From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qt0-x229.google.com (mail-qt0-x229.google.com [IPv6:2607:f8b0:400d:c0d::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 9A9EE3B2A4 for ; Sun, 7 Jan 2018 11:10:30 -0500 (EST) Received: by mail-qt0-x229.google.com with SMTP id r39so11054888qtr.13 for ; Sun, 07 Jan 2018 08:10:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Zw5bwgyeV3qq5QDLhRnBTTooR9t3hYYV0vA1D4K99zY=; b=tLVX2ZzcJk2a0Fa0Gyz6UmJ51VfgE2rHyBdBn0pnR7BNJHuHigdqq6DDylstl2c119 SI4K+dWgEssy+fFmua2Pm0aLYscifgQZiw1UdMe37ipH8UYqPm6x/YhW32BunZ0X9Cgx h6iGOzfKD1wwXnkIZV8sCmfcR9CNN1KRyhwC0cJ/x3XHXaVee7gAzM403+vFm/Z2ZzO4 sQw4/LJFEPEs4qQdOLZA9ZQguL5O7WHPCllh5KmvL8a1X2hvPWaymvb3oUOpVH3g8rcu 371UEnDn7cF/mGftLiNGsG2QV3pC1x19NFsxUYLKTcCPbawVn/1BRBYV12dxm9Fg9LN6 kBfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Zw5bwgyeV3qq5QDLhRnBTTooR9t3hYYV0vA1D4K99zY=; b=bdwQDnWUno0BIZtL9IhkwqsDMIvZGv+KNKwbuCXxKWD88kn1v9z7kkfcjIpzAYmBBE a/Z9T3/795K0Ue7JdpVcL5st+fN8KoaBH0dx1eUgfeaTv8QPNck+zUOmIA9YW83wmfRU HP2303wQr+26vA9rhc7WDxBcFCs2r61HVY8Pp2j6/jUXFNXSabtsrLsbcGsKnXDqmwPT 8562xdbRwjeEVtZhZK5yK/8KLJWr6a13rJWcpGQceX4DrjkRIEdfcVyX6bzB3PzEDUFz GFpYsyvhYLJiFlIP7XJ323QRGorRu2Hjlfx5zsIV153aijkXx5Tz17LoYnP9cvud5TV4 EZTg== X-Gm-Message-State: AKwxytd4BTfS1dsGp8KX6b7eYvb1C37iLjrKoB0vIW7FV76TCSp9drNA tgZ5ioiR6ZFnXKdHnJa5LwEvdWXydWEj0DAL8ng= X-Google-Smtp-Source: ACJfBou2x5nwc25XTiFYfR2sqSWgru0cRKcb1iFrGSEqCS/HXoWsUpprysSvUj8CnOfpvdF8fF87A5NcDxAASRl9iQI= X-Received: by 10.200.36.221 with SMTP id t29mr12449415qtt.141.1515341430132; Sun, 07 Jan 2018 08:10:30 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.193.93 with HTTP; Sun, 7 Jan 2018 08:10:28 -0800 (PST) In-Reply-To: References: From: Dave Taht Date: Sun, 7 Jan 2018 08:10:28 -0800 Message-ID: To: Outback Dingo Cc: cerowrt-devel@lists.bufferbloat.net Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [Cerowrt-devel] aarch64 exploit POC X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2018 16:10:30 -0000 On Sun, Jan 7, 2018 at 7:47 AM, Outback Dingo wrot= e: > OH hell... notifying all my "cohorts"...... thanks for the heads up Then go drinking. Aside from x86 arches (anyone have word on the x86 chip in the pcengines?), it looks like the mips chips simply were not advanced enough to have this level of speculation and out of order behavior. The turris omnia and a few other high end arm chips in this part of the embedded router space are also vulnerable (I'm hoping that the lede folk can compile a list) - but - if you can execute *any* malicious code as root on embedded boxes - which is usually the case - you've already won. The Mill, Itanium, MIPs, and older arms are ok. There are huge lists being assembled on wikipedia, reddit, and elsewhere. My own terror is primarily for stuff in the cloud. There IS a vendor renting time on bare metal in-expensively, which I'm considering. (example: https://www.packet.net/bare-metal/servers/type-2a/) Ironically all the bufferbloat.net services used to run on bare metal, until the competing lower costs of the cloud knocked isc.org out of the business. > > On Sun, Jan 7, 2018 at 10:15 AM, Dave Taht wrote: >> https://plus.google.com/+KristianK%C3%B6hntopp/posts/6CduVXSy6Kd >> >> There comes a time after coping with security holes nonstop for 5 days >> straight, when it is best to log off the internet entirely, stop >> thinking, drink lots of rum, and go surfing. >> >> Today is that day, for me. >> >> -- >> >> Dave T=C3=A4ht >> CEO, TekLibre, LLC >> http://www.teklibre.com >> Tel: 1-669-226-2619 >> _______________________________________________ >> Cerowrt-devel mailing list >> Cerowrt-devel@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/cerowrt-devel --=20 Dave T=C3=A4ht CEO, TekLibre, LLC http://www.teklibre.com Tel: 1-669-226-2619