Re: [FRIAM] Meltdown & Spectre

[Alfredo Covaleda Vélez]

https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/

On Thu, Jan 4, 2018 at 11:23 PM, Marcus Daniels 
wrote:

> Hah.  That’s pretty much the end.
> The out-of-order-execution machinery has a (poker) ‘give’ that can be
> exploited.
> Of course it could.  Probably has been in use for years.  Wow.
>
>
>
> Sent from my iPhone
>
> On Jan 4, 2018, at 7:03 PM, Gillian Densmore 
> wrote:
>
> I don't pretend to have some of the tech reading skills to have followed
> that article well. Is what it saying is Intell CPU's are bad about making
> sure it has enough extra hands hands to  make sure they can do something
> before doing so. And that basically it's possible to basically make a smart
> are program that tells your computers brain it can do something and not to
> bother checking, no really don't bother  if it can do something
>
> Question: How realisticly likely (or do able) is that? and isn't that
> quite a bit like many of the jerk  fake websites wich spam Chrome/Chromium
>  browsers  trolling scripts that say: your computer has a bug a bajillion
> times so as the browers goes kaboom? On windows 10 almost all of them try
> to look like a fake patch or flash update or something and make an obnoxous
> beep or alert type of sound "your computer is infected! call MS tech
> Support  " If that's oddly specific I have run into that. particular one.
> Their's probably others like it.
>
> So if I read this right: a Meltdown/Spectre style aholery tells your
> computer a whoper of a story. Realy fast in the hopes, of burning through
> more brain power than it has? Didn't we have this in the 80's and 90's?
> Something like a DDOS and Ping of Doom and other similler issues?  Didn't
> they fix that after Anonymous found out how to crash the whole Sony Network
> just bey changing their clocks?(and doing the same to Battlenet/D) many
> years ago? I know they crashed battle.net using a fake patch that
> basically told a whoper to blizzards (then) only clock, such that when
> people updated to a fake patch it kept doing so (999 times a second
> because the clock was lied to)
>
> I don't know what was more impressive that they could make a fake patch,
> [and users didn't know it was fake including me]Or that no one at blizzard
> or activision checked , or that patch bassically sat in 2billion peoples
> cache for almost 3 months
>
> Please correct me if I'm wrong. Spectre/Meltdown look to be in the same
> vane.but (possible) able to reak much more havoc.
>
> The technique of lying to the computers memory is strangely similler how
> some game bots work. Is that for speed? or just a limitation of processors?
> if you know. I am genuinely curius^_^
>
> et.worldofwarcraft.wikia.com/wiki/Warden_(software)
>
> 
>
>1.
>
> 
>2.
>
> 
>
>
> For example on the legit side:Warden (WarCrafts memory and saftey system)
> helps tell legit bots (called mobs and NPC's)  what to do. It's possible to
> mis-lead Warden in a simillar way as spectre, Some scripting stunts (cache
> from LUA for example)
>
> can at  ask Warden what it's thinging about (IF ha ha haha the Warden+LuA
> key chained API  hahahahah hasn't changed a running joke for LUA
> enthusiasts because it will  )
>
> On the good side that meens realy bad ass things like tweaking textures or
> how some stuff to just your computer looks, or adding nice quality of life
> things.
>
> However some people use that to cheat well beyond what the company allows
> and I can't help but wonder if iSpectre/Meltdown use simillar tricks just
> because the way it looks to work to me is very simillar to  how some game
> bots and Mobs work.
>
>
>
> On Thu, Jan 4, 2018 at 5:10 PM, cody dooderson 
> wrote:
>
>> Does anyone know if the Ethereum cryptocurrency is affected by these
>> bugs? I think it has some sort of distributed scripting based on
>> javascript.
>>
>> Cody Smith
>>
>> On Thu, Jan 4, 2018 at 3:26 PM, glen ep ropella 
>> wrote:
>>
>>> I'm sure you're all already aware... But just in case:
>>>
>>> Reading privileged memory with a side-channel
>>> https://googleprojectzero.blogspot.com/2018/01/reading-privi
>>> leged-memory-with-side.html
>>>
>>> --
>>> glen
>>>
>>>
>>> 
>>> FRIAM Applied Complexity Group listserv
>>> 

Re: [FRIAM] Meltdown & Spectre

[Marcus Daniels]

Hah.  That’s pretty much the end.
The out-of-order-execution machinery has a (poker) ‘give’ that can be exploited.
Of course it could.  Probably has been in use for years.  Wow.



