[Cerowrt-devel] aarch64 exploit POC
Dave Taht
dave.taht at gmail.com
Sun Jan 7 11:46:24 EST 2018
On Sun, Jan 7, 2018 at 8:21 AM, Outback Dingo <outbackdingo at gmail.com> wrote:
> yes but i would think you would post it to the LEDE / OpenWRT lists also
I'm not reading that email account of mine at the moment, and I'd hope
folk over there are already all over this.
I only logged in long enough to send out a happy new year to everyone.
I was prepping to spend a few days
finishing up the netem patches and maybe trying to submit cake again
before the submission window closed, and then I made the mistake of
inferring what the KPTI patches actually meant, and then this all
happened.
I'd like my vacation back, please.
> On Sun, Jan 7, 2018 at 11:10 AM, Dave Taht <dave.taht at gmail.com> wrote:
>> On Sun, Jan 7, 2018 at 7:47 AM, Outback Dingo <outbackdingo at gmail.com> wrote:
>>> OH hell... notifying all my "cohorts"...... thanks for the heads up
>>
>> Then go drinking.
>>
>> Aside from x86 arches (anyone have word on the x86 chip in the
>> pcengines?), it looks like the mips chips simply were not advanced
>> enough to have this level of speculation and out of order behavior.
>>
>> The turris omnia and a few other high end arm chips in this part of
>> the embedded router space are also vulnerable (I'm hoping that the
>> lede folk can compile a list) - but - if you can execute *any*
>> malicious code as root on embedded boxes - which is usually the case -
>> you've already won.
>>
>> The Mill, Itanium, MIPs, and older arms are ok. There are huge lists
>> being assembled on wikipedia, reddit, and elsewhere.
>>
>> My own terror is primarily for stuff in the cloud. There IS a vendor
>> renting time on bare metal in-expensively, which I'm considering.
>>
>> (example: https://www.packet.net/bare-metal/servers/type-2a/)
>>
>> Ironically all the bufferbloat.net services used to run on bare metal,
>> until the competing lower costs of the cloud knocked isc.org out of
>> the business.
>>
>>
>>
>>>
>>> On Sun, Jan 7, 2018 at 10:15 AM, Dave Taht <dave.taht at gmail.com> wrote:
>>>> https://plus.google.com/+KristianK%C3%B6hntopp/posts/6CduVXSy6Kd
>>>>
>>>> There comes a time after coping with security holes nonstop for 5 days
>>>> straight, when it is best to log off the internet entirely, stop
>>>> thinking, drink lots of rum, and go surfing.
>>>>
>>>> Today is that day, for me.
>>>>
>>>> --
>>>>
>>>> Dave Täht
>>>> CEO, TekLibre, LLC
>>>> http://www.teklibre.com
>>>> Tel: 1-669-226-2619
>>>> _______________________________________________
>>>> Cerowrt-devel mailing list
>>>> Cerowrt-devel at lists.bufferbloat.net
>>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>>
>>
>>
>> --
>>
>> Dave Täht
>> CEO, TekLibre, LLC
>> http://www.teklibre.com
>> Tel: 1-669-226-2619
--
Dave Täht
CEO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-669-226-2619
More information about the Cerowrt-devel
mailing list