ZombieLoad Attack: Intel Screws You... Again!

[grarpamp]

https://zombieloadattack.com/
https://zombieloadattack.com/zombieload.pdf
https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html
https://github.com/IAIK/ZombieLoad
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130
https://www.youtube.com/watch?v=wQvgyChrk_g

ZombieLoad Attack
Watch out! Your processor resurrects your private browsing-history and
other sensitive data.
After Meltdown, Spectre, and Foreshadow, we discovered more critical
vulnerabilities in modern processors. The ZombieLoad attack allows
stealing sensitive data and keys while the computer accesses them.
While programs normally only see their own data, a malicious program
can exploit the fill buffers to get hold of secrets currently
processed by other running programs. These secrets can be user-level
secrets, such as browser history, website content, user keys, and
passwords, or system-level secrets, such as disk encryption keys.
The attack does not only work on personal computers but can also be
exploited in the cloud.
We verified the ZombieLoad attack on Intel processor generations
released from 2011 onwards.
ZombieLoad in Action
In our demo, we show how an attacker can monitor the websites the
victim is visiting despite using the privacy-protecting Tor browser in
a virtual machine.


Mitre - Date Entry Created: 20180611
As usual, news apparently held back for exploit by anyone,
including their NSA friends... for AGES.


"
2.  Neither the name of Intel Corporation nor the names of its suppliers may
    be used to endorse or promote products derived from this software without
    specific prior written permission.
3.  No reverse engineering, decompilation, or disassembly of this software
    is permitted.
"

Because they suck, that's why.


Anybody starting up #OpenFabs printing #OpenHW yet?

Till then all ur crypto... is not.

Remember kidz, hacking bad, lulz ;)