[Info-vax] Intel x86-64 Processor Design Security Vulnerability?
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Thu Jan 4 11:33:58 EST 2018
On 2018-01-04 14:25:58 +0000, DaveFroble said:
> This is all very interesting, and I don't have a clue about how to
> actually perform such exploits, nor do I care to know. However, I
> think there is still one thing that is essential in performing any such
> exploits. One would first need access to the machine.
Do you browse from any local systems on your network? Better hope all
the sites aren't themselves exploited. Why? Chrome, Firefox, Edge and
IE browsers are all vulnerable to Javascript containing an exploit
related to this mess. Then access is available to at least one system
on your local network. Once one system is breached on the local
network, other systems using the exceptionally high-security protocols
such as DECnet, telnet, FTP and cluster SCS are vulnerable (and then
there's that OpenVMS RCE I've been sitting on for a couple of years),
and games with local DNS and ARP redirects can allow interception
(MITM) of both unencrypted cleartext connections and encrypted
connections and if those cleartext encrypted connections aren't using
TLSv1.2 and secure algorithms or aren't checking end-point certificates
or aren't checking correctly...
Don't assume attackers are going to go directly at the target system.
Getting past the network firewall through a down-revision browser or a
down-revision printer or some Apple ID social engineering or otherwise
works well enough for the attacker's needs, after all.
Don't assume the attackers will access the systems and the networks in
the same access and login sequences that developers and end-users use.
Don't assume that attackers don't end up knowing parts of your network
traffic and network activities better than you do, too.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list