~~~~~~~~~~ quoting ~~~~~~~~~~~~~~~~~~~~
      <br>
      Watch out! Your processor resurrects your private browsing-history
      and other sensitive data.
      <br>
      <br>
      After Meltdown, Spectre, and Foreshadow, we discovered more
      critical vulnerabilities in modern processors. The ZombieLoad
      attack allows stealing sensitive data and keys while the computer
      accesses them.
      <br>
      <br>
      While programs normally only see their own data, a malicious
      program can exploit the fill buffers to get hold of secrets
      currently processed by other running programs. These secrets can
      be user-level secrets, such as browser history, website content,
      user keys, and passwords, or system-level secrets, such as disk
      encryption keys.
      <br>
      <br>
      The attack does not only work on personal computers but can also
      be exploited in the cloud.
      <br>
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      <br>
      <br>
      Among other good sources of information about the ZombieLoad
      Attack currently making the rounds, also see references [2] thru
      [6].
      <br>
      SJVN even mentioned yesterday in reference [7] how the ZombieLand
      Attack vulnerability can affect Linux systems.
      <br>
      <br>
      -A
      <br>
      <br>
      ================================
      <br>
      References
      <br>
      ================================
      <br>
      [1]<a class="moz-txt-link-freetext" href="https://zombieloadattack.com/">https://zombieloadattack.com/</a>
      <br>
[2]<a class="moz-txt-link-freetext" href="https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/">https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/</a>
      <br>
[3]<a class="moz-txt-link-freetext" href="https://www.zdnet.com/article/intel-cpus-impacted-by-new-zombieload-side-channel-attack/">https://www.zdnet.com/article/intel-cpus-impacted-by-new-zombieload-side-channel-attack/</a>
      <br>
[4]<a class="moz-txt-link-freetext" href="https://gizmodo.com/what-to-do-about-the-new-intel-chip-flaw-1834759126">https://gizmodo.com/what-to-do-about-the-new-intel-chip-flaw-1834759126</a>
      <br>
[5]<a class="moz-txt-link-freetext" href="https://www.reddit.com/r/linux/comments/booowk/zombieload_cross_privilegeboundary_data_leakage_a/">https://www.reddit.com/r/linux/comments/booowk/zombieload_cross_privilegeboundary_data_leakage_a/</a>
      <br>
[6]<a class="moz-txt-link-freetext" href="https://9to5mac.com/2019/05/14/intel-zombieload-vulnerability-mac/">https://9to5mac.com/2019/05/14/intel-zombieload-vulnerability-mac/</a>
      <br>
      [7]<a class="moz-txt-link-freetext" href="https://www.zdnet.com/article/linux-vs-zombieload/">https://www.zdnet.com/article/linux-vs-zombieload/</a>
      <br>
      ================================
      <br>
      <br>
      <a class="moz-txt-link-abbreviated" href="mailto:aaronco36@sdf.org">aaronco36@sdf.org</a>
      <br>
      ---------------------
      <br>
      <br>
    </blockquote>
    <br>
            First thank you Aaron.  I have re-posted to several mailing
    lists and a Usenet <br>
    newsgroup but here is another URL that was referred to as cute.  It
    does not seem to be a fully<br>
    comprehensive list as it was said to be.  The answers to the
    questions are cute though.<br>
    <a class="moz-txt-link-rfc2396E" href="https://cpu.fail/"><https://cpu.fail/></a><br>
    <br>
        Bobbie Sellers<br>
  </body>
</html>