Discover and read the best of Twitter Threads about #Meltdown

Most recents (18)

Today's Twitter threads (a Twitter thread).

Inside: The real scandal is overclassification; The Australian Chokepoint Capitalism Tour; and more!

Archived at: pluralistic.net/2023/01/30/i-c…

#Pluralistic 1/ Image
The real scandal is overclassification: I'd explain it, but I'd have to kill you.

2/ Image
The Australian Chokepoint Capitalism Tour: Brisbane, Melbourne, Sydney and Canberra (twice!).

3/ Image
Read 39 tweets
Here are 11 reasons why we should use #HyperDbg, the differences between HyperDbg and #WinDbg, and how HyperDbg will change our debugging/reversing journey.

A thread (24 tweets) 🧵:
1. !epthook/!epthook2: a.k.a hidden hooks, HyperDbg implements classic EPT hook (!epthook) combined with old detour methods (!epthook2). It's super fast and invisible! By looking at the memory, neither the operating system nor the application ever understands that /
there is a hook.

docs.hyperdbg.org/commands/exten…
docs.hyperdbg.org/commands/exten…
docs.hyperdbg.org/using-hyperdbg…

2. !monitor: HyperDbg simulates hardware debug registers but this time without any limitation in size and transparent from the operating system.
Imagine you can get notified about /
Read 24 tweets
MELTDOWN: SENSACIONALISMO APOCALÍPTICO

En mayo de 2022, @netflix estrenó la serie documental #Meltdown («Accidente Nuclear») sobre el accidente de Three Mile Island (EEUU, 1979). En un HILO, realizado en colaboración con @jjnucleares, analizamos la veracidad de la serie. Image
EPISODIO 1
Una serie documental que pretende ser rigurosa explicando un accidente nuclear, debería mostrar la secuencia de eventos. En su lugar, #Meltdown se centra en el testimonio de personas que no estaban en la central y en referencias a una película anterior al accidente. Image
Repasemos primero los hechos tal y como ocurrieron y su relación con la película, «El síndrome de China», estrenada 12 días antes del accidente. La propia película y la mala gestión de la comunicación contribuyeron enormemente a la psicosis creada.
Read 54 tweets
#Meltdown|s bei autistischen Kindern sind kein (!) Erziehungsfehler, sie sind keine Trotzreaktion und es ist auch keine Bockigkeit. Autistische Kinder setzten Meltdowns nicht ein, um ihrem Willen durchzusetzen. Man muss sie nicht ständig in Situationen bringen,
1/
in denen sie lernen müssen, was auszuhalten, um sie dahingehend abzuhärten. Man muss sie also nicht ständig als erzieherische Maßnahme antriggern.
Meltdowns sind das Ergebnis von Reizüberflutung und Überforderung. Kinder brauchen dann Hilfe und keine Erwachsenen, 2/
die sie zusätzlich stressen u. den Meltdown vielleicht sogar noch anheizen.
Rückzug, reizarme Umgebung, das Kind und ggf andere schützen, erreichbar sein, aber möglichst wenig reden u. anfassen.
Eltern brauchen Bestärkung u. keine Pädagog•innen, die sie belehren.3/3
#Autismus
Read 5 tweets
Beste zorgverleners,
Ik zie veel tweets en zelfs hele draadjes voorbij komen waarin de meest foute, kortzichtige, egoïstische en soms ronduit schandalige uitspraken worden gedaan over #vaccinaties door uw collega’s.
Ik ga daar niet rechtstreeks op reageren. (sorry @kobus5)
Waarom niet?
Omdat ik mezelf daarin niet vertrouw. Ik ben eerder zo’n discussie aangegaan en mijn zelfbeheersing verloren. Dat leidt af van de discussie, en dat wil ik niet. (plus dat ik tegen de verkeerde uitviel, wil ik ook niet).
Maar ik wil toch snel een paar punten te weerleggen. En u verzoeken er in uw discussies rekenschap mee te houden dat de mensen die u zo makkelijk aan de kant schuift (of hun geliefden) hier ook meelezen.
Read 19 tweets
.@Adamprice is completely wrong about livestock pasture. It is, in almost all cases, a net carbon source, not a sink: fcrn.org.uk/sites/default/… #ClimateDebate
@Adamprice Hurray for Corbyn, promoting #rewilding!
@Adamprice Decarbonise all flights by 2040, @NicolaSturgeon?!! It's stupid, physically-impossible claims like this that create cynicism and confusion
Read 18 tweets
THREAD: Body Language Analysis No. 4401 Nancy Pelosi's and Donald Trump's 'Meltdown Meeting' #DonaldTrump
#NancyPelosi #Meltdown #MeltdownMeeting #NancysPoint #BodyLanguage #BodyLanguageExpert #Nonverbal #EmotionalIntelligence
1/ Earlier this week, a short, abbreviated analysis of this image was tweeted. What follows is a much more in-depth analysis of Donald Trump, Nancy Pelosi, and the others in the room.
2/ When a person has little or no empathy — and/or when they're far from their emotional baseline, their ability to interpret how others will view an event becomes dramatically distorted.
Read 63 tweets
MORALE BOOST There is quite a bit of Remain despair on my timeline today… Don’t be down: the cabal is on the ropes, and we’re winning this. (short thread) #RuleOfLaw #JohnsonMustGo #JohnsonOut 😠✊🇪🇺🇪🇺🇪🇺🇪🇺🇪🇺
There is no room for complacency: we must focus and redouble the fight, but we’re now in the endgame of the disgraceful Johnson regime. They will try all the nasty tricks they can, but they are losing and they know it. #RuleOfLaw #JohnsonMustGo 🤓 🇪🇺🇪🇺🇪🇺
Consider: does a triumphant Prime Minister, in command of the agenda and masterfully executing his diabolical plans, have an angry meltdown in the voting lobby in Parliament..? 😃 #meltdown #JohnsonMustGo 🇪🇺
Read 12 tweets
[THREAD sorry]

