Bad News : Good News

Fixes for this attack have already been added to OpenSSL 1.1.1.  If you operate on SSL 1.1.0i or older, you can find code for the patch here. On that note Bleeping Computer has a really great explanation about what has been revealed so far concerning PortSmash and also as to how SMT operates.   There is no word on whether or not AMD devices using SMT also fall under the same vulnerability as of yet.  PortSmash is code specific to Intel devices, but may only require a small change of code to exploit the feature in AMD CPU’s and APU’s that feature SMT.   https://www.bleepingcomputer.com/news/security/new-portsmash-hyper-threading-cpu-vuln-can-steal-decryption-keys/  ]]>