Spectre. Meltdown. Zombieload. MDS attacks. Etc. All of these were giant news stories and everyone acted like the world was ending. We were told we needed to apply patches to our CPUs that gimped their performance. Now we don't hear a word about any of these vulnerabilities and no one was affected unless they were being targeted by a government or ran data servers for banks or crap. Wake up and stop falling for the "security" meme.
Spectre. Meltdown. Zombieload. MDS attacks. Etc...
Grayson Lewis
Kevin Kelly
>Now we don't hear a word about any of these vulnerabilities and no one was affected
...because they are patched, rart.
Ian Kelly
The thing about these vulnerabilities is they have been field tested to work effortlessly in javascripts which can be executed through a malcious ad/redirect. In reality the people who use these exploits DON'T want you to know you've been breached in any way so instead of targeting specific people thousands to millions have their data mined, packed, and sold on the dark net to the highest bidder. When someone opens up your data and actually has any interest in it they do whatever they want with it and you now basically have no way of knowing who hacked you because it's not known how many hands you data was exchanged through.
Anyway the best route if you really care about security is to upgrade to a secure processor like AMD's zen 2 ones and sell your swiss cheese intel one to the highest bidder on ebay so they carry that burden and not you. If you don't then go ahead and fully uninstall the 30+ windows/bios security mitigations. While your're at it leave the entry doors of your house wide open and all your car windows down.
Jayden Gonzalez
So if you had an unpatched CPU and someone uploaded a javascript ad that used those vulnerabilities and you diden't notice whose fault would it be?
Parker Powell
the truth is less exciting than sensational news stories and cute icons for a fucking software bug
can you imagine being the guy on the team to identify shit like this and going "i'll make the logo"?
Nicholas Rodriguez
Hackers can LITERALLY pull your passwords and banking info directly out of your RAM if you run even a single javascript that targets any of these vulnerabilities. Sure the success rate can be like 10% on average but if this same ad is run over and over again through say millions of computers... that's a LOT of data.
David Jenkins
please prove that anything besides the initial PoC exploits showing off theoretical exploits exist and that people are stealing data using ads and selling it on the deep web thanks! Stop fear mongering
Jayden Ross
If I posted the onion links here I would get b& and possibly even v& so now I won't. What I will say is I've already tested the numerous javascripts you can easily get online and confirmed they all work on unpatched intel systems. Go look for them and execute them yourself, seeing is believing after all.
Now imagine that being run on at least hundreds of thousands of computers every day siphoning passwords and banking info automatically. Then imagine all that data being neatly packed into rar folders and then getting sold to the highest bidder on dark net who may not even use your data until weeks-months have passed by. Are you sure you REALLY want to go through that?
Sebastian Williams
I'm not asking you to post the onion links or lead me to where you allege people are selling info collected using these exploits. Just name me a single attack in the wild where the attacker didn't already have all the background info on their target necessary to execute the attack. Surely if hundreds of thousands of people have been affected this is somewhere in the news correct?
Jayden Wright
You already posted them, The only thing you didn't mention is how there are now 10+ different variants of meltdown/spectre and how RIDL complete bypasses the jitter mitigations thing modern brownsers implemented to fight against spectre/meltdown.
Tyler Martinez
Wat. Of course you don't hear much because they were patched.
Jackson Foster
And the Google botnet continues to push JS...
Hmmmmmmmm
Nathan Reed
yes I'm aware of the PoC exploits the researchers cooked up for all the vulnerabilities. Show me an exploit from the wild where any of these are valid attack vectors for home users. PoC stuff exists for tons of exploits that are never used outside the researchers' labs.
Benjamin Mitchell
Find the javascripts, they're easily accessible on the surface web and run them for yourself. It sounds like you don't have all variants of spectre and meltdown mitigated so they should be more than 10% successful if you leave your browser open for that 300 second window.
Juan Price
Yes I've seen the PoC code and seen videos of them in action. I'm not denying their existence. I'm asking for examples of these exploits being used in the wild if you know of any. Surely if hundreds of thousands of people who have the misfortune of having an Intel CPU have been hit, someone would say something.
Patches obviously exist but I'm assuming the majority of people using Intel CPUs haven't patched a thing and don't even bother with easy things like updating their copy of Winblows and we haven't heard anything about these exploits hurting them.
Blake Harris
>I haven't noticed myself being attacked, therefore all these exploits are bogus!
The absolute state of Jow Forums
Gavin Foster
Mds can and has been patched in-browser
Nathan Garcia
So let me get this straight. You have proof that the exploits work, and you know in the past that people have used cyber attacks as a means of making money, but with these particular exploits, until someone finally does come up with the attack code and releases it into the wild, you feel no compulsion to protect yourself?
Did you learn nothing from WannaCry?
Lincoln Perry
gotta say for how much intel sucks ass the art for their security flaws look good
Carson Cox
Turns out trying to snoop data using javascript is too slow to find anything other than garbage in the time frame someone spends on a web page
Was it possible that someone could steal credentials using nothing but javascript? Yes it was and this was the whole scare behind it
Was it likely? Fuck no
Isaiah Rogers
>If a tree falls in the forest and no one's around it doesn't make a sound
Retard gorilla nigger
Jace Martinez
Its becuse we all have patches and now our cpus are gimped.
Brody Young
What he is asking for is perfectly valid to ask for
What practical, in the wild attacks have been documented since this entire shit started?
Even if there wasn't any it still isn't an excuse to be unpatched but it alteast debunks the retarded media fear mongering
Anthony Miller
None of these attacks can realistically be carried out on an average person unless they're being targeted by the hacker. Researches can obviously show off the exploits because they have full knowledge of and control of the "victim" and the attacker so they can make them do whatever they want to make the attacks work which wouldn't be realistic in a real world setting. The chances of them happening online to random people is incredibly low and hasn't been observed.
Aaron Jackson
user, Windows 10 updates just happen, they're not something normal people choose to do anymore.
Bentley Rodriguez
you know you can scan every IP on the internet in like a day and automate attacks against insecure systems to find bank info, gmail creds and bitcoin wallets right? if you don't think you'd get fucked hard without modern security patches you're a retard.
Lincoln Peterson
this is like exposing your junk because you don't think anyone will ever think to kick you in the balls, then at some point you'll round a corner right into your local feminazi and end up coughing up your testicles