One Article Review
| Source |  taosecurity |
|---|---|
| Identifiant | 459738 |
| Date de publication | 2018-01-22 09:30:58 (vue: 2018-01-22 09:30:58) |
| Titre | Lies and More Lies |
| Texte |  Following the release of the Spectre and Meltdown CPU attacks, the security community wondered if other researchers would find related speculative attack problems. When the following appeared, we were concerned:"Skyfall and SolaceMore vulnerabilities in modern computers.Following the recent release of the Meltdown and Spectre vulnerabilities, CVE-2017-5175, CVE-2017-5753 and CVE-2017-5754, there has been considerable speculation as to whether all the issues described can be fully mitigated. Skyfall and Solace are two speculative attacks based on the work highlighted by Meltdown and Spectre.Full details are still under embargo and will be published soon when chip manufacturers and Operating System vendors have prepared patches.Watch this space..."It turns out this was a hoax. The latest version of the site says, in part:"With little more than a couple of quickly registered domain names, thousands of people were hooked...SkyfallThe idea here was to suggest a link to Intel's Skylake processor.SolaceThe idea here was to suggest a link to the Solaris operating system.Copy the styling of the original Meltdown and Spectre sites and add a couple of favicons based loosely on the Intel and Solaris logos and I was nearly done.The final step was to add on https, because if a site's got an SSL certificate it must be legitimate, and the bait was set."The problem with this "explanation" is that it wasn't just a logo, domain name and SSL certificate. The "security professional" who created this site outright lied, as shown at the top of this post. Don't fall for his false narrative.I'm not naming names or linking to the sites here, because the person responsible already thinks he's too clever.Copyright 2003-2016 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com) |
| Notes | |
| Envoyé | Oui |
| Condensat | skyfall 2003 2016 2017 5175 5753 5754 add all already appeared are attack attacks bait based because been bejtlich blogspot can certificate chip clever com community computers concerned: considerable copy copyright couple cpu created cve described details domain don done embargo explanation fall false favicons final find following full fully got has have here highlighted his hoax hooked https idea intel issues just latest legitimate lied lies link linking little logo logos loosely manufacturers meltdown mitigated modern more must name names naming narrative nearly not operating original other out outright part: patches people person post prepared problem problems processor professional published quickly recent registered related release researchers responsible richard says security set shown site sites skyfall skyfallthe skylake solace solacemore solacethe solaris soon space spectre speculation speculative ssl step styling suggest system taosecurity than thinks thousands too top turns two under vendors version vulnerabilities wasn watch when whether who will wondered work would www |
| Tags | |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.