Sent from my iPhone

On Jan 4, 2018, at 7:03 PM, Gillian Densmore 
mailto:gil.densm...@gmail.com>> wrote:

I don't pretend to have some of the tech reading skills to have followed that 
article well. Is what it saying is Intell CPU's are bad about making sure it 
has enough extra hands hands to  make sure they can do something before doing 
so. And that basically it's possible to basically make a smart are program that 
tells your computers brain it can do something and not to bother checking, no 
really don't bother  if it can do something

Question: How realisticly likely (or do able) is that? and isn't that quite a 
bit like many of the jerk  fake websites wich spam Chrome/Chromium  browsers  
trolling scripts that say: your computer has a bug a bajillion times so as the 
browers goes kaboom? On windows 10 almost all of them try to look like a fake 
patch or flash update or something and make an obnoxous beep or alert type of 
sound "your computer is infected! call MS tech Support  " If that's oddly 
specific I have run into that. particular one. Their's probably others like it.

So if I read this right: a Meltdown/Spectre style aholery tells your computer a 
whoper of a story. Realy fast in the hopes, of burning through more brain power 
than it has? Didn't we have this in the 80's and 90's?  Something like a DDOS 
and Ping of Doom and other similler issues?  Didn't they fix that after 
Anonymous found out how to crash the whole Sony Network just bey changing their 
clocks?(and doing the same to Battlenet/D) many years ago? I know they crashed 
battle.net using a fake patch that basically told a whoper 
to blizzards (then) only clock, such that when people updated to a fake patch 
it kept doing so (999 times a second because the clock was lied to)

I don't know what was more impressive that they could make a fake patch, [and 
users didn't know it was fake including me]Or that no one at blizzard or 
activision checked , or that patch bassically sat in 2billion peoples cache for 
almost 3 months

Please correct me if I'm wrong. Spectre/Meltdown look to be in the same 
vane.but (possible) able to reak much more havoc.

The technique of lying to the computers memory is strangely similler how some 
game bots work. Is that for speed? or just a limitation of processors? if you 
know. I am genuinely curius^_^

et.worldofwarcraft.wikia.com/wiki/Warden_(software)


  1.  

  2.  


For example on the legit side:Warden (WarCrafts memory and saftey system) helps 
tell legit bots (called mobs and NPC's)  what to do. It's possible to mis-lead 
Warden in a simillar way as spectre, Some scripting stunts (cache from LUA for 
example)

can at  ask Warden what it's thinging about (IF ha ha haha the Warden+LuA key 
chained API  hahahahah hasn't changed a running joke for LUA enthusiasts 
because it will  )

On the good side that meens realy bad ass things like tweaking textures or how 
some stuff to just your computer looks, or adding nice quality of life things.

However some people use that to cheat well beyond what the company allows and I 
can't help but wonder if iSpectre/Meltdown use simillar tricks just because the 
way it looks to work to me is very simillar to  how some game bots and Mobs 
work.



On Thu, Jan 4, 2018 at 5:10 PM, cody dooderson 
mailto:d00d3r...@gmail.com>> wrote:
Does anyone know if the Ethereum cryptocurrency is affected by these bugs? I 
think it has some sort of distributed scripting based on javascript.

Cody Smith

On Thu, Jan 4, 2018 at 3:26 PM, glen ep ropella 
mailto:g...@tempusdictum.com>> wrote:
I'm sure you're all already aware... But just in case:

Reading privileged memory with a side-channel
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

--
glen



FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove


=

Re: [FRIAM] Meltdown & Spectre

[Gillian Densmore]

I don't pretend to have some of the tech reading skills to have followed
that article well. Is what it saying is Intell CPU's are bad about making
sure it has enough extra hands hands to  make sure they can do something
before doing so. And that basically it's possible to basically make a smart
are program that tells your computers brain it can do something and not to
bother checking, no really don't bother  if it can do something

Question: How realisticly likely (or do able) is that? and isn't that quite
a bit like many of the jerk  fake websites wich spam Chrome/Chromium
 browsers  trolling scripts that say: your computer has a bug a bajillion
times so as the browers goes kaboom? On windows 10 almost all of them try
to look like a fake patch or flash update or something and make an obnoxous
beep or alert type of sound "your computer is infected! call MS tech
Support  " If that's oddly specific I have run into that. particular one.
Their's probably others like it.

