Intel performance results (fully mitigated vs. non mitigated systems): dropping performance up to 10% for web browsing on Windows. 3D/gaming usage barely changes. https://t.co/RevCxWUH5D #Intel #meltdown #spectre #performance pic.twitter.com/ItahA5psXy

— x0rz (@x0rz) January 11, 2018

Intel performance results (fully mitigated vs. non mitigated systems): dropping performance up to 10% for web browsing on Windows. 3D/gaming usage barely changes. https://t.co/RevCxWUH5D #Intel #meltdown #spectre #performance pic.twitter.com/ItahA5psXy

— x0rz (@x0rz) January 11, 2018

List of links: BIOS/UEFI updates for the #Meltdown and #Spectre security patches https://t.co/Wy73YTyzMR pic.twitter.com/ld95qKwDos

— Carlos Felipe (@_carlos_felipe) January 15, 2018

American Megatrends Statement in Response to “Meltdown” and “Spectre” Security Vulnerabilities: https://t.co/dIFTJoN4Ms pic.twitter.com/iVO7FJ0MTI

— AMI (@AMI_PR) January 12, 2018

**IMPORTANT** – Intel just notified VMware of faulty microcode updates for certain Haswell/Broadwell CPUs.

Please see https://t.co/Wgl5Sjghto for affected systems & “tmp” workaround for those who’ve applied microcode update until new updates are available from Intel

/2

— William Lam (@lamw.bsky.social | @lamw@vmst.io) (@lamw) January 13, 2018

F*ck, I can barely believe that I was able to read non-cached data from other process efficiently. Removed iteration and issued flush on secret. Thanks @misc0110, @aionescu for all the tips. Not releasing it or somebody could definitely set the world on fire with this! #meltdown pic.twitter.com/eHYaxnbEAo

— Raph Carvalho (@raphael_scarv) January 13, 2018

Still ticked off that FreeBSD wasn't given earlier notice. In fact much later than Linux patches were already visible to the public. FreeBSD is a major OS, especially if you count appliances. They have a proper security officer just like the other players.

— Martin Cracauer (@MartinCracauer) January 11, 2018

An update on AMD processor security from Mark Papermaster, Senior Vice President and Chief Technology Officer. https://t.co/jpWXWdcyrQ

— AMD (@AMD) January 11, 2018

Updates for Microsoft #Surface Devices. These updates include updated Surface UEFI firmware to address potential security vulnerabilities, including Microsoft security advisory 180002 #Meltdown #Spectre https://t.co/IZoztC19CJ

— Francesco Molfese (@FrancescoMolf) January 10, 2018

Intel says patches can cause reboot problems in old chips https://t.co/E53NGGb0xG via @InfoSecHotSpot

— Sean Harris (@InfoSecHotSpot) January 12, 2018

Interview with Anders Fogh: https://t.co/Jj8Jf42c9v

— Halvar Flake (@halvarflake) January 11, 2018

The research of @anders_fogh laid the ground for what is considered the worsest vulnerability in computer history. We asked him some questions about #Meltdown and #Spectrehttps://t.co/AK3Arhwi82

— Ralf Benzmüller (@rb_gdata) January 11, 2018

Yes, privsec _within_ ME, exactly this!

Remember ME's Dynamically Loaded Applications (DAL)? They are essentially JVM for semi-untrusted code (provided by 3rd parties) – how about trying Meltdown/Spectre from there to steal secrets from the ME's TCB? https://t.co/8rDUkp3V1O

— Joanna Rutkowska (@rootkovska) January 10, 2018

Also, since Intel essentially controls the whole toolchain (i.e. the compiler) for building SGX enclaves, I expect SGX code will be first to get protection against Specre attacks, and best coverage also…?

