Einschränkung der Auswahl
Alle Artikel aus
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2008/2009
oder nur Artikel des
• Entwickler Magazin aus
2019
2018
2017
2016
2015
2014
2013
2012
2011
2008-2010
alle (lang!)
• Mobile Technology aus
2019
2016
2015
2014
2012/2013
alle (lang!)
• PHP Magazin / PHP User aus
2019
2018
2017
2016
2015
2014
2013
2012
2011
2009/2010
alle (lang!)
• windows.developer / dot.Net Magazin aus
2019
2018
2017
2016
2015
2014
2013
2012
2008-2011
alle (lang!)
• oder der anderen Magazine
CPU-Schwachstellen im Überblick
Sind Spectre und Meltdown nur die Spitze des Eisbergs?
Im
Windows Developer 3.19
ist ein Artikel über CPU-Schwachstellen erschienen. Spectre und
Meltdown sind zwar die bekanntesten, aber leider nicht die einzigen.
Links
- [1] Eilers, Carsten: "Neue Gefahren für die CPU", Windows Developer 4.2018
- [2] Meltdown
- [3] Spectre
- [4] CVE-2017-5753
- [5] Kocher, Paul; Genkin, Daniel; Gruss, Daniel; Haas, Werner; Hamburg, Mike; Lipp, Moritz; Mangard, Stefan; Prescher, Thomas; Schwarz, Michael; Yarom, Yuval: "Spectre Attacks: Exploiting Speculative Execution"
(PDF)
- [6] CVE-2017-5715
- [7] CVE-2017-5754
- [8] Lipp, Moritz; Schwarz, Michael; Gruss, Daniel; Prescher, Thomas; Haas, Werner; Mangard, Stefan; Kocher, Paul; Genkin, Daniel; Yarom, Yuval; Hamburg, Mike: "Meltdown"
(PDF)
- [9] Galowicz, Jacek; Cyberus Technology: "Meltdown"
- [10] Fogh, Anders; Cyber.WTF: "Negative Result: Reading Kernel Memory From User Mode"
- [11] AV-TEST GmbH (@avtestorg) auf Twitter: "[UPDATE: 2018-02-01] #Spectre & #Meltdown: So far, the AV-TEST Institute discovered 139 samples ..."
- [12] Chen, Guoxing; Chen, Sanchuan; Xiao, Yuan; Zhang, Yinqian; Lin, Zhiqiang; Lai, Ten H.: "SgxPectre Attacks: Stealing Intel Secrets from SGX Enclaves via Speculative Execution"
- [13] O'Keeffe, Dan; Muthukumaran, Divya; Aublin, Pierre-Louis; Kelbert, Florian; Priebe, Christian; Lind, Josh; Zhu, Huanzhou; Pietzuch, Peter: "SGXSpectre"
- [14] Trippel, Caroline; Lustig, Daniel; Martonosi, Margaret: "MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols"
- [15] Krzanich, Brian; Intel: "Advancing Security at the Silicon Level"
- [16] Intel: "Microcode Revision Guidance, April 2 2018"
(PDF)
- [17] Chrome Releases: Stable Channel Update for Desktop; Tuesday, May 29, 2018
- [18] The Chromium Projects: "Chromium > Chromium Security > Site Isolation"
- [19] Hadad, Noam; Afek, Jonathan; Aleph Security: "Overcoming (some) Spectre browser mitigations"
- [20] Torvalds, Linus; Linux-Kernel Majordomo List: "STIBP by default.. Revert?" ff.
