Einschränkung der Auswahl
Alle Artikel aus
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2008/2009
oder nur Artikel des
• Entwickler Magazin aus
2019
2018
2017
2016
2015
2014
2013
2012
2011
2008-2010
alle (lang!)
• Mobile Technology aus
2019
2016
2015
2014
2012/2013
alle (lang!)
• PHP Magazin / PHP User aus
2019
2018
2017
2016
2015
2014
2013
2012
2011
2009/2010
alle (lang!)
• windows.developer / dot.Net Magazin aus
2019
2018
2017
2016
2015
2014
2013
2012
2008-2011
alle (lang!)
• oder der anderen Magazine
Neue Gefahren für die CPU
Meltdown und Spectre eröffnen eine neue Klasse von Angriffen
Im
Windows Developer 4.18
ist ein Artikel über Meltdown und Spectre erschienen. Diese Angriffe
auf bzw. über die CPU eröffnen eine ganz neue Klasse von
Angriffen.
Links
- [1] Meltdown
- [2] Spectre
- [3] Matt Linton, Pat Parseghia; Google Security Blog: "Today's CPU vulnerability: what you need to know"
- [4] Jann Horn; Project Zero Blog: "Reading privileged memory with a side-channel"
- [5] CVE-2017-5753
- [6] CVE-2017-5715
- [7] CVE-2017-5754
- [8] Carsten Eilers: "2014 - Das Jahr, in dem die Schwachstellen Namen bekamen"
- [9] Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom: "Spectre Attacks: Exploiting Speculative Execution"
(PDF)
- [10] Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg: "Meltdown"
(PDF)
- [11] Jacek Galowicz; Cyberus Technology: "Meltdown"
- [12] Mozilla Foundation Security Advisory 2018-01 - Speculative execution side-channel attack ("Spectre")
- [13] Anders Fogh, Cyber.WTF: "Negative Result: Reading Kernel Memory From User Mode"
- [14] Fefe: "Endlich verbreitet auch mal ein Einsender Hoffnung bezüglich Meltdown"
- [15] Pavel Boldin, YouTube: "Meltdown Reading Other process's memory "
- [16] Michael Schwarz, YouTube: "Reconstructing a photo with Meltdown"
- [17] GitHub: IAIK/meltdown
- [18] Intel Newsroom: "Intel Responds to Security Research Findings"
- [19] Ashraf Eassa; The Motley Fool: "Intel's CEO Just Sold a Lot of Stock"
- [20] Intel: "Side-Channel Analysis Facts and Intel® Products"
- [21] Intel: "Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method"
- [22] Intel: "Intel Analysis of Speculative Execution Side Channels"
(PDF)
- [23] Brian Krzanich: "Intel's Security-First Pledge"
- [24] Navin Shenoy, Intel: "Firmware Updates and Initial Performance Data for Data Center Systems"
- [25] ARM Processor Security Update: "Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism"
- [26] Richard Grisenthwaite; ARM Whitepaper: "Cache Speculation Side-channels"
- [27] AMD Processor Security: "AMD Processors: Google Project Zero, Spectre and Meltdown - An Update on AMD Processor Security"
- [28] IBM PSIRT Blog: "Potential Impact on Processors in the POWER family"
- [29] IBM PSIRT Blog: "Potential CPU Security Issue"
- [30] Fujitsu: "Side-Channel Analysis Method Security Review – List of affected FUJITSU Products"
(PDF)
- [31] Jordan Novet, CNBC: "Qualcomm is working to fix chip security holes similar to those that hurt Intel"
- [32] Microsoft: "ADV180002 ¦ Guidance to mitigate speculative execution side-channel vulnerabilities"
- [33] Microsoft: "Important: Windows security updates released January 3, 2018, and antivirus software"
- [34] Microsoft: "Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities"
- [35] Microsoft: "Windows Server guidance to protect against speculative execution side-channel vulnerabilities"
- [36] Microsoft Edge Team: "Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer"
- [37] Andrew Pardoe [MSFT]; Visual C++ Team Blog: "Spectre mitigations in MSVC"
- [38] Chromium Security: "Site Isolation"
- [39] Chromium Security: "Actions required to mitigate Speculative Side-Channel Attack techniques"
- [40] Luke Wagner; Mozilla Security Blog: "Mitigations landing for new class of timing attack"
- [41] Android Security Bulletin January 2018
- [42] Apple: "About speculative execution vulnerabilities in ARM-based and Intel CPUs"
- [43] GitHub: IAIK/KAISER: "Kernel Address Isolation to have Side-channels Efficiently Removed"
- [44] KAISER: hiding the kernel from user space
- [45] Jonathan Corbet; LWN.net: "Addressing Meltdown and Spectre in the kernel"
- [46] Greg Kroah-Hartman; Linux Kernel Monkey Log: "Meltdown and Spectre Linux Kernel Status"
- [47] Microsoft Azure Blog: "Securing Azure customers from CPU vulnerability"
- [48] Microsoft: "Guidance for mitigating speculative execution side-channel vulnerabilities in Azure"
- [49] Amazon: "Processor Speculative Execution Research Disclosure"
- [50] Amazon: "Processor Speculative Execution – Operating System Updates"
- [51] Ben Treynor Sloss; Google: "Protecting our Google Cloud customers from new vulnerabilities without impacting performance"
- [52] Paul Turner; Google: "Retpoline: a software construct for preventing branch-target-injection"
- [53] Ben Treynor Sloss; Google: "What Google Cloud, G Suite and Chrome customers need to know about the industry-wide CPU vulnerability"
- [54] Matt Linton, Pat Parseghian; Google Security Blog: "More details about mitigations for the CPU Speculative Execution issue"
- [55] Xen Advisory XSA-254: "Information leak via side effects of speculative execution"
- [56] Xen Project Spectre/Meltdown FAQ
- [57] VMSA-2018-0002: "VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution"
- [58] VMSA-2018-0004: "VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue"
- [59] VMware: "VMware Response to Speculative Execution security issues, CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 (aka Spectre and Meltdown) (52245)"
- [60] VMware Security & Compliance Blog: "VMSA-2018-0002 and VMSA-2018-0004"
- [61] Paolo Bonzini, Eduardo Habkost; QEMU: "QEMU and the Spectre and Meltdown attacks"
- [62] Navin Shenoy; Intel: "Intel Security Issue Update: Initial Performance Data Results for Client Systems"
- [63] Terry Myerson; Microsoft Secure Blog: "Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems"
- [64] Red Hat Knwoledgebase: "Speculative Execution Exploit Performance Impacts - Describing the performance impacts to security patches for CVE-2017-5754 CVE-2017-5753 and CVE-2017-5715"
- [65] Mike Heffner; SolarWinds AppOptics: "Visualizing Meltdown on AWS"
- [66] Ian Chan, @chanian auf Twitter: "The #Meltdown patch (presumably) being applied to the underlying AWS EC2 hypervisor on some of our production Kafka brokers ..."
- [67] Epic: "Epic Services & Stability Update"
- [68] Meltdown und Spectre Website, Abschnitt "Can I see Meltdown in action?"
- [69] Ralf Benzmüller, Anders Fogh; G Data Security Blog: "Interview mit Anders Fogh: Auf Tuchfühlung mit "Spectre" und "Meltdown""
- [70] Anders Fogh; cyber.wtf: "Behind the scenes of a bug collision"