Twitter | Search | |
Maxim Goryachy
Hardware/Software/Firmware/Intel ME Researcher PGP:7084 4A8B 4D47 9B7C
277
Tweets
123
Following
2,887
Followers
Tweets
Maxim Goryachy retweeted
Alexander Popov Jan 18
I don't think that I blocked a real "backdoor attempt": Sometimes code refactoring or innocent feature split can have security implications. Anyway, we should be on the lookout. Kudos,
Reply Retweet Like
Maxim Goryachy retweeted
PositiveTechnologies Jan 18
Как взломать выключенный компьютер или выполнить код в ME
Reply Retweet Like
Maxim Goryachy retweeted
InstLatX64 Jan 13
released the "Speculative Execution Side Channel Mitigations" pdf with the IBSB, STIBP, IBRS features
Reply Retweet Like
Maxim Goryachy Jan 13
Replying to @alastair_d_reid @_Dmit
We used the vulnerability in ME. More details:
Reply Retweet Like
Maxim Goryachy Jan 12
Replying to @alastair_d_reid @_Dmit
Thank you! Yes sure, you can read how did it in our blog:
Reply Retweet Like
Maxim Goryachy retweeted
Alexander Popov Jan 12
I've sent the 7th version of the patch series introducing STACKLEAK to the Linux kernel mainline. Now STACKLEAK can erase the kernel thread stack from the trampoline stack, which was introduced in patchset.
Reply Retweet Like
Maxim Goryachy Jan 10
I think, no. ME uses UMA only as "swap", and ME don't trust a data from UMA. It copies pages from UMA to internal memory, before that the special device decrypts and verifies checksum of this pages.
Reply Retweet Like
Maxim Goryachy Jan 10
Replying to @Evil_X_ @dakami and 8 others
Absolutely right. In additional ME verifies checksum for all pages from UMA (reference values store in SRAM)
Reply Retweet Like
Maxim Goryachy retweeted
Plato Mavropoulos Jan 6
Intel, AMD & VIA CPU Microcode Repositories! A community assisted project aimed to collect all the latest PRD CPU microcodes since 1995 from the three main vendors in order to help people understand what they need to update, to research how they work etc.
Reply Retweet Like
Maxim Goryachy retweeted
Igor Skochinsky Jan 5
looks like some people actually care about AMD's PSP: BTW, ME also has an fTPM and is also mostly based on the spec's pseudocode... cc
Reply Retweet Like
Maxim Goryachy Jan 5
How I know, ME core doesn't have cache, thus attacks are not applicable for ME
Reply Retweet Like
Maxim Goryachy Jan 5
"About the Meltdown and Spectre attacks:FreeBSD was made aware of the problems in late December 2017.... Due to the fundamental nature of the attacks, no estimate is yet available for the publication date of patches."
Reply Retweet Like
Maxim Goryachy retweeted
Alex Ionescu Jan 3
This patch literally invents new computer science to work around the side-channel CPU issues. Continuing to be in awe and massive kudos to all the OS vendors who had to probably re-do entire feature roadmaps to handle this work. tl;dr Tokens/Processes now have "Security Domains".
Reply Retweet Like
Maxim Goryachy retweeted
Kenn White Jan 4
Just landed: Intel Analysis of Speculative Execution Side Channels
Reply Retweet Like
Maxim Goryachy retweeted
Alex Ionescu Jan 3
All that speculation was fun, now we have a real technical blog post: . Jann Horn () just won the pwnie for 2018, imho!
Reply Retweet Like
Maxim Goryachy retweeted
Zack Whittaker Jan 3
Revealed: Two critical flaws affect most Intel chips since 1995. Here's our story.
Reply Retweet Like
Maxim Goryachy retweeted
Shara Tibken Jan 3
Here's 's slides about the security issue:
Reply Retweet Like
Maxim Goryachy retweeted
the grugq Jan 3
Speculation over. Intel bug has been reproduced with a PoC.
Reply Retweet Like
Maxim Goryachy retweeted
Daniel Gruss Jan 3
: We submitted to and got it rejected. We can just assume that it lacked practical relevance or had no relevant security impact.
Reply Retweet Like
Maxim Goryachy retweeted
ivc Dec 29
Reply Retweet Like