From: Outback Dingo <outbackdingo@gmail.com>
To: Dave Taht <dave.taht@gmail.com>
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] aarch64 exploit POC
Date: Sun, 7 Jan 2018 11:21:34 -0500 [thread overview]
Message-ID: <CAKYr3zydSZB3-_dL46T0_qwtkSa=ZRmPP3kuaB+JOCcWmPrtbw@mail.gmail.com> (raw)
In-Reply-To: <CAA93jw6JQs+rwTPWC2kfQqY1YsYhffSFJbVkkSgYBnj74t=tnw@mail.gmail.com>
yes but i would think you would post it to the LEDE / OpenWRT lists also
On Sun, Jan 7, 2018 at 11:10 AM, Dave Taht <dave.taht@gmail.com> wrote:
> On Sun, Jan 7, 2018 at 7:47 AM, Outback Dingo <outbackdingo@gmail.com> wrote:
>> OH hell... notifying all my "cohorts"...... thanks for the heads up
>
> Then go drinking.
>
> Aside from x86 arches (anyone have word on the x86 chip in the
> pcengines?), it looks like the mips chips simply were not advanced
> enough to have this level of speculation and out of order behavior.
>
> The turris omnia and a few other high end arm chips in this part of
> the embedded router space are also vulnerable (I'm hoping that the
> lede folk can compile a list) - but - if you can execute *any*
> malicious code as root on embedded boxes - which is usually the case -
> you've already won.
>
> The Mill, Itanium, MIPs, and older arms are ok. There are huge lists
> being assembled on wikipedia, reddit, and elsewhere.
>
> My own terror is primarily for stuff in the cloud. There IS a vendor
> renting time on bare metal in-expensively, which I'm considering.
>
> (example: https://www.packet.net/bare-metal/servers/type-2a/)
>
> Ironically all the bufferbloat.net services used to run on bare metal,
> until the competing lower costs of the cloud knocked isc.org out of
> the business.
>
>
>
>>
>> On Sun, Jan 7, 2018 at 10:15 AM, Dave Taht <dave.taht@gmail.com> wrote:
>>> https://plus.google.com/+KristianK%C3%B6hntopp/posts/6CduVXSy6Kd
>>>
>>> There comes a time after coping with security holes nonstop for 5 days
>>> straight, when it is best to log off the internet entirely, stop
>>> thinking, drink lots of rum, and go surfing.
>>>
>>> Today is that day, for me.
>>>
>>> --
>>>
>>> Dave Täht
>>> CEO, TekLibre, LLC
>>> http://www.teklibre.com
>>> Tel: 1-669-226-2619
>>> _______________________________________________
>>> Cerowrt-devel mailing list
>>> Cerowrt-devel@lists.bufferbloat.net
>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>
>
> --
>
> Dave Täht
> CEO, TekLibre, LLC
> http://www.teklibre.com
> Tel: 1-669-226-2619
next prev parent reply other threads:[~2018-01-07 16:22 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-07 15:15 Dave Taht
2018-01-07 15:47 ` Outback Dingo
2018-01-07 16:10 ` Dave Taht
2018-01-07 16:21 ` Outback Dingo [this message]
2018-01-07 16:46 ` Dave Taht
2018-01-07 16:22 ` Jonathan Morton
2018-01-07 19:03 dpreed
2018-01-08 15:49 ` Dave Taht
2018-01-08 15:57 ` Jonathan Morton
2018-01-09 18:19 ` Dave Taht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKYr3zydSZB3-_dL46T0_qwtkSa=ZRmPP3kuaB+JOCcWmPrtbw@mail.gmail.com' \
--to=outbackdingo@gmail.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=dave.taht@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox