Discover and read the best of Twitter Threads about #Foreshadow

Most recents (3)

Profile picture
Elizabeth Spring
@ESWarriorPoet
I want to start a new thread story. Not sure how long it will be and I may use different prompts: #vss365 #vssmagic #vssnature etc etc ... I love reading about legends and folk lore, and in my fantasy writing I often create my own myths. So this will be just a fun exercise...
According to #lore &myths of old,griffins nestled on these cliffs long ago. They swooped down on the unsuspecting;carried them off never to be seen again.
Griffins were not elemental creatures,but air & earth did have dominion over them; their only enemy -fire.
#vss365 #vssmagic
"I helped your troupe avoid #shadow and #gore," said the dark wizard simply, implying that he saved us from the mythical griffins. I gaped at him. "And now for what you promised."

"No," I was careful not to get trapped in words, "I said: after you summon her."
#vss365 #vssmagic
Read 132 tweets
Profile picture
Daniel Gruss
@lavados
Speculative Side-Channel Attacks is misleading terminology and usually used incorrectly. We should all avoid using it and @intel, you should avoid using it too. Not only because it is misleading, but because it hinders successful communication on mitigations.
Let me elaborate:
A side-channel attack uses measurements of side effects to gather enough *meta data* (power consumption, runtime, cache state, etc) to *infer* secret information.
#meltdown #spectre #zombieload and related attacks and variants do not leak meta data. They leak the actual data.
There is no need to infer secret information from meta data, there is no meta data involved. Hence, they are *no side-channel attacks*.

"But they use flush+reload". Sure, but that doesn't make the attack a side-channel attack. Let's assume the following:
Read 11 tweets
Profile picture
Jan Schaumann
@jschauma
Secure co-tenancy in VM hosting is a myth. Arbitrary host RAM leak via speculative side channel: xenbits.xen.org/xsa/advisory-2… intel.com/content/www/us… CVE-2018-3615 CVE-2018-3620
RedHat has a good write-up on this L1TF vulnerability: access.redhat.com/security/vulne…

Apparently aka “Foreshadow”, because branded vuln: foreshadowattack.eu
Additional #foreshadow / #L1TF links:
Wired: wired.com/story/foreshad…
Intel: newsroom.intel.com/editorials/pro…
MS Azure: docs.microsoft.com/en-us/azure/vi…
Google Cloud: cloud.google.com/blog/products/…
VMWare: blogs.vmware.com/security/2018/…
Microsoft: blogs.technet.microsoft.com/srd/2018/08/14…
Read 3 tweets

Related hashtags

#avalanche #hops #treacherous #disguise #fret #vssmagic #obtuse #alight #blackbird #choir #spook #xylem #seek #saltpeter #BlackDahliaProse #dawn #relentless #carbon #decay #wind #ancient #lore #hurt #vss365

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!