So @smealum's #defcon #buttplug talk is done.

Piecing together what I can from slides posted to Twitter since going to Defcon would requires leaving the house.

AFAIK, our software is not affected by this specific exploit chain.

Info and some thoughts follow.
I will warn that this thread will be painfully technical.

If you're following me for intimate UI/UX contexts and don't wanna see a bunch of talk about OS API models and firmware and what not, feel free to mute this thread, I'll tag everything from here out with #meltbutt too.
So, to begin, an explanation of what's up:

@smealum presented today at @defcon 27, outlining a multi-exploit chain for Lovense toys, mostly between the Lovense electron app and their USB key, partially having to do w/ the firmware for the Nordic chip on the USB key.

#meltbutt
Read 50 tweets
Speculative Side-Channel Attacks is misleading terminology and usually used incorrectly. We should all avoid using it and @intel, you should avoid using it too. Not only because it is misleading, but because it hinders successful communication on mitigations.
Let me elaborate:
A side-channel attack uses measurements of side effects to gather enough *meta data* (power consumption, runtime, cache state, etc) to *infer* secret information.
#meltdown #spectre #zombieload and related attacks and variants do not leak meta data. They leak the actual data.
There is no need to infer secret information from meta data, there is no meta data involved. Hence, they are *no side-channel attacks*.

