From: Dave Taht <dave.taht@gmail.com>
To: Outback Dingo <outbackdingo@gmail.com>
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] aarch64 exploit POC
Date: Sun, 7 Jan 2018 08:46:24 -0800 [thread overview]
Message-ID: <CAA93jw53dKG5AjV4nkqzUBW67s8-DafOOpv_xDQ1QXNqL8YQgw@mail.gmail.com> (raw)
In-Reply-To: <CAKYr3zydSZB3-_dL46T0_qwtkSa=ZRmPP3kuaB+JOCcWmPrtbw@mail.gmail.com>
On Sun, Jan 7, 2018 at 8:21 AM, Outback Dingo <outbackdingo@gmail.com> wrote:
> yes but i would think you would post it to the LEDE / OpenWRT lists also
I'm not reading that email account of mine at the moment, and I'd hope
folk over there are already all over this.
I only logged in long enough to send out a happy new year to everyone.
I was prepping to spend a few days
finishing up the netem patches and maybe trying to submit cake again
before the submission window closed, and then I made the mistake of
inferring what the KPTI patches actually meant, and then this all
happened.
I'd like my vacation back, please.
> On Sun, Jan 7, 2018 at 11:10 AM, Dave Taht <dave.taht@gmail.com> wrote:
>> On Sun, Jan 7, 2018 at 7:47 AM, Outback Dingo <outbackdingo@gmail.com> wrote:
>>> OH hell... notifying all my "cohorts"...... thanks for the heads up
>>
>> Then go drinking.
>>
>> Aside from x86 arches (anyone have word on the x86 chip in the
>> pcengines?), it looks like the mips chips simply were not advanced
>> enough to have this level of speculation and out of order behavior.
>>
>> The turris omnia and a few other high end arm chips in this part of
>> the embedded router space are also vulnerable (I'm hoping that the
>> lede folk can compile a list) - but - if you can execute *any*
>> malicious code as root on embedded boxes - which is usually the case -
>> you've already won.
>>
>> The Mill, Itanium, MIPs, and older arms are ok. There are huge lists
>> being assembled on wikipedia, reddit, and elsewhere.
>>
>> My own terror is primarily for stuff in the cloud. There IS a vendor
>> renting time on bare metal in-expensively, which I'm considering.
>>
>> (example: https://www.packet.net/bare-metal/servers/type-2a/)
>>
>> Ironically all the bufferbloat.net services used to run on bare metal,
>> until the competing lower costs of the cloud knocked isc.org out of
>> the business.
>>
>>
>>
>>>
>>> On Sun, Jan 7, 2018 at 10:15 AM, Dave Taht <dave.taht@gmail.com> wrote:
>>>> https://plus.google.com/+KristianK%C3%B6hntopp/posts/6CduVXSy6Kd
>>>>
>>>> There comes a time after coping with security holes nonstop for 5 days
>>>> straight, when it is best to log off the internet entirely, stop
>>>> thinking, drink lots of rum, and go surfing.
>>>>
>>>> Today is that day, for me.
>>>>
>>>> --
>>>>
>>>> Dave Täht
>>>> CEO, TekLibre, LLC
>>>> http://www.teklibre.com
>>>> Tel: 1-669-226-2619
>>>> _______________________________________________
>>>> Cerowrt-devel mailing list
>>>> Cerowrt-devel@lists.bufferbloat.net
>>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>>
>>
>>
>> --
>>
>> Dave Täht
>> CEO, TekLibre, LLC
>> http://www.teklibre.com
>> Tel: 1-669-226-2619
--
Dave Täht
CEO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-669-226-2619
next prev parent reply other threads:[~2018-01-07 16:46 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-07 15:15 Dave Taht
2018-01-07 15:47 ` Outback Dingo
2018-01-07 16:10 ` Dave Taht
2018-01-07 16:21 ` Outback Dingo
2018-01-07 16:46 ` Dave Taht [this message]
2018-01-07 16:22 ` Jonathan Morton
2018-01-07 19:03 dpreed
2018-01-08 15:49 ` Dave Taht
2018-01-08 15:57 ` Jonathan Morton
2018-01-09 18:19 ` Dave Taht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAA93jw53dKG5AjV4nkqzUBW67s8-DafOOpv_xDQ1QXNqL8YQgw@mail.gmail.com \
--to=dave.taht@gmail.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=outbackdingo@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox