Meltdown & Spectre

By Sam​
Vendor Responses
​ARM​
​nvidia​
​AMD​
​Intel​
​Genode​
OS Responses
Microsoft
​Windows security updates released January 3 2018 and antivirus software​
​Microsoft Intel CPU Vulnerabilities Live Broadcast Meeting​
​freebsd​
​QubesOS​
​redhat​
Browser Responses
​Edge & Internet Explorer​
​Firefox​
​Chromium​
​Webkit​
Infrastructure Responses
​online.net​
​Elastic​
​Wickr​
Explainers
​https://blog.cloudflare.com/meltdown-spectre-non-technical/​
​https://danielmiessler.com/blog/simple-explanation-difference-meltdown-spectre/​
​https://twitter.com/gsuberland/status/948907452786933762​
​https://www.crowdstrike.com/blog/chip-flaws-spectre-and-meltdown-are-actually-three-vulnerabilities-and-proving-hard-to-mitigate/​
​https://blog.rapid7.com/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/​
Performance Impact
​PCID is now a critical performance/security feature on x86​
​Microsoft - Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems​
​Measuring OS X Meltdown Patches Performance​
Detection
​Endgame​
​capsule8​
Proof of Concept
​https://github.com/mniip/spectre-meltdown-poc​
​https://gist.github.com/rootkea/ba370a3c81122030510cfe92cdc5c4a2​
​https://github.com/IAIK/meltdown​
Press Coverage
​NYT - Researchers Discover Two Major Flaws in the World’s Computers​
​threatpost - Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts​
​Wired - Triple Meltdown: How so many researchers found a 20-year-old chip flaw at the same time​
​Bloomberg - ‘It Can’t Be True.’ Inside the Semiconductor Industry’s Meltdown​
​techcrunch - How Tier 2 cloud vendors banded together to cope with Spectre and Meltdown​
​Arstechnica - Here’s how, and why, the Spectre and Meltdown patches will hurt performance​
​El Reg - IBM melts down fixing Meltdown as processes and patches stutter​
Other (Uncategorised)
​https://lwn.net/Articles/742702/​
​https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html​
​https://github.com/hannob/meltdownspectre-patches​
​https://www.ncsc.gov.uk/guidance/meltdown-and-spectre-guidance​
​https://medium.com/@pwnallthethings/time-travelling-exploits-with-meltdown-1189548f1e1d​
​https://www.renditioninfosec.com/2018/01/meltdown-and-spectre-vulnerability-slides/​
​https://github.com/marcan/speculation-bugs/blob/master/README.md​
​https://www.peerlyst.com/posts/a-collection-of-links-to-pdfs-of-papers-on-micro-architectural-side-channel-attacks-sorted-by-date-paul-harvey​
​https://lwn.net/Articles/742999/​
​https://www.renditioninfosec.com/2018/01/meltdown-and-sceptre-enterprise-action-plan/​
​https://plus.google.com/+KristianK%C3%B6hntopp/posts/Ep26AoAZxxd​
​https://github.com/lattera/articles/blob/master/infosec/Vulnerabilities/2018-01-05_Meltdown_Spectre/article.md​
​https://gist.github.com/woachk/2f86755260f2fee1baf71c90cd6533e9​
​https://isc.sans.edu/diary/23197​
​http://kroah.com/log/blog/2018/01/06/meltdown-status/​
​https://medium.com/@sekuryti/meltdown-more-like-letdown-433926f8d743​
​https://randomascii.wordpress.com/2018/01/07/finding-a-cpu-design-bug-in-the-xbox-360/​
​https://github.com/lgeek/spec_poc_arm​
​https://doublepulsar.com/important-information-about-microsoft-meltdown-cpu-security-fixes-antivirus-vendors-and-you-a852ba0292ec​
​http://xlab.tencent.com/special/spectre/spectre_check.html​
​https://bugs.chromium.org/p/project-zero/issues/detail?id=1272​
​https://github.com/m8urnett/Windows-Spectre-Meltdown-Mitigations​
​https://www.enisa.europa.eu/publications/info-notes/meltdown-and-spectre-critical-processor-vulnerabilities​
​https://xorl.wordpress.com/2018/01/10/thoughts-on-meltdown-spectre/​
​https://www.reddit.com/r/networking/comments/7o4y40/meltdownspectre_vulnerability_tracker/​
​https://www.gdatasoftware.com/blog/2018/01/30333-inside-meltdown-spectre​

Meetups

Movies

Last modified 9mo ago

Copy link

Contents

Vendor Responses

OS Responses

Browser Responses

Infrastructure Responses

Other (Uncategorised)