Disabling Spectre/Meltdown/Zombieload mitigation's (PLUGIN AVAILABLE)

[cybrnook]

16 hours ago, Squid said:

mitigations=off  Plugin updated a week or so ago to reflect this

Now just to get 6.8 RC out 🙂 ™

Edited October 10, 2019 by cybrnook
™

[cybrnook]

On 10/9/2019 at 8:33 PM, Squid said:

mitigations=off  Plugin updated a week or so ago to reflect this

Worked great without any need for modifications after the update to 6.8.0 RC1! Thanks Squid for running with this!

[cybrnook]

New Intel vulnerability found dubbed "Cache Out":

https://www.pcworld.com/article/3516302/new-cacheout-attack-targets-intel-processors-with-a-fix-arriving-soon.html

 

Intel Processors affected (Intel CPU Skylake/Cascade Lake onward. Broadwell and earlier are seemingly not affected). AMD seemingly not affected:

https://software.intel.com/security-software-guidance/insights/processors-affected-l1d-eviction-sampling

 

No mitigation created yet, so time will tell how it's addressed.

Edited January 28, 2020 by cybrnook

[duketwo]

Installed it and using it. But take care: by using a webbrowser (in a VM too) it's possible to leak senstive data. Javascript attacks do exist. Browsers have their own prevention mechanisms, which might not be enough in every case.

Edited July 18, 2021 by duketwo

[unrateable]

1 hour ago, duketwo said:

Installed it and using it. But take care: by using a webbrowser (in a VM too) it's possible to leak senstive data. Javascript attacks do exist. Browsers have their own prevention mechanisms, which might not be enough in every case.

 

can you give an example where such VM Browser Leak is / was exploited and what data is being compromised (random temporary host dram bits / cpu cache fragments?) ?

Is that really a serious threat with a modern and updated browser I must worry ?