PS: Disable Intel Hyper-Threading where not needed, until we all know more

The link is shit. Zero mention of Hyper-Threading. Fuck off and shill your trash site on plebbit.

On one hand Theo is a colossal dickhead.

On the other his autism over security is the hero we need.

if you had read the link on the op you would know by now that disabling ht is a "tip" from theo. i believe that once they get proper repeatable validation (read working exploit based) on their findings they might release more info
now, will intel release their info before theo? not a chance, they are betting on no one finding out about all the security defects on their hardware

indeed, i couldnt have said it better

>our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher
>this is because Android and Linux can be tricked into (re)installing an all-zero encryption key
>when attacking other devices, it is harder to decrypt all packets
LMAO LINUX BTFO

Attached: 8ccf1b75283ed4b73687c35f74f065ce_w640_h360_cp_sc.jpg (640x360, 55K)

>Is there any more info about this?
It\s under an embargo so no. There's an exploit that targets HT and it's going to take shitnux 8 months to patch it, so nobody is allowed to talk about it until then.

GNU/Shitnux*

>GNU
Actually it's just the kernel that needs to be patched, so no GNAIDS there, just shitnux.

Daily reminder: Linux is a meme.
Real men use L4 based operating systems like GenodeOS.

I doubt even Linus knows about it, nowadays it seems that the only people considered worthy by Intel of being included in embargos are Google/Amazon/RedHat engineers who are under shitloads of NDA's

theo keep the jews on their toes

Attached: theo on intel 11 years ago.png (844x1424, 337K)

>OYYY VEYYYY!

Attached: intel oyvey.jpg (691x771, 112K)

DELID IT GOYIM

Attached: delid it.jpg (691x771, 64K)

Best way to find out is trying to break it ourselves then I suppose...

Where is that faggot that posts the same pasta every time openbsd is mentioned? I guess shills have to sleep after all.

>damn, i was just about to post this. theo is single highhandedly making the computer world a safer place.
Not so sure. He wants to reveal patch his niche OS first to get publicity and attention, but he only put the 99,9%+ of world computer users at bigger risk in exchange.
That's egocentric wanker approach IMHO, not security first approach.

Attached: 1492466549509.jpg (460x566, 46K)

Are you under NDA?

I swear, it says WPA2 and you're complaining it has nothing to do with intel processors. You're right, but a fucking moron.

>t. under intel nda
pathetic display of damage control

>tfw actually AMD fan

Attached: 1434717840184.gif (277x400, 116K)

discovering and documenting bugs is how they get fixed

that is not at odds with collaborating with others and giving them time to react too, instead of being a special snowflake and stabbing them in the back

Final form, Rajakesh Shekelstein

Attached: 1527629778452.jpg (679x758, 54K)

Time to reverse engineer their shitty patches for zero days. I heard they use good documentation. Wangblows still haven't patched it and openbsd also fucked some for i386.

Where are the mods??? This post is antisemitic.

Ok well if we know its HT-related, and all of the recent security issues are surrounding speculative execution, I am thinking the vulnerability lies somewhere in a situation where 2 threads share a single physical core simultaneously (interleaved/pipelined execution) through the hyperthreading mechanism:

>Thread A (malicious process) probes (not sure of mechanism) registers/protected memory that are only accessible to it due to its affinity with a specific core. This process dumps the protected regions to some log continuously using a context switching approach that surfaces the data while simultaneously being imperceptible to the other process on this physical core.

>Thread B (your chrome session) is passing TLS session key information around which gets slurped up by the malicious process running interleaved instructions on the same physical core.

I cant imagine it being much more involved than this. Would most certainly affect virtualized environments as well unless the hypervisor forces HT pairs per logical VM to avoid partitioning a physical core across multiple customers.

[Investigation intensifies]
Maybe this is related, fairly recent: lists.debian.org/debian-devel/2017/06/msg00308.html
>This advisory is about a processor/microcode defect recently identified
on Intel Skylake and Intel Kaby Lake processors with hyper-threading
enabled. This defect can, when triggered, cause unpredictable system
behavior: it could cause spurious errors, such as application and system
misbehavior, data corruption, and data loss.

The entirety of spectre relies on using cache as a side channel for speculative execution, so we have to think cachewise.
What do these threads share? The core's l2(and maybe l1?) cache.
My guess here is that the threads can someone figure out results of execution via this. I don't know what the second part of the exploit would be since we can't use branch prediction(do they share predictors?) to cause the initial bad speculative jump.

I think we might need to look at the physical structure of an intel core complex to see which resources are actually shared on the die. I suspect the branch predictor is a shared piece of hardware considering the complexity that would be involved with having one per logical thread.

And there would be our exploit.
Well, if it _is_ shared, I'll check wikichip at some point

>unknown cipher cryptography all over again
It's been proven again
>Bruce Schneier's entire works
And again
>The Cathedral and the Bazaar
And again
>Every intel shitstorm
That open source development has a billion advantages over closed source, when it comes to security
Look, I get it, you cant make money that way and it's ok to have closed source whatever so that you can sell it, absolutely understandable, but you in fact CANNOT argue that open source development would in fact lead to a more secure product
This time it was Theo that got the leak that something was wring and he decided to try and fix it along with anyone interested
What if those leaks were sold to literal crackers? You'd have billions (it IS billions by the way) of unlatched insecure systems with mind bendingly bad vulnerabilities, and that's a fact

wouldnt in fact lead*

Retard, coordinated disclosure has nothing do do with closed source VS open source. Look at Linux, they are cooperating with others, bro. Probably because autists are not in charge there.

>linux
>autists not in charge
top kek

Compared to this? Bruh

Attached: 1466343259240.gif (243x270, 483K)

Jesus fucking Christ Intel cpoos are the worst fucking shit filled with security holes in the last 20 years.

Attached: 1479859651675.png (415x423, 134K)

>OBSD fixing bugs that only got attention 10 years later
>now that PoCs are out they're the OSpocalypse
OpenBaSeD.

Why isn't all these intel vulnerabilities on the news headers, hurting the economy and leaking millions? Maybe it's true what they say, you can notice computers everywhere except in economy.

>muuh security by (((obscurity)))
Fuck off cia nigger. Theo is right, it's full disclosure or nothing.