Profile picture
Colin Percival @cperciva
, 12 tweets, 2 min read Read on Twitter
So about that "Lazy FPU" vulnerability (CVE-2018-3665)... this probably ought to be a blog post, but the embargo just ended and I think it's important to get some details out quickly.
This affects recent Intel CPUs. It might affect non-Intel CPUs but I have no evidence of that. It is an information leak caused by speculative execution, affecting operating systems which use "lazy FPU context switching".
The impact of this bug is disclosure of the contents of FPU/MMX/SSE/AVX registers. This is very bad because AES encryption keys almost always end up in SSE registers.
You need to be able to execute code on the same CPU as the target process in order to steal cryptographic keys this way. You also need to perform a specific sequence of operations before the CPU pipeline completes, so there's a narrow window for execution.
I'm not going to say that it's *impossible* that this could be executed via a web browser or a similarly "quasi-remote" attack, but it's much harder than Meltdown was.
I was not part of the coordinated disclosure process for this vulnerability. I became aware of this issue after attending a session organized by Theo de Raadt at @BSDCan. It took me about 5 hours to write a working exploit based on the details he announced.
Theo says that he was not under NDA and was not part of the coordinated disclosure process. I believe him. However, there were details which he knew and attributed to "rumours" which very clearly came from someone who was part of the embargo.
My understanding is that the original disclosure date for this was some time in late July or early August. After I wrote an exploit for this, I contacted the embargoed people to say "look, if I can do this in five hours, other people can too; you can't wait that long".
While I have exploit code and it is being circulated among some of the relevant security teams, I'm not going to publish it yet; the purpose was to convince the relevant people that they couldn't afford to wait, and that purpose has been achieved.
I know from the years that I spent as FreeBSD security officer that it takes some time to get patches out, and my goal is to make the world more secure, not less. But after everybody has had time to push their patches out I'll release the exploit code to help future researchers.
I think that's everything I need to say about this vulnerability right now. Happy to answer questions, but I'm not part of the FreeBSD security team and don't have any inside knowledge here -- FreeBSD takes embargoes seriously and they didn't share anything with me. </thread>
One more thing, some advisories are going out giving me credit for co-discovering this. I didn't; I just reproduced it and wrote exploit code after all the important details leaked.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Colin Percival
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related threads

Profile picture
(1)QARMY🕵So you #think the #QArmy is just a bunch of #people sitting at the #computer doing nothing?

You dont think of us as #DigitalSoldiers?

Do you think we are wasting our #time and not doing anything to help?

If so then please keep reading this #Thread

⬇READ ALL or 🤐⬇
(2)🕵The first thing you have to understand is the #RippleEffect. When you find a #Fact, you share it. Now the #information has a starting point. Everyone is a starting point for someone.

👥 👥
👥👥 👥👥
👥👥🕵👥👥
👥👥👥👥
👥👥

We think #info is important!⬇
(3)🕵It can take a very long time to find all the facts about something. Hours and hours of digging.

#Imagine if you were being told #lies about everything going on and no one was willing to take time out of their day to #find the #Truth. No #Opposition! No one watching them!⬇
Read 16 tweets
Profile picture
So, from what I read about Tumblr's upcoming adult content ban, IF it's enforced exactly as written and not expanded:

1. Fandom will be mostly okay. Text is not covered, nor drawings that don't depict sex.
2. It will severely impact sex workers.
3. It will affect porn reposters
The IF is in caps because it's a big IF. They are handling this stuff by algorithm and expecting content that gets flagged wrongly to be appealed, so I suspect they are going to cast a very wide net.
The blog post that announced the policy changes admits that actually moderating this kind of content and sorting out the fine nuances is not something that can be done at scale.
Read 5 tweets
Profile picture
This post is pretty bizarre, but it manages to hit on so many false beliefs that I've seen hurt junior data scientists that it deserves some explicit corrections:
nanx.me/blog/post/why-…
(1) The notion that R is well-suited to "building web applications" seems totally out of left field. I don't feel like most R loyalists think this is a good idea, but it's worth calling out that no normal company will be glad you wrote your entire web app in R.
(2) It is true that Python had some issues historically with the 2-to-3 transition, but it's not such a big deal these days. On the flip side, I have found interesting R code that doesn't run in modern R interpreters because of changes in core operations (e.g. assignment syntax).
Read 13 tweets
Profile picture
So, here’s a thing that has happened – I just got fired from Marvel. Taken off issues 4 and 5 of SHADOW OF VADER, and taken off an as-yet-unannounced SW book.

This might be a long thread, so apologies in advance.
(I hesitate to talk about this, because honestly, it gives the Worst Possible People a win, something they’ve wanted for a while. But I also feel like I’ve long held to honesty and forthrightness, and I don’t feel like lying when people realize I’m not on these books anymore.)
To rewind a little bit, when SW: AFTERMATH came out, I assume most know but maybe you don’t, I put some ahh, elements in there (LGBT characters) that were not received well by a certain subset of fandom.
Read 33 tweets
Profile picture
1) I ran this poll for the past 24 hrs, and here are the results. That said, I am going to put together another quick poll (next tweet), to narrow down whether we want audio, article, or both. Please vote and retweet. 🙏
2) I will be preparing information on Hunting the Hunters: how to dig and use critical analysis, every week or two. Please vote on which you prefer, and retweet:
3) Some people are concerned if I do this that it will take away from my digging and exposing time. These will be relatively short and every 1-2 weeks, so it will not interfere. I think it's important to have more diggers out there exposing corrupt. It's time well spent. 👊
Read 5 tweets
Profile picture
As promised, here's a short introduction to #BlackFinnishHistory
First, keep in mind that at present there is no book or course on Black Finnish (or Afro-Finnish/African Finnish) history for me to refer to. There's info out there but it hasn't been pieced together into a clear timeline.
While still part of Sweden, Finns were as engaged in colonialism as their peers during the 1600s and were present at col.settlements in the US, trade posts in West Africa. In all likelihood, Finns were involved in slavery and thus with slaves, but there are no clear records.
Read 49 tweets

Trending hashtags

#HotStuff #PeakTV #mic #masterpiece #info #BeachFriends #suukot #LeonardNimoy #ElvisCostello #Kodos #ItIsLegal #Important #BehindTheLaughter #BlueHairedLawyer #MeepMeep #Think #WereSendingOurLoveDowntheWell #Esquilax #ThanQ #BowlingInstructor #MyWifeandMyDeadWife #OBeNice #DrGonzo #PaulMcCartney #History

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!