"But they use flush+reload". Sure, but that doesn't make the attack a side-channel attack. Let's assume the following:
Read 11 tweets
April is #AutismAwarenessMonth
Everyday, I would try to post something from our #autismjourney to spread #awareness #AutismAwareness #autismfamilies
How do you know if your child loves you/hates you, needs you/doesn’t care about you, is hungry/hurting etc? In #autism we usually guess the need of the child depending upon the intensity of the #meltdown or tantrum. #AutismAwareness #AutismAwarenessMonth #AutismFamilies @yaps9
Avani (my daughter) hadn’t started talking till 2 years of age. That got us worried and we were soon given the diagnosis that our child is on #autismspectrum Although she has speech, am still waiting for her to say ‘mumma’ minus any demand. #AutismAwareness #AutismAwarenessMonth
Read 27 tweets
From what I understand, the latest #OpenBSD vs #Intel thing went a little bit like that:
- OpenBSD: Can we be a part of this rumored Intel bug embargo?
- Intel: No. Go away.
- OpenBSD: dev do their homework, fix FPU bug, publish patch.
- Theo (at @BSDCan): we are worried, we don't have access to info. Please help us.
- Intel: publishes official advisory: intel.com/content/www/us…
Now everybody and their dogs are going crazy over #OpenBSD developpers doing their jobs , correcting stuff and "violating"an embargo... That they were *never* a part of. Because Intel did not want them to receive information!
Read 7 tweets
Thread time! Why can't they just quickly patch #meltdown or #spectre and push out another cpu? Why could it possibly take years? Why don't they use AGILE or x/y/z? Lots of reasons:
(note: my goal is not to criticize chip manufacturers - it's to defend the constraints they have)
Let's start with a standard software product many are familiar with and work off that. First, every time you hit 'build' it's called a 'stepping', costs millions of dollars & takes several months. If you want a profitable product, you may only get 10 chances to press 'build'.
On top of that, half those 'builds' are not 'full layer steppings' meaning you can't change any logic gates, just how they're connected. Even with a full layer stepping you can't shuffle stuff around anywhere like you can with library files and whatnot.
Read 15 tweets
Here's my layman's not-totally-accurate-but-gets-the-point-across story about how  #meltdown & #spectre type attacks work:

Let's say you go to a library that has a 'special collection' you're not allowed access to, but you want to to read one of the books. 1/10
You go in and go to the librarian and say "I'd like special book #1, and the Sue Grafton novel that corresponds to the first letter of page 1 of that book." 2/10
The librarian dutifully goes and gets special book #1, looks at page 1, sees 'C', and also grabs 'C is for Corpse', and comes back to the desk, but does not show you the books. 3/10
Read 10 tweets
Here are a few insights on the #Meltdown and #Spectre vulnerabilities based on my recent @RANDCorporation research. /1 rand.org/pubs/research_…
First, this is yet another reminder that vulnerabilities can last a long time (our data showed vulnerabilities lasted 6.9 years before being publicly disclosed) and have a low chance of being discovered (5.7% per year). /2
But the #Meltdown / #Spectre news also has me thinking about a "swarm mentality" among hackers of all stripes after a vulnerability is disclosed. /3
Read 8 tweets
Explainer on #Spectre & #Meltdown:

When a processor reaches a conditional branch in code (e.g. an 'if' clause), it tries to predict which branch will be taken before it actually knows the result. It executes that branch ahead of time - a feature called "speculative execution".
The idea is that if it gets the prediction right (which modern processors are quite good at) it'll already have executed the next bit of code by the time the actually-selected branch is known. If it gets it wrong, execution unwinds back and the correct branch is executed instead.
What makes the processor so good at branch prediction is that it stores details about previous branch operations, in what's called the Branch History Buffer (BHB). If a particular branch instruction took path A before, it'll probably take path A again, rather than path B.
Read 28 tweets
Some of you might be hearing about #Spectre and #Meltdown today, which allow memory from other processes and the kernel itself to be read. They exploit CPU designs.

I'm still doing my reading, but a good place to start if you're technically inclined is spectreattack.com
Spectre involves training the CPU to speculatively run invalid code in the victim's address space, and then using a side-channel (such as cache timings) to infer details about the victim's memory.

It affects at least AMD, Intel and ARM CPUs

The sample exploit reads 10KB/s.
Spectre also includes sample code for breaking out of the JavaScript sandbox on chrome.

It's very, very clever.
Read 10 tweets
#Ovh Weekly News: week 1

Happy New Year ! :)
A huge hardware BUG hit all Intel CPU x86. A software patch for Linux is ready. We are testing it and will start to deploy it in the next hours.
Maximum tomorrow, a new kernel will be proposed for all customers VPS, PCI, Baremetal. We will upgrade all the images for Public Cloud, Private Cloud, VPS.
Read 46 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!