01-02-2018
11:05 PM
- last edited on
03-06-2024
09:57 PM
by
ROGBot
01-14-2018 10:24 AM
karserasl wrote:
User interaction? Access locally? LOOOOOOLL!
https://repl.it/repls/DeliriousGreenOxpecker
Check it out if you didnt patch your BIOS. Its a small test reading your WHOLE chrome session from memory. (OK not whole session, its a test. It will output "The Magic Words are Squeamish Ossifrage." from memory vertically)
So that means, you went to bank account and login, and then just came across this small js, which could be ANYWHERE, in ads, in iframes anywhere, and your bank account is stolen.
Tell me again how small is this problem.
01-14-2018 12:08 PM
SumTingWong wrote:
If the website carry with a malware payload, your antivirus will block it, but if your antivirus fail than it your own doom. Patching Spectre with BIOS firmware doesn't fully solve Spectre at all. Spectre is a hardware architecture vulnerability, so BIOS patching only provide partially protection which means attacker can exploit this vulnerability afterward, and yet Intel deny Spectre is a hardware architecture vulnerability. Cyber security experts recommend a new CPU with a new redesign architecture to fully solve Spectre, but that won't happen very soon. In addition, Google says exploit and patch Spectre is very hard, and it must be target on a specific CPU. f you think you are fully safe from Spectre after a simple BIOS update, well you are wrong because it only provide partially protection against Spectre not completely. This vulnerability will be with us for a very long time, unless we have a new CPU with a new redesign architecture.
Right now what people and Intel recommends you to stay safe from these two are update your windows to the latest, update all your software to the latest, keep your antivirus up-to-date, and practice common security measures such as don't open unknown emails, visiting a dodgy sites, and execute malicious applications.
I'm no hardware engineer or cyber security expert, but as far as I gather about this exploit is very hard to execute and it must be target on a specific CPU from Google. But as long you practice common security measures, you should be fine. I do agree with you that this is ain't no small problem, and we should take it very seriously.
01-14-2018 01:03 PM
karserasl wrote:
Im curious.. Did your antivirus blocked this script that i posted? Do you know how easy it is to modify it and instead of a joke, it becomes a nightmare?
01-14-2018 02:31 PM
01-15-2018 01:53 AM
karserasl wrote:
User interaction? Access locally? LOOOOOOLL!
https://repl.it/repls/DeliriousGreenOxpecker
Check it out if you didnt patch your BIOS. Its a small test reading your WHOLE chrome session from memory. (OK not whole session, its a test. It will output "The Magic Words are Squeamish Ossifrage." from memory vertically)
So that means, you went to bank account and login, and then just came across this small js, which could be ANYWHERE, in ads, in iframes anywhere, and your bank account is stolen.
Tell me again how small is this problem.
01-15-2018 04:46 AM
donavanbadboy wrote:
I wasn't going to go this far and post actual working expoits via browser JS, but there you go.
BIOS update for my ASUS motherboard is nearly a week late now (after announcement) which is completely unacceptable. I am considering taking further action against ASUS for their incompetency.
donavanbadboy wrote:
I wasn't going to go this far and post actual working expoits via browser JS, but there you go.
BIOS update for my ASUS motherboard is nearly a week late now (after announcement) which is completely unacceptable. I am considering taking further action against ASUS for their incompetency.
01-15-2018 06:58 AM
restsugavan wrote:
May be we are choose the broken legs PEG"ASUS" buddy. Intel had release their microcode to address my i9 7980XE "Spectre" since Jan 4 , 2018.
Intel also release the ME firmware was 11.11.50.1436 and they're already sending both microcode and firmware to all vender for a week ago.
The new microcode was address SA-00088 issue, ME Firmware was address SA-00086 issue.
Then EVGA has already publish their BIOS and ME update for their customer here.
https://forums.evga.com/X299-BIOS-Updates-with-PrePost-Spectre-updates-m2750720.aspx
Yesterday there are ASROCK and Gigabyte follow EVGA already! However the lazy horse PEG"ASUS" didn't release any update for us.
I pity money to bought the most expensive RAMPAGE ever made a lot.
After this issue my company also banned PEG"ASUS" already now. No its product anymore. We're going to claim our money back and switch to EVGA better.
I'm boring to talking with those staffs whom didn't care any users loss as first priority.
Look like EVGA X299 more cheaper and stronger in security. Atleast their after sales service can communicating with their customers in mankind langueges.
I could not see anything to discuss with lazy horse staffs anymore. Waste a lot of time buddy. " We're going to....." " We're urgently to..." " We're to.. "
I'd seen those lazy horse words for a week friend.
Finally I decided to say.
" Thank you sir but no more man . Our company has banned your products staring from our lastest purchase. It enough."
Most expensive mobo didn't mean better in performance/security and after sales supports.
01-15-2018 07:14 AM
ELIESEH wrote:
according to someone
01-15-2018 08:27 AM
Arne Saknussemm wrote:
:rolleyes:
01-15-2018 07:46 AM
ELIESEH wrote:
Also EVGA Has released a new bios update for the X99 series!!
And there is no performance lost according to someone having EVGA classified x99 and 6950x after updating the new BIOS microcode . Really EVGA support is awesome *