/cc @lavados @tehjh @misc0110 @anders_fogh

— Joanna Rutkowska (@rootkovska) January 10, 2018

Awesome demo of #Meltdown and how it is mitigated in CentOS 7 #kpti #KAISER https://t.co/w0QwiGtknC

— Daniel Gruss (@lavados) January 10, 2018

This video shows a #Meltdown attack on *uncached* data. The data is not in L1, not in L2, and not in L3 cache. That's what clflush does, it throws the data out of all caches. #Meltdown exploits a race condition and even for uncached data this race can be won. https://t.co/W2CQRS9zmt

— Daniel Gruss (@lavados) January 10, 2018

NVIDIA GPU Display Driver Security Updates for Speculative Side Channels https://t.co/tTqLEeTNZd https://t.co/HDiepvzu8P

— Alex Matrosov (@matrosov) January 6, 2018

CPU vulnerability guidance for Azure customers https://t.co/3UWD2neW5M

— Azure Support (@AzureSupport) January 4, 2018

Meltdown and Spectre https://t.co/W76ta4VrSs https://t.co/EtLeEes1hA pic.twitter.com/vqQ3FgkTIH

— XKCD Comic (@xkcdComic) January 5, 2018

New daily reminder: you have a far higher chance to be hacked with the PDF downloads of the meltdown & spectre papers than from the vulns themselves¹.

__
¹ yes, this includes you at the back convinced Mossad is after you.

— Arrigo Triulzi (@cynicalsecurity) January 6, 2018

Surface line gets UEFI update to mitigate Meltdown and Spectre security bugs https://t.co/bFdWkfvvWV pic.twitter.com/YvohcNAEIe

— Mauro Huculak (@Pureinfotech) January 5, 2018

New blog post [Semi-technical]: Behind the scenes of a bug collision: https://t.co/CzEvMqFMfa

— Anders Fogh (@anders_fogh) January 5, 2018

Regarding Spectre and Meltdown impact on iOS, macOS and Safari/WebKit: https://t.co/b9DtiFAr3N

— Ivan Krstić (@radian) January 5, 2018

CVE-2017-5754 (a.k.a #Meltdown) POC / Checker (Linux) https://t.co/wrmtqhJ5xQ

— Zuk (@ihackbanme) January 5, 2018

Norman Feske (founder of @GenodeLabs OS framework) discusses impact of #Meltdown & #Spectre attacks:https://t.co/tXtmU9V7Kd

— Joanna Rutkowska (@rootkovska) January 5, 2018

I just finished doing my own first hand tests to evaluate the performance impact of the Meltdown fix in the case of Redis. Here are the initial findings: https://t.co/I2QAfiV1HB

— antirez (@antirez) January 5, 2018

ARM published a really nice whitepaper about the CPU issues, with explanations of how the variants work, info on a new conditional speculation barrier; includes snippets of ARM assembly; coins the term "speculation gadgets": https://t.co/r6UCo3m0Cl

— Jann Horn – jann@infosec.exchange (@tehjh) January 5, 2018

You can use this powershell tool to query the status of Windows mitigations for CVE-2017-5715 (branch target injection) and CVE-2017-5754 (rogue data cache load), more information here (Server: https://t.co/9MaLQqVq61, Client: https://t.co/P6vmSamsOn) pic.twitter.com/K0LmM3PYFP

— Matt Miller (@epakskape) January 4, 2018

Oh hello. 😱 pic.twitter.com/kvkTySHJAg

— Stephen Diehl (@smdiehl) January 4, 2018

Sadly no link to any tests, but POWER9 is affected according to Red Hat: https://t.co/P9XujLc065

— Jørgen Lund (@strangecasts) January 4, 2018

x86 speculative execution harness: https://t.co/H3dG9hENwv

— Steve Weis (@sweis) January 3, 2018

Spectre example code https://t.co/xHrcJKhxdE

— Frank ⚡ (@jedisct1) January 4, 2018

Re the #Meltdown/#Spectre attacks:
1. Practical impact on Qubes is unclear to us ATM,
2. No advanced info has been shared with us on Xen predisclosure list, so we've had no time to evaluate yet,
3. Xen published XSA 254 unexpectedly last night,
4. Xen offers no patches ATM…

— Joanna Rutkowska (@rootkovska) January 4, 2018