Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://plr.inferencium.net/objects/bd92ef99-9d97-4b2c-9827-5e1b7726ef21">inference (inference@plr.inferencium.net)'s status on Wednesday, 17-Aug-2022 01:15:43 JST</a><a href="https://plr.inferencium.net/users/inference" title="inference@plr.inferencium.net"><img src="https://gnusocial.jp/avatar/4035-48-20220808152357.webp" width="48" height="48" alt="inference" style="position: absolute; left: 0; top: 0;">inference</a><div><a href="https://gleasonator.com/objects/6e3ff61e-c964-47ec-abf2-7a602c41c882" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/2823" title="hyolobrika@gleasonator.com">Hyolobrikator</a></li></ul></div></section><article><a href="https://gleasonator.com/users/Hyolobrika">@Hyolobrika</a> <a href="https://ryona.agency/users/mint">@mint</a> Since around 2016, yes, and you should be using them if you care about security.<br><br>AMD PSP has fTPM.<br><br>Intel has PTT.<br><br>The alternative is use insecure and easily exploitable EoL chips for which there are many exploits available online for any website to use, or applications to inject into their code.<br><br>Oh, look, there's already one available:<br><a href="https://github.com/comsec-group/retbleed">https://github.com/comsec-group/retbleed</a><br><br>And don't forget Meltdown:<br><a href="https://github.com/paboldin/meltdown-exploit">https://github.com/paboldin/meltdown-exploit</a><br><br><a href="https://github.com/IAIK/meltdown">https://github.com/IAIK/meltdown</a><br><br><a href="https://github.com/Frichetten/meltdown-spectre-poc">https://github.com/Frichetten/meltdown-spectre-poc</a><br><br><a href="https://github.com/deeptechlabs/meltdown">https://github.com/deeptechlabs/meltdown</a><br><br><a href="https://github.com/paboldin/meltdown-exploit/blob/master/meltdown.c">https://github.com/paboldin/meltdown-exploit/blob/master/meltdown.c</a><br><br>And Spectre:<br><a href="https://github.com/crozone/SpectrePoC">https://github.com/crozone/SpectrePoC</a><br><br><a href="https://github.com/Eugnis/spectre-attack">https://github.com/Eugnis/spectre-attack</a></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/72743#notice-121407">In conversation</a><time datetime="2022-08-17T01:15:43+09:00" title="Wednesday, 17-Aug-2022 01:15:43 JST">Wednesday, 17-Aug-2022 01:15:43 JST</time> <span>from <span><a href="https://plr.inferencium.net/objects/bd92ef99-9d97-4b2c-9827-5e1b7726ef21" rel="external" title="Sent from plr.inferencium.net via ActivityPub">plr.inferencium.net</a></span></span><a href="https://plr.inferencium.net/objects/bd92ef99-9d97-4b2c-9827-5e1b7726ef21">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/44645">Untitled attachment</a></label><br></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/44646">Untitled attachment</a></label><br></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/44647">Untitled attachment</a></label><br></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/44648">Untitled attachment</a></label><br></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/44649">Untitled attachment</a></label><br></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/44650">Untitled attachment</a></label><br></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/44651">Untitled attachment</a></label><br></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/44652">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
inference (inference@plr.inferencium.net)'s status on Wednesday, 17-Aug-2022 01:15:43 JSTinference
in reply to
- Hyolobrikator
@Hyolobrika @mint Since around 2016, yes, and you should be using them if you care about security.

AMD PSP has fTPM.

Intel has PTT.

The alternative is use insecure and easily exploitable EoL chips for which there are many exploits available online for any website to use, or applications to inject into their code.

Oh, look, there's already one available:
https://github.com/comsec-group/retbleed

And don't forget Meltdown:
https://github.com/paboldin/meltdown-exploit

https://github.com/IAIK/meltdown

https://github.com/Frichetten/meltdown-spectre-poc

https://github.com/deeptechlabs/meltdown

https://github.com/paboldin/meltdown-exploit/blob/master/meltdown.c

And Spectre:
https://github.com/crozone/SpectrePoC

https://github.com/Eugnis/spectre-attack
In conversationWednesday, 17-Aug-2022 01:15:43 JST from plr.inferencium.netpermalink
Attachments

Public

Embed Notice

HTML Code

Corresponding Notice