<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#CCCCCC">
<br>
<br>
<div class="moz-cite-prefix">On 5/15/19 8:44 AM, aaronco36 wrote:<br>
</div>
<blockquote type="cite"
cite="mid:alpine.NEB.2.20.1905151538010.24412@faeroes.freeshell.org">For
those of you who aren't already aware of this, there was posted
within the last several days the discovery of more critical
vulnerabilities in Intel-based processors *besides* the previous
infamous Meltdown, Spectre, and Foreshadow vulnerabilities.
<br>
<br>
<blockquote type="cite">From the ZombieLoad Attack website [1]:
<br>
</blockquote>
~~~~~~~~~~~~~~~ quoting ~~~~~~~~~~~~~~~~~~~~
<br>
Watch out! Your processor resurrects your private browsing-history
and other sensitive data.
<br>
<br>
After Meltdown, Spectre, and Foreshadow, we discovered more
critical vulnerabilities in modern processors. The ZombieLoad
attack allows stealing sensitive data and keys while the computer
accesses them.
<br>
<br>
While programs normally only see their own data, a malicious
program can exploit the fill buffers to get hold of secrets
currently processed by other running programs. These secrets can
be user-level secrets, such as browser history, website content,
user keys, and passwords, or system-level secrets, such as disk
encryption keys.
<br>
<br>
The attack does not only work on personal computers but can also
be exploited in the cloud.
<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<br>
<br>
Among other good sources of information about the ZombieLoad
Attack currently making the rounds, also see references [2] thru
[6].
<br>
SJVN even mentioned yesterday in reference [7] how the ZombieLand
Attack vulnerability can affect Linux systems.
<br>
<br>
-A
<br>
<br>
================================
<br>
References
<br>
================================
<br>
[1]<a class="moz-txt-link-freetext" href="https://zombieloadattack.com/">https://zombieloadattack.com/</a>
<br>
[2]<a class="moz-txt-link-freetext" href="https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/">https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/</a>
<br>
[3]<a class="moz-txt-link-freetext" href="https://www.zdnet.com/article/intel-cpus-impacted-by-new-zombieload-side-channel-attack/">https://www.zdnet.com/article/intel-cpus-impacted-by-new-zombieload-side-channel-attack/</a>
<br>
[4]<a class="moz-txt-link-freetext" href="https://gizmodo.com/what-to-do-about-the-new-intel-chip-flaw-1834759126">https://gizmodo.com/what-to-do-about-the-new-intel-chip-flaw-1834759126</a>
<br>
[5]<a class="moz-txt-link-freetext" href="https://www.reddit.com/r/linux/comments/booowk/zombieload_cross_privilegeboundary_data_leakage_a/">https://www.reddit.com/r/linux/comments/booowk/zombieload_cross_privilegeboundary_data_leakage_a/</a>
<br>
[6]<a class="moz-txt-link-freetext" href="https://9to5mac.com/2019/05/14/intel-zombieload-vulnerability-mac/">https://9to5mac.com/2019/05/14/intel-zombieload-vulnerability-mac/</a>
<br>
[7]<a class="moz-txt-link-freetext" href="https://www.zdnet.com/article/linux-vs-zombieload/">https://www.zdnet.com/article/linux-vs-zombieload/</a>
<br>
================================
<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:aaronco36@sdf.org">aaronco36@sdf.org</a>
<br>
---------------------
<br>
<br>
</blockquote>
<br>
First thank you Aaron. I have re-posted to several mailing
lists and a Usenet <br>
newsgroup but here is another URL that was referred to as cute. It
does not seem to be a fully<br>
comprehensive list as it was said to be. The answers to the
questions are cute though.<br>
<a class="moz-txt-link-rfc2396E" href="https://cpu.fail/"><https://cpu.fail/></a><br>
<br>
Bobbie Sellers<br>
</body>
</html>