So if I read this right: a Meltdown/Spectre style aholery tells your
computer a whoper of a story. Realy fast in the hopes, of burning through
more brain power than it has? Didn't we have this in the 80's and 90's?
Something like a DDOS and Ping of Doom and other similler issues?  Didn't
they fix that after Anonymous found out how to crash the whole Sony Network
just bey changing their clocks?(and doing the same to Battlenet/D) many
years ago? I know they crashed battle.net using a fake patch that basically
told a whoper to blizzards (then) only clock, such that when people updated
to a fake patch it kept doing so (999 times a second because the clock
was lied to)

I don't know what was more impressive that they could make a fake patch,
[and users didn't know it was fake including me]Or that no one at blizzard
or activision checked , or that patch bassically sat in 2billion peoples
cache for almost 3 months

Please correct me if I'm wrong. Spectre/Meltdown look to be in the same
vane.but (possible) able to reak much more havoc.

The technique of lying to the computers memory is strangely similler how
some game bots work. Is that for speed? or just a limitation of processors?
if you know. I am genuinely curius^_^

et.worldofwarcraft.wikia.com/wiki/Warden_(software)


   1.
   

   2.
   



For example on the legit side:Warden (WarCrafts memory and saftey system)
helps tell legit bots (called mobs and NPC's)  what to do. It's possible to
mis-lead Warden in a simillar way as spectre, Some scripting stunts (cache
from LUA for example)

can at  ask Warden what it's thinging about (IF ha ha haha the Warden+LuA
key chained API  hahahahah hasn't changed a running joke for LUA
enthusiasts because it will  )

On the good side that meens realy bad ass things like tweaking textures or
how some stuff to just your computer looks, or adding nice quality of life
things.

However some people use that to cheat well beyond what the company allows
and I can't help but wonder if iSpectre/Meltdown use simillar tricks just
because the way it looks to work to me is very simillar to  how some game
bots and Mobs work.



On Thu, Jan 4, 2018 at 5:10 PM, cody dooderson  wrote:

> Does anyone know if the Ethereum cryptocurrency is affected by these bugs?
> I think it has some sort of distributed scripting based on javascript.
>
> Cody Smith
>
> On Thu, Jan 4, 2018 at 3:26 PM, glen ep ropella 
> wrote:
>
>> I'm sure you're all already aware... But just in case:
>>
>> Reading privileged memory with a side-channel
>> https://googleprojectzero.blogspot.com/2018/01/reading-privi
>> leged-memory-with-side.html
>>
>> --
>> glen
>>
>>
>> 
>> FRIAM Applied Complexity Group listserv
>> Meets Fridays 9a-11:30 at cafe at St. John's College
>> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
>> FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
>>
>
>
> 
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
> FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
>

FRIAM Applied Complexity Group listserv
Meets Frida

Re: [FRIAM] Meltdown & Spectre

[cody dooderson]

Does anyone know if the Ethereum cryptocurrency is affected by these bugs?
I think it has some sort of distributed scripting based on javascript.

Cody Smith

On Thu, Jan 4, 2018 at 3:26 PM, glen ep ropella 
wrote:

> I'm sure you're all already aware... But just in case:
>
> Reading privileged memory with a side-channel
> https://googleprojectzero.blogspot.com/2018/01/reading-
> privileged-memory-with-side.html
>
> --
> glen
>
>
> 
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
> FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
>

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove

[FRIAM] Meltdown & Spectre

[glen ep ropella]

I'm sure you're all already aware... But just in case:

Reading privileged memory with a side-channel
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

-- 
glen



FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove