[Cerowrt-devel] aarch64 exploit POC

Dave Taht dave.taht at gmail.com
Sun Jan 7 11:10:28 EST 2018


On Sun, Jan 7, 2018 at 7:47 AM, Outback Dingo <outbackdingo at gmail.com> wrote:
> OH hell...  notifying all my "cohorts"...... thanks for the heads up

Then go drinking.

Aside from x86 arches (anyone have word on the x86 chip in the
pcengines?), it looks like the mips chips simply were not advanced
enough to have this level of speculation and out of order behavior.

The turris omnia and a few other high end arm chips in this part of
the embedded router space are also vulnerable (I'm hoping that the
lede folk can compile a list) - but - if you can execute *any*
malicious code as root on embedded boxes - which is usually the case -
you've already won.

The Mill, Itanium, MIPs, and older arms are ok. There are huge lists
being assembled on wikipedia, reddit, and elsewhere.

My own terror is primarily for stuff in the cloud. There IS a vendor
renting time on bare metal in-expensively, which I'm considering.

(example: https://www.packet.net/bare-metal/servers/type-2a/)

Ironically all the bufferbloat.net services used to run on bare metal,
until the competing lower costs of the cloud knocked isc.org out of
the business.



>
> On Sun, Jan 7, 2018 at 10:15 AM, Dave Taht <dave.taht at gmail.com> wrote:
>> https://plus.google.com/+KristianK%C3%B6hntopp/posts/6CduVXSy6Kd
>>
>> There comes a time after coping with security holes nonstop for 5 days
>> straight, when it is best to log off the internet entirely, stop
>> thinking, drink lots of rum, and go surfing.
>>
>> Today is that day, for me.
>>
>> --
>>
>> Dave Täht
>> CEO, TekLibre, LLC
>> http://www.teklibre.com
>> Tel: 1-669-226-2619
>> _______________________________________________
>> Cerowrt-devel mailing list
>> Cerowrt-devel at lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-devel



-- 

Dave Täht
CEO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-669-226-2619


More information about the Cerowrt-devel mailing list