Jump to content


Popular Content

Showing content with the highest reputation on 01/05/18 in Posts

  1. 3 points
    With last year's biggest revelations being the entirety of Vault 7 and the Equifax breach, we're starting off this year with a two exploits (though divided into three vulnerabilities) ranging about 20 years of CPUs. Article Dump: Official Meltdown and Spectre Exploit Website Includes Q&A, CVEs, and academic papers Google Project Zero write up on Meltdown and Spectre Written by one of the researchers that found both exploits The Register - Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign Ars Technica - What’s behind the Intel design flaw forcing numerous patches? Meltdown explanation in layman's terms Wired - A Critical Intel Flaw Breaks Basic Security for Most Computers Why Raspberry Pi isn't vulnerable to Spectre or Meltdown Includes layman's explanation of speculative execution Meltdown in Action: Dumping memory Meltdown demo - Spying on passwords Official responses from various companies Intel AMD ARM Microsoft Amazon Web Services Google Android Security Bulletin Linus Torvalds doesn't like Intel A valid complaint given that Intel thinks its ok that malicious actors can only read memory LLVM's work in progress Spectre patch for variant 2 Important information about Microsoft Meltdown CPU security fixes, antivirus vendors and you Basic ways to exploit these vulnerabilities: With Spectre, an attacker can put malicious JS on a website, allowing them to read all browser memory including form data such as passwords, cookies, session tokens, and encryption keys. Similar approach can be used with Java in a sandbox. With Meltdown, an attacker can host software in some cloud environment to read memory form the host machine. Any data hosted on that server can then be read. tl;dr: Two major CPU vulns just went public Exploitable CPUs allow attackers to read memory of processes currently Meltdown is exploitable on Intel CPUs while Spectre is exploitable on Intel, AMD, and ARM CPUs Meltdown is not yet verified to work on AMD or ARM CPUs Spectre is likely to affect all modern multithreading CPUs It is unclear if this exploit has ever been used publicly before now Patches have been put out for the Linux kernel, Windows, OSX, and Android but only for Meltdown so far LLVM have a work in progress patch for one of Spectre's two variants Expect lots of recompiling soon Patches are software to fix a hardware issue. This isn't going to be properly solved until a couple years down the line with a redesigned CPU generation. Performance hits are expected, and further performance hits are expected when the Spectre patches roll out Ballpark 5 to 30% performance decrease for Intel CPUs This primarily affects system calls, not computation, meaning that things like rendering or gaming shouldn't be affected in any substantial way. Expect the largest performance hits on VM software that use Hyper-V or docker containers Likely not an NSA or CIA backdoor because it would still affect their own hardware as much as anyone else As per usual, encrypt your data and use stuff like NoScript. As long as you keep up to date with software patches, the average user shouldn't be alarmed. BUT FUCKING UPDATE YOUR SHIT
  2. 2 points

    TIAM: General Gaming edition

    From what I can tell second life was dominated by furries and VRchat is dominated by weebs. For completeness, gmod (online) is dominated by 8 year olds. So there you go.
  3. 1 point
    Ty for the outline fam, Ive been reading everything from minor inconvenience to your pc will literally explode Now I gotta learn what noscript is
  4. 1 point
    subspuf best girls 1. raz 1. veez (you guys are both best girl lol) 2. everyone else because i like you all 99999. cmdr
  5. 1 point


    Had a kick-ass fuckin radical dream last night. I flew to Australia and enlisted in the military. And of course because it's Australia there's giant bugs and shit. During bootcamp I got in the bed on a pickup with some other dudes and we went down this kind of trenched backroad. On the right it was all woods, on the left a big field, which turned into woods eventually. So we're driving and then a fuckin big ass herd of these big ass bugs starts moving down the field going the opposite direction of us. They were called "great converse beetles" and looking like centipedes, except the segments were fatter and rounder, and only had an exoskeleton on the top, which was black, and their bellies were red, with white fur where their legs began. They kinda moved on the back half of their set of legs, with the front half of themselves held up off the ground, looking forward. Oh and they were also 250 feet tall from belly to back and 150 feet long from head to tail. Apparently they were super aggressive if you got near them bu otherwise didn't care if you kept your distance. So we're driving with these giant fuckin great converse beetles going opposite to the left of us, and then a herd of giant fuckin goats the size of the beetles come outta the woods at the far left of the field and start battering the beetles, so now the giant goats and the giant beetles are fighting and killing each other. Shit was awesome. Eventually I left Australia cause I had a dentist appointment. And to think my dream the night before was literally just me taking a shower and then playing SMB1 on the NES.