cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Badfilemagic
Contributor II

Some “light reading” regarding meltdown and spectre

Given the thread discussing mitigations of the recently disclosed processor bugs, I thought it might be helpful to put together a brief reading list explaining the what and how of the bugs, and some related info.

For a not-too-technical read, i’ll first toot my own horn with regards to what some of the lessons learned from an engineering aspect (and the importance of qa generally):
https://www.weaponizedawesome.com/blog/?p=278

The Raspberry Pi folks, in explaining why the Pi computers are not vulnerable put together a nice, easily digestible explanation of how superscalar processors, out of order execution and speculative execution work:
https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/

For the technically inclined, a deep explanation of the bugs and some poc exploit code is available from Google’s Project Zero, whose Jann Horn independently identified the same bugs the Austrian researchers did:
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html?m=1

Dark Reading has a fairly well put together explanation discussing some of the history as well as what the exposure and risks are, much better than the non-technical press which has been in full-on chicken little mode:
https://www.darkreading.com/attacks-breaches/the-nightmare-before-christmas-security-flaws-inside-ou...

The Linux Kernel Mailing List and FreeBSD Security mailing lists are good resources but likely of limited utility unless you’re really into the nitty gritty of the fixes.

It is worth noting that while the FreeBSD Project was apparently informed of the issue in December, it is unclear what the fix there might be, and they are behind Linux and Windows in delivering. Advanced notice was apparently not provided to OpenBSD (known for being extremely hard-core with regards to security), or the FreeBSD down-stream project HardenedBSD. A post regarding the current state of mitigations in the BSD worls can be found here for those interested:

https://github.com/lattera/articles/blob/master/infosec/Vulnerabilities/2018-01-05_Meltdown_Spectre/...

-- wdf//CISSP, CSSLP
13 Replies
Early_Adopter
Community Champion

This is a really crisp explain of the mechanics of both exploits from John Wagnon of F5:

 

https://www.youtube.com/watch?v=ekBV2AdUc5g

 

 

3dk
Viewer II

Thanks for those links, and for classifying them by depth.

I see several others have posted additional links. 

As you might expect Patrick Gray has a good and relevant interview, in the 10-Jan episode, with Matt Tait.

https://risky.biz/RB482/ ( starts about 2/3 in )

Good depth, and succinct.

Deyan
Contributor I

Awesome stuff mates. Thanks

mortiz
Viewer II

Thanks for sharing this information