- [21] Torvalds, Linus; kernel/git/torvalds/linux.git: "Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip"
- [22] AMDFLAWS - Severe Security Advisory on AMD Processors
- [23] Papermaster, Mark; AMD Corporate Blog: "Initial AMD Technical Assessment of CTS Labs Research"
- [24] CVE-2018-8930
- [25] CVE-2018-8931
- [26] CVE-2018-8932
- [27] CVE-2018-8933
- [28] CVE-2018-8934
- [29] CVE-2018-8935
- [30] CVE-2018-8936
- [31] Schmidt, Jürgen; c't: "Super-GAU für Intel: Weitere Spectre-Lücken im Anflug"
- [32] CVE-2018-3639
- [33] Intel Security Advisory INTEL-SA-00115 - "Q2 2018 Speculative Execution Side Channel Update"
- [34] Microsoft Security Advisory ADV180012 - "Microsoft Guidance for Speculative Store Bypass"
- [35] CVE-2018-3640
- [36] Microsoft Security Advisory ADV180013 - "Microsoft Guidance for Rogue System Register Read"
- [37] CVE-2018-3665
- [38] Intel Security Advisory INTEL-SA-00145 - "Lazy FP state restore"
- [39] Microsoft Security Advisory ADV180016 - "Microsoft Guidance for Lazy FP State Restore"
- [40] CVE-2018-3693
- [41] Intel Security Advisory INTEL-OSS-10002 - "Speculative Execution Branch Prediction Side Channel and Branch Prediction Analysis Method"
- [42] Microsoft Security Advisory ADV180002 - "Guidance to mitigate speculative execution side-channel vulnerabilities"
- [43] Kiriansky, Vladimir; Waldspurger, Carl: "Speculative Buffer Overflows: Attacks and Defenses"
(PDF)
- [44] CVE-2018-3615
- [45] Foreshadow: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution
- [46] Intel Security Advisory INTEL-SA-00161: "Q3 2018 Speculative Execution Side Channel Update"
- [47] CVE-2018-3620
- [48] CVE-2018-3646
- [49] Eilers, Carsten: "Alles nur (ge)Cloud?"; Windows Developer 10.18
- [50] Torvalds, Linus; kernel/git/torvalds/linux.git: "Merge branch 'l1tf-final' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip"
- [51] Microsoft: August 14, 2018—KB4343900 (Monthly Rollup)
- [52] Williams, Chris; The Register: "Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about"
- [53] Gras, Ben; Black Hat USA 2018: "TLBleed: When Protecting Your CPU Caches is Not Enough"
- [54] Schwarz, Michael; Schwarzl, Martin; Lipp, Moritz; Gruss; Daniel: "NetSpectre: Read Arbitrary Memory over Network"
- [55] Maisuradze, Giorgi; Rossow, Christian: "ret2spec: Speculative Execution Using Return Stack Bu ers"
(PDF)
- [56] Koruyeh, Esmaeil Mohammadian; Khasawneh, Khaled; Song, Chengyu; Abu-Ghazaleh, Nael: "Spectre Returns! Speculation Attacks using the Return Stack Buffer"
- [57] Mambretti, Andrea; Neugschwandtner, Matthias; Sorniotti, Alessandro; Kirda, Engin; Robertson, William; Kurmus, Anil: "Let’s Not Speculate: Discovering and Analyzing Speculative Execution Attacks"
- [58] Aldaya, Alejandro Cabrera; Brumley, Billy Bob; ul Hassan, Sohaib; García, Cesar Pereida; Tuveri, Nicola: "Port Contention for Fun and Profit"
- [59] GitHub: bbbrumley/portsmash (Proof-of-Concept für PortSmash)
- [60] CVE-2018-5407
- [61] Canella, Claudio; Van Bulck, Jo; Schwarz, Michael; Lipp, Moritz; von Berg, Benjamin; Ortner, Philipp; Piessens, Frank; Evtyushkin, Dmitry; Gruss, Daniel: "A Systematic Evaluation of Transient Execution Attacks and Defenses"
- [62] Goryachy, Maxim; Ermolov, Mark; Black Hat Asia 2019: "Intel VISA: Through the Rabbit Hole"
- [63] Eilers, Carsten: "Angriffsziel Firmware"; Windows Developer 5.2018 und
auf entwickler.de
- [64] Kollenda, Benjamin; Koppe, Philipp; 35C3: "Lecture: Inside the AMD Microcode ROM"
(Medien)